Quicktake: SPC Facial Recognition Interpretation

ALL TRANSLATIONS ON THIS SITE ARE UNOFFICIAL AND ARE PROVIDED FOR REFERENCE PURPOSES ONLY. THESE TRANSLATIONS ARE CREATED AND CONTINUOUSLY UPDATED BY USERS –THEY ARE FREE TO VIEW, BUT PROPER ATTRIBUTION IS REQUIRED FOR DISTRIBUTION OF THESE OR DERIVATIVE TRANSLATIONS. PAGES WITHOUT IMAGES ARE WORKS IN PROGRESS.

English中文(简体)

In late July, China’s highest court, the Supreme People’s Court (SPC), released guidelines for hearing disputes arising from the use of facial recognition technology. The SPC regularly issues interpretations or guidance to unify the courts’ handling of cases, particularly in rapidly emerging or shifting areas of law like this. The passage of China’s Civil Code including protections of privacy and personality rights, and the draft Personal Information Protection Law and national standards on the use of facial recognition have already put data privacy in the spotlight in China, and a small number of cases testing the extent of legal protections from the misuse of facial recognition have created the need for the interpretation.

Embracing emerging norms

The new interpretation generally follows requirements for consent and notice that have emerged in earlier authority on the collection and use of personal information. These hold that impacted individuals be informed of what data is being collected and of the rules and specific purposes for the data collection, processing, or storage, and requires that their consent be obtained in most situations. Those rules are reflected in the types of cases identified as successful claims for violations of personality rights by the court:

  1. Where facial recognition is used in public venues in violation of laws or regulations
  2. Where the rules, purpose, and scope of data handling were not disclosed.
  3. Where consent was required but not obtained, or where written consent wasn’t obtained as required.
  4. Where the stated purposes, methods, scope etc of data collection were exceeded
  5. Where inadequate data protections led to leaks, alteration or loss of data.
  6. Where laws, regulations, or agreements were violated in sharing the data.
  7. Where the collection or use was contrary to public order and good custom’
  8. Other violations of the principles of legality, propriety, and necessity.

Similarly, the court follows established rules that consent is not valid when made a requirement for the provision of goods and services unless they are a necessary part of those goods and services, or when the consent to be bundled with other authorizations. It also follows rules for exceptions to the consent requirements, such as for public health and safety, or for reasonable use for purposes such as news reporting, but puts the burden on the data collecting party to prove the exception applied.

The court also allows that individuals can successfully sue to force apartment complexes and other premises managers to provide alternatives to facial recognition identification for those who prefer to avoid it. This addresses the situation of some of the cases that have already been heard, but is also in line with existing rules requiring alternatives to the collection of biometric data, such as in the recent draft facial recognition standards. In addition to compelling the creation of an alternative identification method, plaintiffs can recover damages for violations of their privacy and personality rights.

What’s New?

The main contribution of the Interpretation is not in formulating new rules for the use of facial recognition, but setting the table for individual lawsuits by individuals to enforce the rules that have already been emerging. As compared to administrative regulation by government agencies against those who violate rules on using facial recognition, this allows a sort of citizen enforcement mechanism while allowing citizens to also recover damages for their losses.

A number of provisions stand out:

  1. Injunctions: The court may order an injunction of the use of facial recognition where natural persons can show an ongoing harm or even one that is imminent but hasn’t begun yet.
  2. Recovery of lawyers’ fees and other cases expenses: Included in the losses that successful plaintiffs can recover are reasonable expenses incurred in investigating and pursuing the case.
  3. Deletion as a contract remedy: Individuals that show that the terms of a contract were violated by the use of facial recognition can demand that the collected information be deleted, even if the contract did not provide that as a remedy for breech.

 

Limits on Impact

The interpretation, like the other emerging authority on personal privacy, is a big deal. It responds to citizens’ growing concerns about the collection of facial recognition data and provides remedies. It’s important to remember however that it addresses civil lawsuits between individuals or individuals and private businesses and has limited impact in areas such as state and police surveillance.

The most recent draft of the Personal Information Protection Law does expressly provide that the law applies to state actors, but its impact will still be minimal in regards to policing. Advance consent requirements contain a public health and safety exception broad enough to cover most police conduct. Even notice requirements can be waived by state organs where giving notice would frustrate the purpose of collecting or handling data.

It’s unclear whether expectations of privacy in the private sector will lead to demands for greater protections from state surveillance. As elsewhere, it is still common to hear the sentiment in China that ‘if you aren’t doing anything wrong, you’ve got nothing to hide.’ And of course, there may be little you can do about it anyway.

About China Law Translate 1138 Articles
CLT 是一个能够让说英语的人群进一步了解中国法律,众包、众筹的法律翻译项目。

3 Trackbacks / Pingbacks

  1. China’s New Data Privacy Law Doesn’t Protect People Against the Biggest Threat: The Government – iftttwall
  2. China's New Data Privacy Law Doesn't Protect People Against the Biggest Threat: The Government | Libertarian Hub
  3. China’s New Data Privacy Law Doesn’t Protect People Against the Biggest Threat: The Government – Reason.com

Leave a Reply

Your email address will not be published.


*