China Publishes Draft Security Standard on Facial Recognition
Time 2 Minute Read
Categories: Information Security, International

On April 23, 2021, the National Information Security Standardization Technical Committee of China published a draft standard (in Chinese) on Security Requirements of Facial Recognition Data (the “Standard”). The Standard, which is non-mandatory, details requirements for collecting, processing, sharing and transferring data used for facial recognition.

The Standard is one of many new proposed standards relating to privacy and cybersecurity in China. As we previously reported, the privacy landscape in China is undergoing significant development, and a proposed personal information protection law is currently under review by the National People’s Congress of the People’s Republic of China.

The Standard includes the following key requirements:

  • Facial recognition should be used only for identification purposes and not to make predictions about individuals (e.g., in relation to their health, work performance or interests);
  • Facial recognition should be used only when an alternative technology not involving the use of facial recognition is insufficient in terms of security or convenience (e.g., for identity verification in airports);
  • Facial recognition should not be used to identify individuals under 14 years of age;
  • Storing facial recognition data is prohibited unless an organization obtains consent; and
  • Facial recognition data generated or collected in China should be stored only in China.

The Standard is open for public consultation until June 22, 2021.

Tags: Biometric Data, China, Consent, Consumer Protection, Data Protection Authority, Facial Recognition Technology
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Illinois’ Damages Limitation for Biometric Privacy Violations Applies Retroactively  

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page