12/02/2019

#10yearchallenge – The Many Faces of Facial Recognition

You probably noticed the #10yearchallenge meme, which encouraged people to post pictures of themselves today and ten years ago onto their social media accounts. I certainly enjoyed looking through my friends’ pictures, and was also inspired to compare my latest and first profile pictures to see how much fashion—and, yes, my own face, too—has changed over the past decade.

Soon after the start of the craze, people started posting about whether the meme was perhaps a data collection ploy started by Facebook in an effort to train its facial recognition algorithms to recognise the signs of aging. What easier way to gather the necessary data than to start an innocent meme to get users themselves to upload data into a large, organised database while entertaining themselves and their network. Facebook has denied these allegations and claimed that the phenomenon originated with its users and reminded users that they can switch off facial recognition at any time.

How is Facial Recognition Used?

There isn’t necessarily anything wrong with developing facial recognition technology — quite the opposite. If used correctly, it could change the world for the better, for example, by helping to diagnose illnesses early. Wired, an American magazine, recently published an article written by Kate O’Neill in which the writer – also inspired by the #10yearchallenge – brings up the pros and cons posed by facial recognition technology. According to her, facial recognition algorithms that recognise the signs of aging could be used, for example, to find missing children years later.

We encounter facial recognition technology every day, for example, when using our smartphones: a glance is enough to unlock your phone, many apps use facial recognition, and even your photo gallery often uses facial recognition to automatically group your pictures by person. Facial recognition can also make daily life easier: in Finland, we have piloted facial recognition to approve payments, and the technology is used in border checks to speed up the movement of people.

Technology is being developed for cars to monitor the condition of drivers to improve traffic safety. In the US, facial recognition has been used to help law enforcement to identify and arrest criminals. However, this kind of mass surveillance has been criticised, because if abused, it could lead to discrimination and threaten democracy.

Data collected by facial recognition technology that identifies the signs of aging combined with other data, such as location data, online behaviour or health data, could in future open the door to more extensive uses. For example, there are already insurance policies in which the policyholder agrees to hand over exercise and sleep data as well as health and lifestyle data to the insurer in exchange for discounted insurance premiums.

A Threat to Privacy?

It is clear that facial recognition technology has many good applications. However, if abused, it could become a threat to privacy. Facial recognition uses images of people’s faces, which in the data protection world are considered personal data. More specifically, they are classified as biometric data if an individual can be identified from the images or if they confirm the unique identification of an individual. Other biometric data includes fingerprint data used, for example, in access management.

Because facial recognition involves risks, there is an ongoing global debate about the necessity of regulation. In the EU, the use of facial recognition technology is regulated by the EU’s General Data Protection Regulation, which sets a framework for the processing of biometric data that is slightly stricter than the conditions for processing normal personal data. As with all personal data, it is important to consider the purpose for which facial recognition data is processed. If biometric data is used, for example, to uniquely identify a person, such data can only be processed with the express consent of the person, in cases provided by law or, for example, if people make the data public themselves — perhaps by publishing a profile picture on a public social media account.

As users of social media, it is important to think about what our data is being used for and whether it is being processed lawfully, but we should also remember to respect our own data and privacy, as O’Neill suggests in her article. Social media platforms have long been filled with apps and games mainly intended to collect data for later use, for example, in advertising. On the other hand, as long as we keep in mind what data we are sharing, who we are sharing it with and what purposes our data is being used for, we probably don’t need to start making tinfoil hats. Understanding the risks related to data processing puts us on safer footing.