不得强制刷脸！新规施行：人脸信息存储达10万人的，需备案

Core Points - The implementation of the "Facial Recognition Technology Application Security Management Measures" aims to regulate the use of facial recognition technology in China, addressing privacy and security concerns [2][3][5] Group 1: Regulatory Framework - The new regulations are based on existing laws such as the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, and apply to activities involving facial recognition technology within China [2][3] - The regulations require personal information processors to inform individuals about the processing of their facial information, including the purpose, method, and duration of storage [3][5] Group 2: Special Considerations - The regulations emphasize the protection of vulnerable groups, including the elderly and disabled, ensuring that their facial information is handled in compliance with accessibility standards [3][4] - For minors under the age of fourteen, parental consent is required for processing their facial information, and specific rules must be established to safeguard their data [4] Group 3: Data Storage and Security - Facial information must be stored locally on recognition devices and cannot be transmitted over the internet unless legally permitted or with explicit consent [5][6] - The regulations discourage the use of facial recognition as the sole verification method, promoting alternative identification methods when individuals do not consent to facial recognition [5][6] Group 4: Supervision and Compliance - Organizations processing facial information for over 100,000 individuals must register with provincial-level cybersecurity departments within 30 working days [6][7] - The registration process requires detailed information about the processing activities, including the purpose, methods, and security measures in place [7]