January 18, 2022

Volume XII, Number 18

Advertisement
Advertisement

January 15, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

NTIA Multistakeholder Group Reaches Consensus on Best Practices for Commercial Use of Facial Recognition Technology

Last week, the multistakeholder group convened by the National Telecommunications and Information Administration (“NTIA”) to create set of voluntary best practices for the commercial use of facial recognition technology finalized its guidelines. While the three-page code of conduct was praised by industry groups, including the Software & Information Industry Association and Consumer Technology Association, many consumer groups, who withdrew from the process before the guidelines were finalized, criticized the final product as weak and flawed.

The guidelines are the result of a more than two-year process, first announced by the NTIA in December 2013.  They recommend commercial entities do the following:

  • Disclose their practices regarding collection, storage, and use of facial template data to consumers, including any sharing, retention, and de-identification policies;

  • Provide notice to consumers where facial recognition is used on a physical premises;

  • Consider privacy concerns when developing data management programs;

  • Protect facial recognition data by implementing a program that contains administrative, technical, and physical safeguards appropriate to the entity’s size, complexity, the nature of its activities, and the sensitivity of the data;

  • Take reasonable steps to maintain the integrity of the data collected; and,

  • Provide a means for consumers to contact the entity regarding its use of the data.

The guidelines do not apply to the government’s use of facial recognition technology — the document specifically references “security applications, law enforcement, national security, intelligence, or military uses” — or to situations where the technology is used for the purposes of aggregate or non-identifying analysis.

These guidelines are the latest in a series of best practices documents drafted by NTIA multistakeholder groups.  In 2013, a group released a voluntary code of conduct to promote transparency in mobile app practices, although few members actually agreed to adopt the code.  Last month, another stakeholder group released a voluntary best practices document for drone privacy.  It remains to be seen whether that document, or this most recent facial recognition document, will be followed by industry.

© 2022 Covington & Burling LLPNational Law Review, Volume VI, Number 172
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Hannah Lepow, Covington, data and cybersecurity lawyer
Associate

Hannah Lepow advises clients in the media, technology, and telecommunications industries on a wide range of regulatory and privacy issues.

Ms. Lepow is a member of the New York bar. She is currently not admitted in the District of Columbia, but is supervised by principals of the firm.

  • Advises multinational companies on compliance with various privacy laws.

  • Advises print, broadcast, and digital news organizations on First Amendment and media law issues.

  • ...
202 662 5477
Advertisement
Advertisement
Advertisement