Facial recognition controversies in 2019 -- including data leaks and the viral deepfake app Zao -- have resulted in more scrutiny of the technology and data collection in China. Now the country is now introducing new measures for apps that collect biometric data.
Last week, the country updated guidelines on collecting biometric data and consent requirements. The Personal Information Security Specification that went into effect in 2018 is China’s answer to Europe’s GDPR. Newest updates to the law that take effect on October 1 stipulate that users need to give active consent for the collection of biometric data, either through a pop-up window, a prompt or other means. Service providers also have to inform users about the purpose, method, and scope of collection, along with offering other information. The update also recommends companies store biometric information separately from personally identifiable information and offers several clarifications on handling data, including access by third parties.
Chinese app makers have been heavily criticized by both users and the government for over-collecting data. Research from Comparitech in December showed that China is the worst in nearly every way at protecting biometric data. China had its first facial recognition lawsuit in November when law professor Guo Bing sued a wildlife park for introducing the technology without consent.