Facial recognition technology
Safeguards to minimise the risks of facial recognition technology
There are several safeguards to minimize the risks of facial recognition technology that companies can take.
Principles of GDPR to consider
Regardless of whether a company has a legal basis for the processing and fulfills any of the exceptions for processing sensitive personal data, the company must also comply with the other obligations.
Among other things, the fundamental data protection principles pursuant to Article 5 of the GDPR.
Here are four of the seven data protection principles that are good to have especially in mind
When the personal data are no longer necessary for the purpose for which they were collected, they shall be deleted or anonymised.
It is not allowed to process more personal data than necessary to achieve the purpose of the processing.
The company must take adequate organizational and technical security measures to protect the personal data processed.
Personal data may only be processed for the purpose for which it was collected. In addition, the purpose must be specific and explicit.
Safeguards to minimise the risks of facial recognition technology
Storage solutions
It is important to keep in mind that the requirements for storing sensitive personal data are higher. The best thing is that the data subject should have the personal data in their own hands, in order to get as good control over them as possible. Alternatively, it may be possible to have them stored encrypted in a central database, provided that the data subject is the only one who has access to the encryption key.
Impact assessment
Before commencing the processing, the company shall carry out and document an impact assessment. Where there is still a high risk to the rights and freedoms of individuals following the assessment, the company shall request a prior consultation of the national data protection authority.
Eligibility management
To ensure that only individuals who need access to certain personal data in order to perform their tasks have access, it is important to implement permission management. In other words, it should be done, to ensure that not everyone in a company has access to all personal data.
Controls
In order to deal with false results and possible technical problems, it is good with the possibility of human control.
More about GDPR
Uses for facial recognition
Facial recognition can be used in several areas for private operators, provided that the law and circumstances allow it. For example, in commerce, such as in unmanned gyms, shops or similar, for verification in banking and financial services and to increase security at airports or other protected objects. Facial recognition technology can be used both to verify people and identify people.