Companies Should Do Better Than Weak NTIA “Best Practices” on Facial Recognition

Over the last two and a half years, the National Telecommunications and Information Administration (NTIA) convened a multistakeholder process to develop best practices for companies using facial recognition technology. The resulting document, “Privacy Best Practice Recommendations for Commercial Facial Recognition Use,” was finalized today and lacks both guidance for businesses and protection for individuals. The Center for Democracy & Technology (CDT), along with other civil society groups, withdrew from the process when it became clear that the process would not result in meaningful guidelines.

“Facial recognition technology raises serious privacy concerns, whether it is used for retail tracking, photo tagging, or public targeting,” said Michelle De Mooy, CDT Deputy Director of Privacy & Data. “At a minimum, businesses should notify consumers and seek permission when facial technology is used, especially if it’s being deployed to track them in public or inform decisions on issues such as employment, health care, credit, or housing. The best practices don’t even do that. Industry can and must do better,” De Mooy added.

The NTIA multistakeholder processes can result in solid best practices, such as the recently-developed privacy guidelines for commercial drones. The facial recognition process lacked the same level of civil society-industry collaboration.

The NTIA’s flawed document helps make the case for why Americans need strong privacy laws and regulations. The collection and use of a person’s facial data by companies simply should not occur without an individual’s knowledge and express permission.