Can facial recognition be used casually | Public interest litigation is around us, and a long-term rental apartment in Shanghai requires that you have to "swipe your face" to enter the door
At the beginning of this year, Ms. Yang encountered a problem: the long-term rental apartment announced that it would implement a "face recognition" system. She was worried about information leakage and was unwilling to "swipe her face", but the apartment did not agree to provide access cards or other door identification methods. This clue attracted the attention of the public interest prosecutor of the Shanghai Hongkou District People's Procuratorate.
After contacting Ms. Yang, the prosecutor learned that the apartment access control system was installed after she moved in. She only learned about this when the apartment management notified her to enter facial information. "I need to provide the management with half-frontal photos and other information. Although they promised to keep it safe, I don't know if this information will be leaked in the future." Ms. Yang expressed concern to the prosecutor.
Face recognition information can be clearly seen in the background
"We noticed that the access control system also stores the face information of tenants who have withdrawn from the lease, takeout delivery persons, visitors and other personnel." The prosecutor further investigated and found that the apartment did not collect the face information of the tenants in the same name. Inform the tenant accurately and completely in a significant manner what should be disclosed when handling sensitive personal information. The tenant does not know the purpose, method, type, retention period of personal information processed by the apartment, the name and contact information of the processor, and the impact of processing sensitive personal information on personal rights. Methods, procedures, etc. to influence and exercise rights. In addition, the apartment has not taken necessary measures to ensure information security. The computers and hosts that manage access control and save hundreds of thousands of facial information are not encrypted. The account and password of the access control system are directly saved in the computer, and you can log in with a click. . The above problems also exist in another apartment chain under the brand.
In this regard, the apartment said that the installation of the face recognition access control system is to strengthen security management, better implement public security prevention and control requirements, and prevent outsiders from entering and exiting the apartment at will, which can maximize the personal and property safety of residents. Visitors can also pass through the bottom Enter the apartment by calling the floor.
Although it is for safety, you cannot enter without "swiping your face". Is this appropriate rule? the answer is negative.
"Any disguised or forced collection of facial information and disclosure of citizens' personal information is illegal." Liu Qing, director of the Public Welfare Prosecution Office of the Hongkou Procuratorate, said that the "Shanghai Data Regulations" clearly stipulate that in the city's shopping malls, supermarkets, In public places such as parks, scenic spots, public cultural and sports venues, and hotels, as well as residential areas, commercial buildings and other areas, image collection and personal identity recognition technology are not allowed to be used as the only verification method for entering and exiting the places or areas.
After many visits and consultations, the Hongkou Procuratorate issued procuratorial recommendations to the housing leasing authorities, recommending that the two apartments use facial recognition access control as the only verification method of entry and exit to be rectified in accordance with the law, add other optional verification methods, and urge housing leasing Enterprises must fulfill their statutory notification obligations when handling sensitive personal information and establish and improve data security management systems.
After receiving the procuratorial recommendations, the administrative agencies immediately urged the implementation of rectifications. During the on-site return visit, the prosecutor learned that both apartments had adopted a series of corrective measures, such as adding 24-hour security manual services, IC access cards and other non-biometric verification access methods; publishing a "Check-in Notice" in the WeChat management group, Place "Check-in Tips" in the lobby and post warning signs at the face recognition access control to inform new and old customers of legal matters related to handling sensitive personal information; formulate a "Customer Information Confidentiality Management Measures" and sign a confidentiality commitment letter with the staff. Conduct confidentiality training for staff, set computer power-on passwords, etc., and improve the internal management system and operating procedures for data security.
"However, there are still certain problems in the processing and management of sensitive information in the two apartments." Liu Qing said. For example, the face recognition access control system still stores a large amount of unknown face information, and the system computers are equipped with remote assistance software. There are violations and security risks when accessing the Internet, so the relevant administrative departments are supervised to further supervise and implement rectifications. At present, the relevant apartments have changed the access control system computers to run on the intranet, deleted the remote assistance software, and established a regular deletion system for strangers' face information.
![Can facial recognition be used casually | Public interest litigation is around us, and a long-term rental apartment in Shanghai requires that you have to "swipe your face" to enter the door](https://a5qu.com/upload/images/fbcc245e66793d50e910ded2708d0f7c.webp)