Workflow
焦点访谈|厘清“刷脸”边界 筑牢人脸信息的安全防线
Yang Shi Wang·2025-07-05 13:58

Core Viewpoint - The implementation of the "Facial Recognition Technology Application Security Management Measures" marks China's first comprehensive regulation specifically addressing the application of facial recognition technology, aiming to clarify its boundaries and enhance data protection [7][19]. Group 1: Regulation Implementation - The regulation was officially implemented on June 1, 2023, and is designed to work alongside existing laws such as the Cybersecurity Law, Data Security Law, and Personal Information Protection Law [7]. - It establishes clear boundaries for the application of facial recognition technology, requiring that its use in public places is necessary for maintaining public safety and that the collection of facial data is limited to designated areas [9][12]. Group 2: Public Concerns and Changes - Public concerns regarding privacy, security, and potential misuse of personal information have been highlighted, with citizens expressing fears about the implications of mandatory facial recognition [5][10]. - Following the regulation's implementation, many hotels have ceased the practice of collecting facial data for check-ins, reverting to traditional identification methods [9][10]. Group 3: Data Protection Measures - The regulation mandates that facial recognition data must be stored locally on devices and prohibits transmission over the internet, thereby reducing the risk of data breaches [17]. - It requires the implementation of security measures such as data encryption, access control, and regular password updates to protect facial recognition data [19][21]. Group 4: Special Management Requirements - The regulation imposes strict management requirements for special scenarios, prohibiting the installation of facial recognition devices in private spaces such as hotel rooms and public restrooms [12][13]. - Organizations must ensure that facial recognition is not the sole method of verification and must minimize the impact on individual rights [13][15]. Group 5: Data Classification and Management - The regulation continues the approach of data classification and grading, requiring organizations handling large volumes of personal information to register with cybersecurity authorities [25]. - It emphasizes the importance of responsible data management, particularly as the volume of collected data increases, to mitigate risks associated with potential data leaks [25].