Le Groupe de l'article 29 vient de publier un avis sur la reconnaissance faciale: Opinion 02/2012 on facial recognition in online and mobile services.
Après avoir rappelé que la Directive 95/46/CE s'applique en l'espèce, cet avis fait plusieurs recommandations visant les responsables du traitement des données (data controller):
1. Unlawful processing for the purposes of facial recognition
In an online setting, images can be acquired by the data controller in many ways such as provided by the users of the online or mobile service, their friends and colleagues or from a third party. Images may contain the faces of the users themselves and/or other registered or non-registered users or acquired without the knowledge of the data subject. Regardless of the means by which these images may be acquired a legal basis is required to process them.
Recommendation 1: If the data controller is acquiring the image directly then they must ensure they have the valid consent of the data subjects prior to acquisition and provide sufficient information relating to when a camera is operating for the purpose of facial recognition.
Recommendation 2: If individuals are acquiring digital images and uploading them to online and mobile services for the purpose of facial recognition the data controllers must ensure that the image uploaders have consented to the processing of the images which may take place for the purposes of facial recognition.
Recommendation 3: If data controllers are acquiring digital images of individuals from third parties (e.g. copied from a website or purchased from a different data controller) they must carefully consider the source and the context in which the original images are acquired and processed only if the data subjects had consented to such processing.Recommendation 4: Data controllers must ensure that digital images and templates are only used for the specified purpose for which they have been provided. Data controllers should put technical controls in place in order to reduce the risk that digital images are further processed by third parties for purposes for which the user has not consented to. Data controllers should put in place tools for users to control the visibility of their images that they have uploaded where the default is to restrict access by third parties.
Recommendation 5: Data controllers must ensure that digital images of individuals who are not registered users of the service or have otherwise not consented to such processing are only processed in so far as the data controller has a legitimate interest for such processing. (...)
Security breach during transit
In the case of online and mobile services it is likely that there will be data transit between image acquisition and the remaining processing stages (e.g. uploading an image from a camera to a website for feature extraction and comparison).
Recommendation 6: The data controller must take appropriate steps to ensure the security of data transit. This may include encrypted communication channels or encrypting the acquired image itself. Where possible, and especially in the case of authentication/verification, local processing should be favoured.
2. Face Detection, Normalisation, Feature Extraction
Templates generated by a facial recognition system may contain more data than are necessary to perform the specified purpose(s).
Recommendation 7: Data controllers must ensure that data extracted from a digital image to build a template will not be excessive and will only contain the information required for the specified purpose, thereby avoiding any possible further processing. Templates should not be transferrable between facial recognition systems.
Security breach during data storage
Identification and authentication/verification are likely to require the storage of the template for use in a later comparison.
Recommendation 8: The data controller must consider the most appropriate location for storage of the data. This may include on the user’s device or within the data controller’s systems. The data controller must take appropriate steps to ensure the security of the data stored. This may include encrypting the template. It should not be possible to obtain unauthorised access to the template or storage location. Especially for the case of facial recognition for the purpose of verification, biometric encryption techniques may be used; with these techniques, the cryptographic key is directly bound to the biometric data and is re-created only if the correct live biometric sample is presented on verification, whereas no image or template is stored (thus forming a type of “untraceable biometrics”).Subject access
Recommendation 9: The data controller should provide the data subjects with appropriate mechanisms to exercise their right of access, where appropriate, to both the original images, and the templates generated in the context of facial recognition.(Source: Article 29, Opinion 2/2012, p. 8-10)
Pour plus de détails:
- ARTICLE 29 DATA PROTECTION WORKING PARTY, Opinion 02/2012 on facial recognition in online and mobile services, WP 192, March 22, 2012