Argentina Cosponsors Global Privacy Assembly’s Resolution on Facial Recognition Technology

At the 44^th Annual Global Privacy Assembly Conference the Global Privacy Assembly (“GPA”) passed the Resolution on Principles and Expectations for the Appropriate Use of Personal Information in Facial Recognition Technology (the “Resolution”), fulfilling its 2020 commitment established at the 42^nd Annual GPA Conference.

The Resolution identifies several risks regarding facial recognition technology (“FRT”), including the potential for unlawful surveillance, biased results, intrusion of personal privacy, and the erosion of data protection, privacy, and human rights. To mitigate these risks, the GPA found a need for greater regulatory cooperation and a consistent global policy. Considering the perspectives of various stakeholders (including regulators, lawmakers, developers, users, academia, and civil society), the GPA developed the Resolution containing six facial recognition technology principles which it will promote in the upcoming years. Those principles are as follows:

1. Lawful Basis: organizations using FRT should document and periodically reassess the legal basis of their collection and use of biometrics.
2. Reasonableness, Necessity, and Proportionality: organizations should assess the necessity, reasonableness, and proportionality of FRT before its implementation and periodically after its implementation.
   • Necessity: an rganization’s use of FRT should be effective in achieving a clearly established purpose that cannot be reasonably achieved by less intrusive means.
   • Reasnableness: in determining the reasnableness of an organization’s use of FRT, standard practices and community expectations should be considered.
   • Prportionality: the benefits f using FRT should outweigh the risk of harm posed to individuals’ privacy.
3. Protection of Human Rights: organizations using FRT should protect against unlawful or arbitrary interference with privacy and other human rights by conducting impact assessments and display the results transparently.
4. Transparency: the use of FRT should be transparent to the individuals whose biometrics are collected and used. Organizations should inform individuals any time their facial image is captured or included in a FRT database.
5. Accountability: organizations using FRT should have clear and effective accountability mechanisms in place, including:
   • Plicies on governance and risk mitigation,
   • Regular training n legal requirements, potential risks, and risk mitigation,
   • Established avenues fr individuals identified by FRT to challenge or seek redress,
   • Peridic audits of effectiveness, risk mitigation measures, and regulatory compliance, and
   • Plicies for identifying, mitigating, responding to, and notifying authorities of data breaches.
6. Data Protection Principles: the use of FRT should not violate any applicable data protection principle, including the principles of privacy by design, purpose specifications and use limitations, data minimization, retention, and deletion, safeguards, and data quality.