Facial Recognition in Corporate Security: Understanding Your Opt-Out Rights

Is your face the key to your office building?

But what happens to that data?

The implementation of facial recognition systems in corporate buildings raises significant concerns, particularly regarding privacy and legal compliance.

Concerned about facial recognition technology in your workplace?

Read on.

Understanding Facial Recognition Systems

Facial recognition systems capture biometric data, which can include facial scans and other personal information. These systems are increasingly used in corporate office buildings for security and access control. However, their implementation raises important questions about privacy and consent.

Corporate building security face scan systems typically capture 80 to 100+ facial data points (e.g., distance between eyes, jawline shape, nose structure) to create a unique biometric template. The exact number depends on the system's sophistication.

The exact number of data points can vary depending on the technology and vendor, but generally, these systems analyse features such as:

• Distance between the eyes
• Width of the nose
• Depth of the eye sockets
• Shape of the cheekbones
• Length of the jawline
• Other distinctive facial landmarks

China's Personal Information Protection Law (PIPL)

PIPL is a comprehensive law that requires explicit consent for collecting biometric data. It sets strict rules for processing and protecting personal information, ensuring that individuals have the right to object to unnecessary or excessive data collection. Organisations must provide reasonable alternatives if requested.

Global Data Privacy Laws

- GDPR (EU/UK): The General Data Protection Regulation requires explicit consent and secure storage of biometric data. Individuals can refuse consent unless it is strictly necessary for the contract.

- CCPA (California): The California Consumer Privacy Act allows individuals to opt out of biometric data collection in certain situations.

- BIPA (Illinois, USA): The Biometric Information Privacy Act mandates informed consent and strict guidelines for biometric data use. Violations can result in lawsuits with significant damages.

Protecting Your Privacy: Understanding Policies and Rights

- Review Lease Agreements: Check for clauses about access control systems and biometric data collection. Understand your rights regarding privacy and data protection.

- Data Handling: Request information from your employer or building management on how facial data will be stored, used, and protected.

- Informed Consent: Ensure that explicit and informed consent is obtained before collecting and processing personal information, including biometric data.

I'm hesitant to use facial recognition for building access due to privacy concerns. Are there any alternative entry methods available?        

Taking Proactive Steps

- Request Alternatives: Discuss alternative authentication methods such as ID cards or mobile apps with your employer or building management.

- Provide Feedback: Voice your concerns to the employer or building management. Collective advocacy can sometimes lead to policy changes.

- Document Objections: If temporarily complying with facial recognition, document your objections in writing to preserve your rights for future action.

Escalating Issues and Seeking Legal Recourse

- Engage Tenant Associations: Raise the issue during meetings with tenant associations or property management committees.

- File Complaints: Contact relevant authorities to report the issue.

- Seek Legal Advice: Consult a lawyer specialising in property law or data protection in your country. They can review your lease agreement and advise on potential legal actions.

Global Impact of Regulations

China

- PIPL: Requires explicit consent and provides the right to object to unnecessary data collection. Organisations must offer reasonable alternatives if requested.

- Cybersecurity Law: Mandates network operators to protect personal information and prevent data breaches.

- Data Security Law: Focuses on data protection and requires organisations to implement security measures.

EU/UK (GDPR)

- Explicit Consent: Required for biometric data processing unless strictly necessary.

- Data Minimisation: Only essential data should be collected.

- Right to Refuse: Individuals can refuse consent and demand alternatives.

United States

- CCPA (California): Allows opting out of biometric data collection in certain situations.

- BIPA (Illinois): Mandates informed consent and strict guidelines for biometric data use. Violations can result in lawsuits.

Principles for Lawful and Ethical Use of Facial Recognition

- Informed Consent: Explicit consent must be obtained before collecting and processing personal information.

- Data Security Measures: Data should be encrypted during storage and transmission, with limited access granted only to authorised personnel.

- Purpose Limitation: Data should be used solely for the intended purpose, such as building access, and not for surveillance or profiling.

- Retention Policies: Legally compliant systems should delete raw face scans after creating a biometric template.

- Third-Party Sharing: Biometric data should not be shared externally without consent.

The increasing use of biometric data collection in corporate buildings necessitates a thorough understanding of privacy laws and proactive steps to protect individual rights. By staying informed and taking appropriate actions, tenants and employees can navigate the complexities of facial recognition technology while advocating for their privacy.

For further guidance, individuals can refer to resources that outline their legal rights and provide strategies for protecting their biometric data in various jurisdictions.

Essential Questions to Ask Your Corporate Building's Management

• "Where in the lease does it authorize mandatory biometric data collection?"
• "How do you comply with [GDPR/BIPA/CCPA] when forcing tenants to use facial recognition?"
• "What is your liability if my biometric data is breached?"

If their answer is unsatisfactory, or if you feel insecure about sharing your face scan, please escalate the matter to your higher management. Face scans are now used for e-wallet payments, making it crucial to safeguard your personal digital identities in this digital age.

Do not hesitate to contact your HR department or legal counsel if you need assistance.

About Jean

Jean Ng is the creative director of JHN studio and the creator of the AI influencer, DouDou. She is the Top 2% of quality contributors to Artificial Intelligence on LinkedIn. Jean has a background in Web 3.0 and blockchain technology, and is passionate about using these AI tools to create innovative and sustainable products and experiences. With big ambitions and a keen eye for the future, she's inspired to be a futurist in the AI and Web 3.0 industry.

AI Influencer, DouDou's Portfolio

Subscribe to Exploring the AI Cosmos Newsletter