Facebook facial recognition accused of infringement of privacy: science and technology innovation need to "control"?
A few days ago, the United States of California's a federal judge ruled that 3 Illinois man can continue their class-action lawsuits against Facebook. The plaintiff argues that Facebook facial recognition system software infringe the privacy of users. Before Adam Pezen, Carlo Licata, Nimesh Patel, three in 2015 respectively infringement lawsuit against Facebook. Three cases was handed over to the Northern California court last summer (Northern District of California court) consolidated.
Plaintiff in the lawsuit said, according to the Illinois Biometric Information Privacy Act (Illinois Biometric Information Privacy Act), based on Facebook uploading photos in facial features to create or store user template need consent of the user.
Biological recognition technology is to point to by computer and optics, acoustics, biological sensors and other technical means, combining with inherent in the human body physiological characteristics, such as fingerprint, face, iris, etc) and behavior characteristics, such as handwriting, voice, gait, etc.) for personal identity recognition and identification.
In 2008's "the Illinois biometric information privacy act that" although a few states stipulated the biometric data collection, application and preservation, but many of the public in the hope to protect their own biological data can't can depend on."
The beauty of biometric legislation is still cautious
In recent years, the biological recognition technology application in the field of commercial and security checks are increasingly frequent, it simplifies the financial transactions and security check procedure. Illinois lawmakers said, many multinational companies in Chicago and other cities of the Illinois extension and application of biometrics, stores, gas stations, school canteen, etc are the emerging technologies such as fingerprint scanning payments in trial.
But the particularity of biometric data is that it is each person only, unique and cannot be changed. In combination with the financial payment after technology, biometric data protection is particularly important. In view of this, the Illinois biometric information privacy act from the perspective of subject qualification and the legal procedure rules on the retention of biological data, collection, disclosure, destruction, in addition also provides the corresponding relief measures.
The above case, the plaintiff thinks, on the basis of the biometric information privacy act, Illinois, private entities, private entity) shall not be entitled to collect user biological data, unless it has obtained the written authorization of authorized representatives. While Facebook clearly didn't obtain the authorization of the user.
In the court debate, Facebook thinks that the user can choose to turn off the photo face recognition function, so that they in other accounts will not be automatic identification in the photo. Turn off this feature, however, will delete user data in a personal face template.
Facebook argued that such action shall be filed according to the company located in California law. California is not similar to the biometric information privacy act, Illinois law or policy. However the federal judge James Donato refused Facebook to the requirement of trial shall be governed by the laws of California. The judge said, in the opinion if Facebook request approval, the biometric information privacy act, Illinois was useless.
Although according to the Illinois biometric information privacy act against Facebook, a visiting professor at the Peking University institute of intellectual property rights still think Andy sun, Facebook, losing the chance of still very small. "Netizens tort against facebook, if cannot prove myself, just a guess someday what the other party may infringe upon the rights of I, this is not as successful. Based on the limitations of law is that really happen till the concrete behavior, otherwise it is difficult to win."
Andy sun thinks, the significance of this case is not the outcome, but in the discussion of legislation to biometric data. Despite Illinois 8 years ago issued relevant laws, but the states about the legislation in this field is still in groping stage. "The United States market environment didn't go too fast, want the law to legal walk in front of the market, sometimes stifle innovation. About the legislative problem of science and technology, the first thing you encounter is the principle of technical neutral."
"The principle of technology neutrality" established in the 1970 s, the universal film SONY and Disney v. infringement. The plaintiff think SONY video recorder can be used for duplicating film production and sales of tort, so SONY to video the infringement of the buyer is responsible for it. The United States Supreme Court ruled that SONY video recorder has extensive commercial use, non infringement, even SONY companies know that the device could be used for infringement, presumption can help others intentional torts and its component "help tort". The purpose of the "principle of technology neutrality" is the emerging technology from the "wrong" of the law.
"The technology itself can't be sure there is illegal, what is the key technology in application. In technical patterns of behaviour that make it clear before, American law legislative council wary of the technology itself." Andy sun reporter said on the 21st century economy.
Our biometric legislation also place "blank"
In our country, with the smart home and mobile Internet, have terminal equipment and application software of the biological data to identify more and more. The application of face recognition, fingerprint unlock is common, but the Chinese about legislation as "blank" in the field of biometrics.
"Many biometric data types, such as fingerprint, face grain, DNA, etc. Generally speaking, domestic no unified regulation, only a few fields such as DNA testing and appraisal aspects need to be qualified." Well-known IT with intellectual property lawyer occupation zhao told reporters.
About genetic testing products, domestic regulations on the supervision and administration of medical devices, the measures for the administration of the medical device registration, registration measures for the management of in vitro diagnostic reagents and other relevant provisions, but the rules for medical equipment management, rather than data protection.
In terms of personal information, the standing committee of the National People's Congress on strengthening the decision of the network information protection "and" telecom and Internet users' personal information protection sets "are involved, but the scope of citizens network information includes only the user name, date of birth, id number, account number and password" can alone or combined with other information to identify the user information and user information such as the time and place of use of the service ".
Since there is no unified standard, specific applications, the enterprise operation mode of the biometric data are inconsistent. Smartphone's collection of fingerprint information, for example, mobile phone China league secretary-general wang is introduced, the most high-end phones fingerprint data is stored in a secure operating system known as the TEE, and TEE system is stored in the ARM kernel TrustZone, run independently.
TrustZone is part of the mobile phone processor. "Apple, samsung, huawei mobile phones. WeChat, pay treasure to support fingerprint payment request also support the TEE. TrustZone has the highest level of security, virus is hard to access. Some low-end phones are stored in the mobile phone in a flash." Wang said.
For enterprise to collect biometric data users behavior, reporters, legal experts said, the enterprise shall specify the users consent can be carried out. "Link must go through the user agrees to the collection, and such consent is not only through the registered account user agreement when the default check way, also must be a clear hint to the user, allow the user to make an initiative choice do you agree or disagree with the following statement." Zhao occupation, told reporters.
Andy sun think about it, to enterprise's regulation including the regulation of public law and private law regulation, the former refers to the law, the latter refers to businesses and consumers to sign the agreement. Without violating the content "agreement under the premise of policy and law efficacy than civil law, so the user should attach great importance to the conventions of this agreement."
However, for the legislative problem of the biometric data, the views of the two scholars don't agree with each other. Zhao occupation that biometric data privacy, not only involves ethics, genetic resources protection, biological safety, and a series of complex problems, "and the more necessary specially made specific provisions, from the threshold of the collection, collection and the limitations of the use and storage and the security level of the specific requirements for regulation".
Andy sun prefers "mild regulation" is adopted to improve the market management. "To maintain moderate flexibility and easy, let the business form with development of science and technology space. It is difficult to appear in regulating the strict European Uber and an enterprise form, but they all appeared in the United States."
