CPPCC members call for strengthening supervision of face recognition, leaking privacy, and increasing penalties

　(Two Sessions Express) CPPCC members call for strengthening face recognition supervision, leaking privacy, and increasing penalties

　　China News Service, Beijing, March 7 (Reporter Wei Jianjun) Cai Xiaohong, a member of the National Committee of the Chinese People's Political Consultative Conference and a researcher of the Institute of Modern Physics of the Chinese Academy of Sciences, said on the 6th that the abuse of face recognition is relatively common, and the relevant regulatory systems and regulations are not perfect. Without corresponding risk prevention and control and safety guarantee mechanisms, it is urgent to strengthen the supervision of face recognition.

　　Face has uniqueness, direct recognition, convenience, immutability, variability, easy collection, non-anonymity, and multidimensionality. These characteristics determine the particularity and complexity of face recognition technology. Once face information It is illegally used and cannot be changed or replaced, which will bring many security problems and hidden dangers.

　　Some media evaluated 67 popular apps that support face recognition and found that 46.3% of the apps did not ask for user consent when using the face recognition function, and only 5 apps showed up when the user clicked to enable face recognition. The user authorization agreement and other terms will be approved, and the user will be asked whether to "agree" to obtain facial information.

　　In the evaluation, the privacy policy generally confuses "face information" with general personal information such as names; in terms of data storage and protection, only 2 apps claim to have special protection for facial biometric information, while the other 65 APP all attribute the protection of face information to the protection of personal information.

　　Cai Xiaohong called for the establishment of a face recognition network and information security supervision system, and speed up the development of a face recognition application technology standard system.

Based on the differentiated security requirements of face recognition in public or commercial applications, formulate hierarchical and multi-level national security standards and industry security standards.

　　In addition, a security evaluation and review system for facial recognition applications needs to be established.

Conduct security assessments for different application fields such as security, finance, e-commerce, and payment, and implement approval procedures for the application and promotion of face recognition products to ensure that the products meet the security technical requirements.

Guide companies to establish face recognition data security risk management and prevention and control mechanisms, and formulate corporate management standards.

　　She also emphasized the need to establish a personal image data management mechanism.

Implement the "Cyber ​​Security Law", regulate the collection, transmission, storage, and use of personal image data by enterprises, increase penalties for enterprises that illegally collect, disclose, and abuse personal privacy, and unfair competition, and urge them to implement security principal responsibilities.

　　The domestic "first face recognition case" questioned "Why should I brush my face when I go to the zoo to see an animal?" "The owner's online business management platform in Nanning, Guangxi caused the house to be transferred" incidents that received widespread attention.

Facial recognition technology is abused to varying degrees in shopping malls, scenic spots, communities, office buildings, and government agencies. The public often collects facial information without knowing it.

　　Cai Xiaohong suggested to speed up the formulation of personal information protection laws and regulations, establish the basic rights of personal image data control, deletion, and forgetting, and safeguard personal reputation and privacy.

Clarify the rights and obligations of enterprises with regard to the collection, transmission, storage and use of personal image data, implement the main security responsibilities in all aspects of the data life cycle, and promote the circulation of face recognition data and the rule of law in the trading market.

　　At the same time, regulations and management measures related to biometric information are formulated to ensure the safe and standardized use of personal image data.

Promulgate as soon as possible the "Network Security Law" and "Personal Information Protection Law" and other regulations to clarify the application areas of face recognition, clarify the standards for the classification of network levels, the level of network security, and the main body of network security supervision and inspection.

　　Cai Xiaohong said that to promote the innovation and development of core face recognition technologies, strengthen research on network security technologies, promote cooperation between face recognition companies and network security companies, and promote research on new autonomous network security systems based on artificial intelligence technology.

Encourage enterprises and scientific research institutions to jointly innovate, promote the application and promotion of face recognition technology achievements, and cultivate new forms of face recognition development.

(Finish)