Core Viewpoint - The article emphasizes the importance of protecting facial recognition information as sensitive personal data, highlighting the legal protections and the risks associated with unauthorized collection and misuse of such data [1]. Regulatory Framework - The "Facial Recognition Technology Application Security Management Measures" has been implemented since June, providing specific guidelines for the use of facial recognition technology in public spaces [1]. - The measures require that the processing of facial information must have specific purposes and sufficient necessity, and that personal information handlers must inform individuals and conduct impact assessments [1]. Public Awareness and Advocacy - The Guangdong Provincial Network Data Security and Personal Information Protection Association advocates for several rights regarding facial information processing, including: - Right to know about the collection of facial information [2]. - Right to withdraw consent for facial information processing [2]. - Right to choose verification methods, ensuring multiple options beyond facial recognition [2]. - Right to clearly defined areas for facial information collection, with visible signage [2]. Organizational Role - The Guangdong Provincial Network Data Security and Personal Information Protection Association aims to enhance public awareness of personal information protection and to support the development of a secure data environment in Guangdong [2].

Core Viewpoint - The National Internet Information Office and the Ministry of Public Security have jointly issued the "Security Management Measures for the Application of Facial Recognition Technology," which will take effect on June 1, 2025, aiming to regulate the handling of facial information and protect personal information rights [1][2]. Summary by Sections Basic Requirements for Facial Recognition Technology - The application of facial recognition technology must comply with laws and regulations, respect social ethics, and fulfill personal information protection obligations while not endangering national security or infringing on individual rights [1][2]. Processing Rules for Facial Information - The processing of facial information must have specific purposes and be necessary, minimizing the impact on personal rights, and strict protective measures must be implemented. Consent must be obtained from individuals, especially for minors, and facial information should not be transmitted over the internet unless legally permitted [2][3]. Safety Norms for Application of Facial Recognition Technology - If alternative non-facial recognition methods exist to achieve the same purpose, facial recognition should not be the sole verification method. Organizations must not mislead individuals into accepting facial recognition for identity verification, and installations in private spaces are prohibited [3][4]. Supervision and Management Responsibilities - Personal information processors must register with provincial-level internet information departments when the number of stored facial information reaches 100,000 within 30 working days. A mechanism for information sharing and notification will be established among relevant departments [3][4].