On March 21, 2025, China announced new rules for facial recognition technology effective June 1, 2025. The regulations cover data storage, privacy assessments, usage in public areas, and volume reporting requirements, notably excluding research-related applications.
On March 21, 2025, major authorities in China released new guidelines particularly aimed at facial recognition technology. This comes as a response to growing concerns regarding privacy and security. The guidelines, which are termed the Security Management Measures for the Application of Facial Recognition Technology, will kick in on June 1, 2025. Let’s break down what these measures entail and who they affect.
These new measures, as mentioned, will regulate the use of facial recognition tech in identifying individuals across the nation. However, there are notable exclusions. They will not cover facial recognition applications designed purely for research or algorithm training. It’s essential to understand what’s meant by facial information; it’s basically biometric data linked to a person that can be recorded through various means. But don’t get confused, anonymized data is not falling into this category.
The rules don’t mess around when it comes to processing requirements. For instance, any storage of this facial information must be local to the recognition device. There’s a strict prohibition against transmitting this data online—unless express consent is given by the individual. So, if a company is data-handling, they better get the okay first or comply with existing laws.
Then there’s the privacy impact assessment, or PIA, which is a significant step. Data handlers must conduct one before they start processing any facial data. This is about making sure the implications on privacy are considered ahead of time. Also, if facial recognition devices are set up in public places, users will need to justify that their installation is essential for public safety.
Furthermore, if there are any other methods available to complete the verification, reliance solely on facial recognition isn’t allowed. Companies should be looking out for alternatives before jumping straight into biometric verification, a point that underscores a growing trend towards balanced tech use.
In the case of data volume, things get particularly stringent. When a handler processes information from more than 100,000 people, they must report this to the provincial data authority. This filing process requires comprehensive details including the purpose of the processing, security measures, and a copy of the PIA. Failure to amend filing when significant changes occur or not cancelling it once the use ceases could also lead to potential penalties.
In summary, these guidelines reflect China’s tightening grip on the use of facial recognition technology, addressing security and privacy concerns head-on. The requirements for transparency, consent, and responsible use seem to be at the forefront. It is indeed a complex space and organizations need to prepare for compliance well ahead of the June deadline.
The recently introduced Security Management Measures by China’s authorities aim to set tighter controls over facial recognition technology usage. With emphasis on consent, local data storage, and privacy impact assessments, the measures reflect growing global inclinations towards responsible technology deployment. As China gears up for implementation in June 2025, organizations will need to reassess their data handling practices to ensure compliance.
Original Source: www.hunton.com
