On November 6, 2014, the National Telecommunications and Information Administration (“NTIA”) held its tenth Privacy Multistakeholder Meeting on drafting a voluntary framework for facial recognition technology or “FRT,” focusing on potential practices associated with the collection, storage, and transmission of facial recognition data. Participants discussed potential issues to address in a Code of Conduct, including encryption of facial recognition data, secure storage, access limitations, and authentication. Participants also discussed whether entities that use FRT for certain purposes, such as crime prevention, should be allowed to decline requests from individuals seeking to withdraw their facial recognition data from a database.
An eleventh meeting took place on December 15, 2014, continuing the group’s discussions on storage, transmission, and withdrawal. The group weighed in on draft code provisions prepared by separate groups of volunteering participants. Participants considered a proposed requirement that would direct entities collecting facial recognition data to adopt “appropriate” retention and disposal practices and to disclose how long facial recognition data will be retained and any other retention and disposal practices. The group also discussed whether the code should reference specific cryptographic standards. There was additional consideration on whether the code should include a provision that would require an entity to establish a procedure to allow consumers to request the removal of their facial templates.
The next meeting is expected to take place in early 2015 and will focus on refining draft code language and consider potential issues regarding audit trails, access, and correction.