NTIA will hold the first meeting of a privacy multistakeholder process regarding the commercial use of facial recognition technology on February 6, 2014. Subsequent meetings will follow in February, March, April, May, and June 2014. The goal of the process is to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology. Stakeholders will discuss how best to ensure that consumers’ rights to control, transparency, security, access and accuracy, focused collection, and accountability are respected within the context of current and emerging commercial uses of facial recognition technology.
Please RSVP if you plan to attend the February 6, 2014 meeting or view the webcast.
The privacy multistakeholder process regarding facial recognition technology is part of the framework set forth in the White House’s February 23, 2012 document: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (the ‘‘Privacy Blueprint’’). The Privacy Blueprint directs NTIA to convene a series of multistakeholder processes that apply the Consumer Privacy Bill of Rights to particular business contexts.
Facial recognition technology has the potential to improve services for consumers, support innovation by businesses, and affect identification and authentication online and offline. However, the technology poses distinct consumer privacy challenges, including: 1) securing sensitive biometric data; 2) providing transparency when facial recognition is implemented in retail stores or other public places; and 3) developing meaningful controls for consumers when the source material for facial recognition technology – digital images – is often widely available. Despite these challenges, facial recognition systems are becoming more widespread, and companies are incorporating facial recognition capabilities into photo management software, in-store camera systems, online services, game consoles, and mobile devices.
A number of initiatives and proposals have been undertaken in this context, some of which may provide useful input into the stakeholder process. The Federal Trade Commission held a workshop and issued a staff report regarding the privacy and security implications of facial recognition technology. Several organizations have drafted best practices for use of the technology generally or regarding the implementation of facial recognition in particular applications. Academics have published research regarding the effect of facial recognition technology on privacy. These efforts indicate that the facial recognition topic is a strong opportunity for stakeholders to reach consensus on a code of conduct in a reasonable timeframe.
A code of conduct would give businesses that employ facial recognition technology greater certainty about how the Privacy Blueprint’s principles apply to them. Facial recognition potentially impacts a range of industry participants, including: developers of facial recognition software; retailers that employ recognition-enabled camera systems; providers of online services; and game console developers, among others.
Meeting Schedule and Details
The February 6, 2014 multistakeholder meeting will be held from 1:00 p.m to 5:00 p.m., Eastern Time in the Boardroom at the American Institute of Architects, 1735 New York Avenue NW, Washington, DC 20006. Subsequent meetings will follow, at the same time of day and in the same location, on February 25, 2014; March 25, 2014; April 8, 2014; April 29, 2014; May 20, 2014; June 3, 2014; and June 24, 2014. Stakeholders will engage in an open, transparent, consensus-driven process to develop a code of conduct regarding the commercial use of facial recognition technology.
February 6, 2014 Meeting
The objective of the February 6, 2014, meeting is to convene a factual, stakeholder-driven dialogue regarding the technical capabilities and commercial uses of facial recognition technology. This dialogue will likely involve a series of discussion panels and Q&A sessions featuring knowledgeable stakeholders from industry, civil society, and academia. This first meeting is intended to provide stakeholders with a factual background regarding how facial recognition technology is currently used by businesses, how the technology might be employed by businesses in the near future, and what privacy issues might be raised by the technology. NTIA will publish a draft meeting agenda on December 20, 2013, and a final agenda on January 17, 2014.
February 25, 2014 Meeting
The objectives of the February 25, 2014 meeting are to: 1) begin discussion among stakeholders concerning a code of conduct that sets forth privacy practices for facial recognition technology (this discussion may include circulation of straw-man drafts and discussion of the appropriate scope of a code); and 2) provide a venue for stakeholders to agree on the procedural work plan for the group (this might include establishing working groups, drafting procedures, and/or modifying the logistics of future meetings).
March – June Meetings
The March 25, 2014; April 8, 2014; April 29, 2014; May 20, 2014; June 3, 2014; and June 24, 2014 meetings are intended to serve as venues for stakeholders to discuss, draft, and revise a code of conduct that sets forth privacy practices for facial recognition technology. NTIA suggests that stakeholders consider “freezing” the draft code of conduct after the June 24, 2014 meeting in order to facilitate external review of the draft. Stakeholders would then likely reconvene the group in September 2014 to take account of external feedback. More information about stakeholders’ work will be available at: http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-process-facial-recognition-technology.
The meetings are open to all interested stakeholders, will be webcast, and are open to the press. There will be an opportunity for stakeholders viewing the webcast to participate remotely in the meetings through a moderated conference bridge, including polling functionality. Requests for sign language interpretation, real-time captioning of the webcast, or other auxiliary aids should be directed to John Verdi at (202) 482-8238 or jverdi@ntia.doc.gov at least seven (7) business days prior to each meeting. Meeting details may change. Please refer to NTIA’s web site, http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-process-facial-recognition-technology, for the most current information.
Background
The White House’s Privacy Blueprint contains a number of key elements, including: (1) a Consumer Privacy Bill of Rights, which is a set of principles the Administration believes should govern the handling of personal data in commercial sectors that are not subject to existing federal privacy statutes; and (2) a multistakeholder process, convened by NTIA, to develop legally enforceable codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts.
In March 2012, NTIA requested public comments concerning the privacy multistakeholder process (the “Request for Comments”). More than eighty commenters filed responses to the Request for Comments. Individuals and entities in the commercial, academic, civil society, and government sectors filed comments. Several commenters supported facial recognition technology as a fruitful topic for stakeholders to pursue in the NTIA process.
NTIA convened the first privacy multistakeholder process regarding mobile application transparency in 2012-2013. More information about the stakeholder’s work is available here: http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-process-mobile-application-transparency.
NTIA’s Request for Comments stated “NTIA’s role in the privacy multistakeholder process will be to provide a forum for discussion and consensus-building among stakeholders.” In situations in which stakeholders disagree over how best to interpret the Consumer Privacy Bill of Rights, NTIA’s role, as explained in the Privacy Blueprint, ‘‘will be to help the parties reach clarity on what their positions are and whether there are options for compromise toward consensus, rather than substituting its own judgment.’’
The Request for Comments noted that stakeholder groups convened to develop codes of conduct will not be advisory committees, as neither NTIA nor any other Federal agency or office will seek consensus advice or recommendations on policy issues from participants in the privacy multistakeholder process. NTIA sought comments on “what issues should be addressed through the privacy multistakeholder process” and “how stakeholder discussions of the proposed issue(s) should be structured to ensure openness, transparency, and consensus-building.”
For further information, please contact John Verdi, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW, Room 4725, Washington, DC 20230; telephone (202) 482-8238; email jverdi@ntia.doc.gov. Please direct media inquiries to NTIA’s Office of Public Affairs, (202) 482-7002; email press@ntia.doc.gov.