Privacy by Design Practices
Privacy by Design stands for the principle that any product or service should be designed with privacy in mind so that the design will proactively support privacy principles. FACEIO has been designed with this approach and has specific tools to safeguard privacy. These include access controls such as domain & country code restrictions, user consent during enrollment, straightforward opt-out (at anytime) via API and Web Interface.
When a website or web application implements FACEIO for the first time, it should adopt an implementation that makes full use of these tools to protect the privacy of its users such as making available the Unique Index ID assigned to each user who has completed enrollment, implementing Index/Facial ID deletion on your dashboard for example. We highly recommend communicating with your users regarding the privacy practices you implement.
Responsibility
When you create a new FACEIO application and implement fio.js
on your website or web application, you agree to be bound by our Services Terms and consent to our Services Privacy Policy. It is your responsibility now to safeguard, and to provide or proceed to the deletion of the Unique Index ID assigned to each enrolled user on your application whenever the user in question is requesting it, and to follow the Privacy Best Practices recommendations detailed here.
It would make sense to write a set of security and privacy requirements for your project team(s) that specify usage of such features to mitigate the associated risks. You should enlist the help of a web security expert to write these requirements, and consider both user needs and welfare, as well as other issues like policy and regulation enforced by legislation such as the EU General Data Protection Regulation (GDPR).
Meaningful Consent
One of the key purposes when you enroll a new user via face recognition on your FACEIO application, is to give this particular user the opportunity to consent to the use of his indexed facial features for specific purposes, such as access to your website. Because facial recognition technologies may be perceived as collecting sensitive personal data, it's especially important to ask for consent in a way that is both transparent and respectful. Consent is meaningful to users when it empowers them to make the decision that they feel is best for them.
We have found that consent is meaningful when it offers the following to new users enrollment:
- Awareness: Users should have no doubt when their facial features are being collected for future authentication purposes.
- Freedom of Choice: Users should not feel coerced or manipulated when choosing whether to consent and enroll in your facial recognition application.
- Complete Control/Right to be forgotten: Users should be able to revoke their consent and delete their data at any time.
- Understanding: Users should be able to accurately describe in their own words what they were being asked for, by whom, to what end, and with what assurances.
Recommendations
To this end. The following recommendations are provided by FACEIO to application owners who chooses to implement fio.js
, our facial recognition technology on their websites or web applications:
- CONSENT IS KEY, MANDATORY and should at all times be appropriate to the context. For example in case of minors, the consent should be obtained from the parents or guardians. Please note that local laws may require additional steps for obtaining consent.
- Ensure that the request for consent for biometric hashes collection and use is easy to find and understand.
- Ensure that the user can revoke his/her consent at any time.
- Provide & show (on your dashboard for example) the Unique Index ID assigned to the user in question.
- Ensure that the user can delete his Unique Index ID (action of a button click after confirmation for example).
- If your implementation includes user profiles or accounts, and a user deletes his/her account/profile, you should interpret this as a revocation of consent and thus proceed to the deletion of the Unique Index ID assigned to this user on the target application if any.
- Avoid auto-enrollment, as it does not give the user the awareness, understanding, freedom of choice, or control that is recommended for obtaining consent.
- Do not invoke automatically (not the result of a button click for example) the
enroll()
method to anyone who is not authorized, without obtaining their affirmative consent. - Provide clear notification before calling the
enroll()
method of thefio.js
JavaScript library which is responsible for gathering biometric hashes. - Provide clear notice if your organization will use biometric hashes for a purpose outside the reasonably expected uses (i.e. Authentication).
- Know which legal requirements apply to you - Within the last few years, there’s been a renewed focus placed on data privacy, leading to an increase in new, complex data privacy laws and regulations across the globe that generally include data retention standards.
Provide Additional Information Relating to the Use
- Provide policies and disclosures to users in a reasonably accessible manner and location.
- Inform the user of his/her rights regarding the deletion of his/her Unique Index ID and associated biometric hashes.
- Provide a description of your data retention and anonymization practices.
- Establish policies that describe how the technology will be used and reasonably foreseeable uses of biometric hashes.
- Provide a process or form for enrolled users to contact you regarding your use of their Unique Index ID and associated biometric hashes.
- Follow accessibility standards to ensure the application is usable by people with mobility or visual impairments.
Data Retention Policies
- If a user deletes his/her account, you should proceed immediately to the deletion of his/her Index ID programmatically via the FACEIO REST API, even if the retention period has not expired.
- Delete user data once it is no longer required or after the data retention period has been met.
- Establish and maintain appropriate retention and disposal practices for the data collected.
Data Security Protections
- Maintain appropriate administrative, technical, and physical safeguards.
- Periodically review security policies.
- Have reasonable data security protections in place for access to computers and servers to prevent unauthorized access or unintended disclosures.
- Initiate examinations and audits of security policies which will also help discover unauthorized access and catch and address critical issues that may have been overlooked.