Core Viewpoint - The article emphasizes the importance of protecting facial recognition information as sensitive personal data, highlighting the legal protections and the risks associated with unauthorized collection and misuse of such data [1]. Regulatory Framework - The "Facial Recognition Technology Application Security Management Measures" has been implemented since June, providing specific guidelines for the use of facial recognition technology in public spaces [1]. - The measures require that the processing of facial information must have specific purposes and sufficient necessity, and that personal information handlers must inform individuals and conduct impact assessments [1]. Public Awareness and Advocacy - The Guangdong Provincial Network Data Security and Personal Information Protection Association advocates for several rights regarding facial information processing, including: - Right to know about the collection of facial information [2]. - Right to withdraw consent for facial information processing [2]. - Right to choose verification methods, ensuring multiple options beyond facial recognition [2]. - Right to clearly defined areas for facial information collection, with visible signage [2]. Organizational Role - The Guangdong Provincial Network Data Security and Personal Information Protection Association aims to enhance public awareness of personal information protection and to support the development of a secure data environment in Guangdong [2].

6月1日起施行！两部门联合公布 《办法》明确了人脸识别技术应用安全规范。一是实现相同目的或者达到同等业务要求，存在其他 非人脸识别技术方式的，不得将人脸识别技术作为唯一验证方式。国家另有规定的，从其规定。二是应 用人脸识别技术验证个人身份、辨识特定个人的，鼓励优先使用国家人口基础信息库、国家网络身份认 证公共服务等渠道实施。三是任何组织和个人不得以办理业务、提升服务质量等为由，误导、欺诈、胁 迫个人接受人脸识别技术验证个人身份。四是在公共场所安装人脸识别设备，应当为维护公共安全所必 需，依法合理确定人脸信息采集区域，并设置显著提示标识。任何组织和个人不得在宾馆客房、公共浴 室、公共更衣室、公共卫生间等公共场所中的私密空间内部安装人脸识别设备。五是人脸识别技术应用 系统应当采取数据加密、安全审计、访问控制、授权管理、入侵检测和防御等措施保护人脸信息安全。 《办法》明确了监督管理职责。个人信息处理者应当在应用人脸识别技术处理的人脸信息存储数量 达到10万人之日起30个工作日内向所在地省级以上网信部门履行备案手续。网信部门会同公安机关和其 他履行个人信息保护职责的部门，建立健全信息共享和通报工作机制，协同开展相关工 ...