By Jan Willem Knibbe
Facial recognition is ubiquitous and new applications are emerging on almost a weekly scale. Just think about Apples’ animojis, tagging people on Facebook or Windows 10 Hello to login to your computer without a password, not to mention applications that are used by security professional to identify people in a crowd.
Because of these developments and the effects they can have on person’s private life Microsoft has made a call to develop regulation to govern these applications before they become too pervasive. It has identified six principles that should address the concerns on facial recognition technologies:
- Fairness. We will work to develop and deploy facial recognition technology in a manner that strives to treat all people fairly.
- Transparency. We will document and clearly communicate the capabilities and limitations of facial recognition technology.
- Accountability. We will encourage and help our customers to deploy facial recognition technology in a manner that ensures an appropriate level of human control for uses that may affect people in consequential ways.
- Nondiscrimination. We will prohibit in our terms of service the use of facial recognition technology to engage in unlawful discrimination.
- Notice and consent. We will encourage private sector customers to provide notice and secure consent for the deployment of facial recognition technologies.
- Lawful surveillance. We will advocate for safeguards for people’s democratic freedoms in law enforcement surveillance scenarios and will not deploy facial recognition technology in scenarios that we believe will put these freedoms at risk.
We welcome the initiative from Microsoft which will bring more control the people over their data and increases people’s trust when sharing their data. However, at the same time we think that these principles shouldn’t just be limited to facial recognition (or biometric data in general) but are equally valid for any personal data. These principals shouldn’t come as a surprise to you either. ESOMAR has been advocating them for over 70 years and they are enshrined in the ICC/ESOMAR International Code as what we call the Fundamental principles. These principles apply regardless the application or type of data. It gives a clear assurance to individual about how their data is treated by companies subscribed to the ICC/ESOMAR Code.
We believe this gives users more assurance than when different technologies or applications have different requirements to comply with. So while the Microsoft principles are compatible with our self-regulation, we believe they should not just be limited to facial recognition.
It should be noted this call from Microsoft comes at a time the US seems to be moving towards a general privacy and data protection framework, not unlike the European GDPR. This could bridge the gap between the EU and US data protection systems, and the criteria MS is proposing here could work as a good start and could contribute to a more global standard on privacy and data protection. Something that any internationally operation organisation would be benefitting from.
Jan Willem Knibbe is Policy and Industry Projects Executive at ESOMAR.