Nine privacy groups plan to withdraw from U.S. government-hosted negotiations to develop voluntary facial-recognition privacy standards because the groups feel the process won’t lead to adequate privacy protections.
Industry representatives at the talks have been pushing to limit consumer control over the facial recognition data collected, the groups said in a letter to be released Tuesday.
“We are convinced that in many contexts, facial recognition should only occur when an individual has affirmatively decided to allow it to occur,” wrote the groups, including the Center for Digital Democracy, the Electronic Frontier Foundation and Consumer Action. “Industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.”
The talks, hosted by the U.S. National Telecommunication and Information Administration, started in February 2014 and participants have invested about 40 hours of work in 11 meetings, said Alvaro Bedoya, executive director at the Center on Privacy and Technology at Georgetown Law, which is also withdrawing from the negotiations.
The nine groups withdrawing from the talks represent all the major privacy and consumer groups that were taking part.
The NTIA is disappointed that some participants have withdrawn from the talks, the agency said. “Up to this point, the process has made good progress as many stakeholders, including privacy advocates, have made substantial, constructive contributions to the group’s work,” an agency spokeswoman said by email.
Several other participants want to continue meeting to “tackle some of the thorniest privacy topics concerning facial recognition technology,” she added. “The process is the strongest when all interested parties participate and are willing to engage on all issues.”
At last Thursday’s meeting, privacy organizations left early after the group failed to make progress on consumer consent issues. The problem isn’t with the NTIA process, but “in the resistance of industry associations to embrace privacy choices that leading companies like Microsoft and Google made a long time ago,” Bedoya said by email.
In many cases, facial recognition vendors have been more careful with deploying the technology than negotiators at the NTIA meetings have advocated, Bedoya added.
“Due to state laws and just good business sense, most of the leading companies have refused to turn facial recognition on automatically,” he said. “Instead, they turn it on only if customers choose to turn it on. Industry associations have staked out a position that is less protective of privacy than the companies they represent—and far less protective of what consumers deserve.”
If the NTIA process goes forward without privacy and consumer groups, that will raise questions about the product, Bedoya added. “If all consumer groups who have been active withdraw, I don’t think it can be called a ‘multistakeholder’ process,” he said. “It can be called an ‘industry’ stakeholder process.”
Still, one industry participant said Monday he remained optimistic that the NTIA process would produce a strong set of facial recognition privacy standards. Despite disagreements about the consent issues, participants have made a lot of progress, said Carl Szabo, policy counsel with NetChoice, an e-commerce trade group.
“We’re getting to a point when we can start putting pen to paper,” he said.
The final standards need to incorporate compromise from both industry and privacy groups, Szabo added. All the new privacy standards being negotiated are “actually limiting on business, in some capacity,” he said.
Since mid-2012, the NTIA has convened for a series of negotiations related to technology and privacy, with the first meetings focused on mobile application privacy. The NTIA-led discussions produced a set of app privacy standards that some companies are now adopting, although two privacy groups declined to sign on to the final product.
In March, the NTIA announced it would next host negotiations on privacy standards for aerial drones.