reconocimiento facial

This post is also available in: Español

On March 31, the State of Washington passed SB 6280, regulating the use of facial recognition technology by US government agencies.  This first US landmark law on this matter seeks a fair balance between the benefits of this technology and the risks it entails because of its intrusive nature.  The use of this biometric application has become increasingly present in daily life. We use it to tag friends in our social media posts or to unlock our smartphone. However, facial recognition technology faces major challenges, the most relevant being security (just imagine a security breach exposing our facial features) and facial misidentification, which can lead to false positives in such sensitive areas as attributing responsibility for a crime. 

This piece of legislation allows the government to use facial recognition technology, provided it meets the following conditions:   

  • Pre-launch requirements: before deploying facial recognition systems (“FRS”), agencies must file a notice of intent with their respective local or state legislative authorities. Agencies must also prepare a public report including, among other aspects, information about the categories of data the technology uses, the purpose of data processing, the privacy policy and an overview of the technology’s impact on the data subjects’ rights and freedoms.   
  • Additional requirements: where this technology can have legal effects or similarly significant consequences for the parties concerned (particularly decisions that entail the denial of loans, insurance, school enrollment and employment opportunities), agencies must (i) test the facial recognition technology in operational conditions to learn about its effects; (ii) take the necessary measures to ensure compliance with the guidelines provided by the FRS developer; and (iii) submit all facial recognition-related decisions to meaningful human review.
  • Accountability: state agencies must require FRS providers to prepare an application programming interface (“API”) that will allow independent, third-party testing for accuracy or for possible discriminatory differences.
    If testing finds any of these issues, agencies will require providers to develop a mitigation strategy within 90 days.  
  • Use in criminal justice: if courts use FRS for criminal sentencing, state agencies must disclose it to the defendant before the trial.   Agencies must also keep records of their use of FRS to facilitate public reporting and research.  
  • Surveillance: agencies that intend to use FRS for continuous surveillance of a person can only do so: (i) with a warrant; (ii) if there are pressing circumstances that justify it; or (iii) with a warrant for the sole purpose of locating or identifying a missing or deceased person. 

This law will enter into force on June 11, 2020.  Other states such as  Arizona, Illinois, Massachusetts, New Hampshire and Vermont are also considering the possibility of passing their own laws on this matter. 

By Sergi Gálvez

This post is also available in: Español

Autores:

Asociado

35 artículos

Asociado del Área de Propiedad Intelectual y Protección de Datos. Especialista en protección de datos y tecnologías disruptivas. Participa en el asesoramiento recurrente en materia de protección de datos y contratación tecnológica de compañías nacionales e internacionales, especialmente en la configuración jurídica de evaluaciones de impacto, transferencias internacionales de datos personales, contratos de encargo de tratamiento y en el asesoramiento durante violaciones de seguridad. Además de prestar asesoramiento continuado a clientes en los ámbitos mencionados, tiene experiencia en asesorar a empresas de diferentes sectores en la configuración legal de proyectos que implementan tecnologías disruptivas, tales como el Big Data, Internet of Things, artificial intelligence y smart robots.

sergi.galvez@cuatrecasas.com