Home » Blunt, Schatz Introduce Bipartisan Commercial Facial Recognition Privacy Act

SectorsGovernment: Federal, State and Local

Blunt, Schatz Introduce Bipartisan Commercial Facial Recognition Privacy Act

March 19, 2019

U.S. Senators Roy Blunt (Mo.) and Brian Schatz (Hawaii) introduced the Commercial Facial Recognition Privacy Act of 2019 to strengthen consumer protections by prohibiting commercial users of facial recognition technology (FR) from collecting and re-sharing data for identifying or tracking consumers without their consent.

“Consumers are increasingly concerned about how their data is being collected and used, including data collected through facial recognition technology,” said Senator Blunt. “That’s why we need guardrails to ensure that, as this technology continues to develop, it is implemented responsibly. This bill increases transparency and consumer choice by requiring individuals to give informed consent before commercial entities can collect and share data gathered through FR. This legislation is an important step toward protecting privacy and empowering consumers, and I encourage all of my colleagues to support it.”

“Our faces are our identities. They’re personal. So the responsibility is on companies to ask people for their permission before they track and analyze their faces,” said Senator Schatz, Ranking Member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet. “Our bill makes sure that people are given the information and – more importantly – the control over how their data is shared with companies using facial recognition technology.”

Under the bill, companies would be required to notify consumers when FR is being used. It also requires third-party testing and human review of technologies prior to their implementation, to address accuracy and bias issues in the technology and avoid use cases that may result in harm to consumers. The bill restricts redistributing or disseminating data to third-party entities without express consent from the end user. It also clearly defines data controllers and data processors in order to make requirements apparent for entities that either develop or vend FR products or services, store facial recognition data, or implement these technologies on a physical premise. It would require FR providers to meet data security, minimization, and retention standards as determined by the Federal Trade Commission and the National Institute of Standards and Technology.

You must login or register in order to post a comment.

A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.

How CISOs Can Turn Security Training and Awareness into Action

In this webinar, security expert Pieter Danhieux explores how CISOs and CIOs can inspire real change, fostering a positive security culture that enables their development teams to become more security-aware, more aligned with internal AppSec specialists and, ultimately, securing code as it is written.

Poll

Mass Notification

View Results

Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Security Magazine

2019 August

Our August issue cover story features Steve Baker, CSO at State Street Corporation. Also in August, how did a Guidewell Security team member save a life? And learn how digital technology and IoT devices can combat both physical and cyberattacks.

View More Subscribe

Blunt, Schatz Introduce Bipartisan Commercial Facial Recognition Privacy Act

Related Articles

Related Events

Report Abusive Comment