About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

3 Int'l Data Priv. L. 1 (2013)

handle is hein.journals/intldatpc3 and id is 1 raw text is: International Data Privacy Law, 2013, Vol. 3, No. 1 Face-to-data another developing privacy threat? Christopher Kuner*, Fred H. Cate**, Christopher Millard**, and Dan Jerker B. Svantesson*** The constant development of technology gives rise to an equally constant stream of privacy issues. One of the most interesting recent developments is what we can call face-to-data (F2D). F2D refers to at least partially automated processes for accessing personal information about a person based on an image of that person's face. Ground-breaking research by a team of researchers from Carnegie Mellon University has highlighted that advances in face recognition technology, combined with the widespread posting of images linked to names on, for example, social media sites, and the processing power provided by advances in cloud computing, create a new set of privacy issues,' similar to, but also distinct from, traditional privacy issues associated with facial recognition. The Carnegie Mellon University team ran a series of experiments. For example, using a search tool, they built up a database of images and names collected from publicly available Facebook profiles. They then cap- tured images of consenting students and ran those images through off-the-shelf face-recognition software, linking in the data gained from the Facebook profiles. In the test, about a third of the students were identi- fied. The Carnegie Mellon work is striking because it uses commonly available devices (ie an iPhone) to perform highly effective facial recognition using candid photo- graphs, and then links those to a series of databases to generate an immediate response. So, for example, a person may use a phone on a street, take a picture, and within seconds have back the Social Security Number and street addresses of the people photographed. Infor- mation that can then be used to, manually or through automated processes, extract further personal data about those people. In light of this, the facial recognition aspect is only one part of the overall process of concern here, and * Editor-in-Chief ** Editor *** Managing Editor 1 The highly interesting research findings have been presented by Alessandro Acquisti at various conferences, including IAPP Europe Data facial recognition as such is a broader phenomenon than F2D. Thus, to properly understand the phenom- enon we are dealing with, it is undesirable to discuss F2D merely as a facial recognition issue. F2D can of course serve a variety of goals ranging from government surveillance, to business use and to satisfy personal curiosity, and it is interesting to con- sider how current data privacy laws address F2D. And with privacy laws being developed or changed in so many parts of the world, it is even more interesting to consider how the next generation of data privacy laws will address F2D. As is well known, the privacy regulation of today is largely focused on data use that falls outside the private sphere; that is, in those countries that do have some form of privacy regulation in place, there is typically some form of exemption for data use in the context of the 'private affairs' of individuals. This means that in most countries, while F2D for business purposes may be regulated, personal use would typically be unregu- lated. Furthermore, even in those countries, such as within the European Union, where commercial use may fall under applicable data protection schemes, it may be possible to circumvent the regulatory impact by placing a simple notice onsite informing potential customers of the use of F2D at that location, and then assuming that their failure to object to the processing should legitimize it. The conclusion is that traditional data protection regulation provides limited comfort for those con- cerned about the impact of F2D. While there have been some improvements to the rules governing consent in the EU General Data Protection Regulation proposed by the European Commission in January 2012, it seems unlikely that even the world's most modern and pro- tective legislative initiative will satisfy fully those fearing the privacy impact of F2D. Protection Intensive 2012 (April 2012) and the IAPP Privacy Academy 2012 (October 2012). For more information about the research, see: <http://www.heinz.cmu.edu/-acquisti/face-recognition-study-FAQ/>, accessed 30 October 2012. C The Author 2012. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most