Are the FTC’s “Recommendations” Enough to Effectively Govern the Use of Facial Recognition Technologies?

Thanks to social networking sites like Facebook, there are billions of photographs available to the public across the Internet.  Indeed, the Federal Trade Commission (FTC) recently reported that “in a single month in 2010, 2.5 billion photos were uploaded to Facebook.”[1]  With this information in mind, it may come as little surprise that the field of facial recognition technology has expanded and improved tremendously over the past few years.[2]  Tests conducted by the National Institute of Standards and Technology between 1993 and 2010 “showed that the false reject rate – the rate at which facial recognition systems incorrectly rejected a match between two faces that are, in fact, the same – was reduced by half every two years.  In 2010, in controlled tests, the error rate stood at less than one percent.”[3]

Companies are using facial recognition technologies in a variety of ways.  For example, facial detection technologies are used in virtual eyeglass fitting systems and virtual makeover tools.  Additionally, some technologies are able to determine an individual’s engagement with a video game or excitement during a movie by identifying moods or emotions from facial expressions.[4]  Further, social networking sites like Facebook utilize technology that scans and compares new photos a user uploads with existing “tagged” photos, which enables the site to automatically identify the person in the new photo.  Likewise, it is now possible to use your face, rather than a password, to unlock your mobile device.[5]  As for the future, recent studies suggest that we are not far away from a world where facial recognition technology can be used to “identify anonymous individuals in public places, such as streets or retail stores, or in unidentified photos online.”[6]

Despite its advantages, facial recognition technologies raise a number of privacy concerns. As of now, however, there are no steadfast regulations governing its use. Instead, so far the FTC has merely released a report that contains “recommendations” for companies on how to best protect consumer privacy.[7] The FTC developed the list of recommendations after hosting a workshop in December 2011 to explore developments in the field of facial recognition technology.

Following the workshop, the FTC received eighty public comments discussing [facial recognition technology related] issues from private citizens, industry representatives, trade groups, consumer and privacy advocates, think tanks, and members of Congress. In [its] report, FTC staff . . . synthesized [workshop] discussions and comments in order to develop recommended best practices for protecting consumer privacy in this area, while promoting innovation.[8]

The following list represents a summary of the report’s recommendations to companies for preserving consumer privacy: (1) maintain data security for consumer’s biometric data; (2) establish and maintain reasonable retention periods and disposal practices for collected images; (3) avoid placing facial recognition technologies in sensitive areas such as bathrooms and health care facilities; and (4) make practices transparent to consumers.[9]

Finally, the report states, there are at least two scenarios in which companies should get consumers’ affirmative consent before collecting or using biometric data from facial images. First, they should obtain consent before using consumers’ images or any biometric data in a different way than they represented when they collected the data. Second, companies should not use facial recognition to identify anonymous images of a consumer to someone who could not otherwise identify him or her, without obtaining the consumer’s affirmative consent first.[10]

The FTC seems hopeful that its recommendations are enough to ensure that players in the field of facial recognition technology will respect consumer privacy now and into the future, stating “[i]f companies consider the issues of privacy by design, meaningful choice, and transparency at this early stage, it will help ensure that this industry develops in a way that encourages companies to offer innovative new benefits to consumers and respect their privacy interests[.]”[11]  Although such optimism is laudable, the FTC should remain skeptical that not all companies engaging in the use of facial recognition technologies have consumers’ best interests and privacy in mind.  The FTC should instead consider protecting consumers by adopting a formal set of rules to govern the use of facial recognition technologies, which includes penalties and fines for noncompliance.

[1] Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies, Federal Trade Commission (FTC), (Oct. 2012), available at

[2] See id. at 4 (“Th[e] multitude of identified images online can eliminate the need [for companies] to purchase proprietary sets of identified images, thereby lowering costs and making facial recognition technologies commercially viable for a broader spectrum of commercial entities.”).

[3] Id. at 3 (internal citation omitted).

[4] Id. at 5.

[5] Id. at 6.

[6] Id.

[7] See id.

[8] Id. at ii.

[9] See id.

[10] FTC Recommends Best Practices for Companies That Use Facial Recognition Technologies, FTC (Oct. 22, 2012),

[11] See id. at iii.

Author: Rachel Sigmund

Rachel is a 3L and a Senior Editor on the RCTLJ for the 2012-2013 academic year. Rachel is responsible for keeping the RCTLJ website current with the most recent and innovative computer and technology related news stories. Prior to attending law school, Rachel received a B.S. in Psychology with a Business Concentration from Pennsylvania State University's Schreyer Honors College in 2010. Currently, Rachel is a Summer Associate at the real estate law firm of Adam Leitman Bailey, P.C. in New York City. In July 2013, Rachel will sit for the New York and New Jersey Bar Exams.

Leave a Reply

Your email address will not be published.