Abstract
Key Points:
This article describes the advances in face mining technologies and aligns these with Australian data privacy law, explaining the division of facial recognition usage into five generations. The article analyses the risks and gaps in data privacy laws, particularly within the Australian context, and offers recommendations for reform.
Australian law regulates biometric data, including facial biometric data (FBD), as sensitive information. However, the legislation and regulatory focus are primarily on what may be termed the second-generation use of FBD; that is, for automated verification or identification.
Australia is undergoing a reform of its data privacy law, which may impact the regulation of FBD. The reform proposals include redefining personal information to include inferred information and creating a non-exhaustive list of personal information types. The reform also suggests updating the categories of sensitive information and considering the regulation of biometric technologies.
To address the challenges surrounding biometric data privacy, several solutions are proposed. These include legislation to cover all generations of facial recognition usage and future technologies. Further, a provision should be included to prevent tech companies from circumventing the law by obtaining user consent. Guidelines on data storage should be established, including a maximum retention period, encryption, and government audits for compliance. Non-compliance should result in penalties comparable to the European Union General Data Protection Regulation.
This article describes the advances in face mining technologies and aligns these with Australian data privacy law, explaining the division of facial recognition usage into five generations. The article analyses the risks and gaps in data privacy laws, particularly within the Australian context, and offers recommendations for reform.
Australian law regulates biometric data, including facial biometric data (FBD), as sensitive information. However, the legislation and regulatory focus are primarily on what may be termed the second-generation use of FBD; that is, for automated verification or identification.
Australia is undergoing a reform of its data privacy law, which may impact the regulation of FBD. The reform proposals include redefining personal information to include inferred information and creating a non-exhaustive list of personal information types. The reform also suggests updating the categories of sensitive information and considering the regulation of biometric technologies.
To address the challenges surrounding biometric data privacy, several solutions are proposed. These include legislation to cover all generations of facial recognition usage and future technologies. Further, a provision should be included to prevent tech companies from circumventing the law by obtaining user consent. Guidelines on data storage should be established, including a maximum retention period, encryption, and government audits for compliance. Non-compliance should result in penalties comparable to the European Union General Data Protection Regulation.
Original language | English |
---|---|
Pages (from-to) | 1-12 |
Number of pages | 12 |
Journal | International Data Privacy Law |
DOIs | |
Publication status | Published - 21 Jun 2024 |