A woman trying to shield her face from surveillance cameras and facial recognition on a smartphone
Click here for a summary of this article.
Facial Recognition and Privacy: A Quick Guide

Facial recognition technology (FRT) is becoming increasingly common. It’s already used in airports across the United States and many academic institutions are also using it.

More importantly, facial recognition technology is also commonly used in smartphones. However, it poses several risks:

  • Data privacy laws are quite limited
  • There’s a risk that data is collected without your permission
  • Your data could be misused by law enforcement

There are a few steps that you can take to protect your privacy:

  • Opt out of facial scans whenever possible
  • Limit photos on social media
  • Use software like Fawkes

While facial recognition does offer a few benefits, it’s important to know how to protect your privacy.

Read on to learn more about the risks of facial recognition and the steps that you can take to protect your privacy.

You might be surprised to learn that facial recognition is over 50 years old, dating back to the mid-60s. But with the exponential capabilities of artificial intelligence-driven software, we’re seeing a boom in the use of such technology. The prevalent use of facial recognition technology also gives rise to serious privacy concerns.

Unfortunately, facial recognition technology (FRT) is fast outpacing the legislation designed to protect our privacy. As a result, many countries are now targeting facial recognition technology by making various changes to legislation.

Below, we’ll explore this technology in more detail, highlighting facial recognition privacy concerns to watch out for and how to protect yourself.

What is Facial Recognition?

Facial recognition is a process used by deep learning and artificial intelligence-driven software to recognize an individual based on their facial features. Facial recognition biometric data can be used to pick a face out of a crowd, before comparing it to a database of images to locate a match.

According to Statista, the market for such technology is expected to grow from around $5 billion in 2021 to $12.67 billion by 2028. But such explosive growth raises questions around data privacy, particularly given that your face is one piece of “data” that’s impossible to hide behind a password or a VPN.

In June 2023, European Union lawmakers took a negotiating stance, paving the way for the AI Act — a comprehensive regulation that would ban the use of AI-powered facial recognition technology in public spaces.

How does facial recognition work?

While there are numerous applications for this kind of tech, most facial recognition systems work in the same way. We’ve outlined the process below.

A comic explaining what facial recognition is in 4 steps

  1. Your face is captured on camera. This doesn’t necessarily have to be a CCTV camera in a public place; it could be a still image or a video. You could be walking alone or part of a crowd.
  2. Facial recognition software analyzes your facial features. Some measure the dimensions and measurements of your face. Others might use custom 3D mapping software, thermal imaging, and more. Using millions of data points, it creates “unique identifiers.”
  3. Your face is compared against a database of stored biometrics. FRT software is capable of using facial recognition biometrics to compare your image against thousands or millions of images stored in a database.
  4. If a match is found, you can be identified. If your face is stored in the database, users of FRT can determine your identity. This is how law enforcement agencies are able to identify suspects using facial recognition.

However, in everyday use, facial recognition technology serves a different purpose. Most people already use face recognition on their phones to unlock their devices.

Apple, for instance, widely uses Face ID in lieu of fingerprint technology. The images are heavily encrypted, so there’s generally not much of a risk that it can be misused.

How is Facial Recognition Used?

Facial recognition technology is used for both commercial and law enforcement purposes. We’re seeing an uptick in the number of organizations employing this tech, which is why many predict a major boom in the industry. Here are some examples of how the technology is currently employed.

Airports

In the United States, the Department of Homeland Security has historically used FRT to catch people who break immigration laws by overstaying visas, and those suspected of a crime.

But facial recognition technology is also used on a day-to-day basis. If you’ve ever used an automated passport gate, you’ve been scanned by this tech, which compares your face against a stored passport photo.

Smartphone manufacturers

Commercial tech companies are increasingly building facial recognition into their products. Apple has been using Face ID since the iPhone X, while Android manufacturers have used face biometrics as far back as around 2012.

This technology has begun creeping into our smart home products too, with Google’s Nest Hub Max being one of the first devices to use passive facial recognition.

Academic institutions

Some schools and colleges use facial recognition technology to check for attendance, and for security surveillance purposes. In 2020, The Guardian reported that around 10 colleges in the US were using facial recognition technology.

But students are growing increasingly uncomfortable with the technology, and protesters succeeded in having the University of California – Los Angeles (UCLA) drop its plans for a new FRT system.

Social media platforms

Social media websites and other platforms might use facial recognition to help you identify people in photos, or for other purposes. Facebook, for example, used to scan photos to help you tag people. This feature was discontinued in 2021, but it’s something that could return on other platforms.

Marketing organizations

In an eerie reminder of 80s and 90s fictional movies, facial recognition is increasingly being used for marketing purposes. Adverts can be adjusted depending on who’s standing in front of a billboard or other display. Walgreens, for example, now uses FRT across multiple locations, combining cameras, screens, and other technology to modify marketing materials for different customers.

Facial Recognition and Privacy: What to Know

So, what are the implications of facial recognition technology and its various applications? Should you be concerned about facial recognition and privacy? Absolutely. Here’s why.

1. Data privacy laws are limited when it comes to FRT

Justice lady with legal scale and sword and blob background iconThe majority of privacy policies and other official documents regarding privacy usually set out what is deemed to be PII (personally identifiable information). In most cases, this covers text-based data, like your name, age, gender, address, and so on.

It usually includes any physical ID too, such as your driving license and passport. Depending on state or country laws, the policy must tell you how your data will be gathered, used, and deleted.

But as facial recognition technology is still relatively new outside of law enforcement. It’s not at the forefront of our minds, nor is it accounted for in most data privacy statements. There is no comprehensive federal privacy law like the EU’s GDPR, and individual states like California, Colorado, and Virginia have recently begun enacting their own.

This is one reason why the European Union currently has a draft Artificial Intelligence Act, which is expected to restrict the use of facial recognition technology and data. We predict that the act will give facial recognition data similar data protection rights as seen in the GDPR (General Data Protection Regulation), Europe’s catch-all answer to data privacy.

The problem? That act, like many new data privacy laws around the world, is still at draft stage. As we’ll discuss below, companies are already using FRT to harness the facial data of billions of people without their permission.

2. You may not even realize your data is being collected

Pile of data folders with question mark iconOne recent and significant example of this was seen with a company known as Clearview AI. Clearview developed an “all-in-one, facial recognition platform designed to support federal, state, and local law enforcement” in the US. Of course, all of the data driving that platform would have to have come from somewhere.

As it transpired, that “somewhere” was pretty much everywhere. At the time that Clearview’s activities came into the spotlight, the company had gathered more than 20 billion facial images from publicly available sources. This included social media and other websites. Nobody was informed that their data was being used for this purpose.

Fortunately, they didn’t have complete impunity. In early 2022, the Information Commissioner’s Office (ICO) in the United Kingdom set Clearview in its sights. The ICO has enforcement powers that allow the regulatory body to issue penalties to organizations that breach UK data protection laws.

As a result, the regulator fined Clearview AI over £7.5 million for unlawfully processing UK residents’ data. It wasn’t the only country to levy fines against them, either.

But it also raises the question of why Clearview was collecting data from not only UK residents, but also Australian residents, French residents, and countless more around the world.

It was fortunate that GDPR and other data protection laws are extensive enough to address this behavior; several countries levied fines against the tech company. Unfortunately, this wide-ranging abuse of data privacy affected countries with no means of contesting it.

3. Once collected, your data could be misused by law enforcement

A folder, policeman's hat and a warning symbol next to one anotherOne of the biggest use cases for facial recognition technology is in law enforcement. In an ideal scenario, FRT could quickly identify suspects from one of more than 1 billion cameras and counting. This could potentially lead to safer streets and faster prosecution of people who commit crimes.

But that’s an ideal scenario. In many cases, the technology is still catching up. In 2018, it was found that a third of facial recognition mistakes were made when attempting to identify women of color. Comparatively, the error rate for white males was just 1%.

In 2019, a man named Nijeer Parks was arrested on shoplifting and assault charges. His arrest was made based on FRT, but the tech got it wrong. While the case was ultimately dropped, Parks spent more than a week in jail and around $5,000 on legal fees.

Essentially, until FRT is perfected, it could pose a significant risk to those who may be arrested unjustly. What’s more, this couldn’t be happening at a worse time, with the sociopolitical situation unfolding in the US in recent years.

4. Your data could also pose a significant risk to your security

A face with a target on itYour personal information is generally pretty secure if you look after it. When you follow cybersecurity best practices, you can almost entirely eliminate the risk of your data being accessed by a cybercriminal.

Using the best cybersecurity tools online also offers significant protection when browsing online, and while that’s good enough to protect your data online, it doesn’t really offer much in the way of protecting your facial data.

As we highlighted above, worldwide CCTV coverage recently ticked over 1 billion cameras. A 2018 study found that, on average, we are captured on camera around 70 times per day. Essentially, this means that your face is potentially being stored in hundreds of databases every week.

Companies like Clearview AI pose a significant risk, because they may capture your image and store it as an individual data file. In the event of a breach, cybercriminals could access your facial data. And while you can change your passwords, payment cards, or email addresses, you obviously cannot change your facial features easily!

Why is this a problem? In theory, a breach of your facial recognition biometrics could lead to:

4 risks of breached facial recognition biometrics, with illustrations

  • Impersonation crimes: A cybercriminal could create a fake profile with extensive data and images of you, using it to scam people
  • Stalking: With a reverse image search on your image, somebody could follow you online with ease
  • Identity theft: Facial recognition biometrics could make it easier for your identity to be stolen
  • DeepfakesDeepfake videos are becoming alarmingly realistic; somebody could create a video of you that never existed

5. Human rights could be infringed upon to a greater extent

A person in a cageFacial recognition tools have potentially catastrophic ramifications for people living in countries like China, where freedom of speech isn’t always a given right. Most people living in such nations avoid sharing opinions online that go against the government or other authorities.

But with increased surveillance, combined with FRT, citizens could be punished simply for discussing issues in the open.

This is one of the most invasive privacy concerns affecting facial recognition. Surveillance is a real worry among marginalized communities around the world, and technology is making it easier for law enforcement agencies and governments to spy on populations.

How Can You Protect Your Privacy from Facial Recognition?

Clearly, this technology isn’t simply going away. And if we want to continue using convenient features like Face ID, it’ll remain embedded in our lives. Hopefully, governments will continue to monitor and legislate FRT to lessen the privacy risks that it brings, but you’re right to be concerned about your privacy.

While avoiding the 1 billion and counting cameras around the world isn’t possible, there are some tactics you can employ sidestep this kind of technology. Below, we’ve outlined some ways to protect your privacy from facial recognition.

6 tips to protect yourself from facial recognition, with illustrations

1. Opt out of facial scans wherever possible

It’s a little-known fact that Americans can actually opt out of facial recognition scans at an airport. It’s a bit like those annoying marketing checkboxes at the bottom of a signup form. Unless you look carefully, the process isn’t advertised.

When you’re passing through an airport to catch your flight, be on the lookout for FRT technology and checkpoints; there could be multiple points at which your face is scanned.

You can actually request to opt out and have an airline employee check your documents manually. While this doesn’t apply to non-US citizens, residents do have the right to avoid being scanned.

2. Say no to commercial face recognition technologies

The vast majority of us have probably welcomed FRT into our lives already. Apple devices started using biometrics with fingerprints, and this quickly evolved into Face ID. Android has long had facial recognition algorithms for unlocking smartphones, too.

Remember, though: you don’t have to use Face ID simply because it exists. You can still switch this feature off on both iPhone and Android handsets, and default to using your PIN code or fingerprint. It could actually make your device more secure; a criminal could force you to unlock a device with your face, but getting your PIN isn’t as simple.

3. Be wary of IoT (smart home) devices you use at home

Have you embraced Google’s smart home products? Perhaps you have one of the latest devices, the Google Nest Hub Max, sitting in your room. You might not have even realized that this device has Face Match built in.

Face Match is, at heart, facial recognition technology. You can unlock your smart home device with your face, but there’s more to it than that. Google’s Nest Hub Max is always watching you with its front-facing camera. Face Match scans the environment for familiar faces, displaying content that’s relevant to that person when they pass by.

That’s right, this is the first device with always-on facial recognition technology to make its way into our homes. If you want to avoid FRT, you should probably turn that feature off or avoid buying the device altogether.

4. Limit what you post on social media or other platforms

The number of social media and other community platforms is expanding quickly. We’ve all gotten used to creating a profile and adding our face to it.

But with every new platform you sign up for, you’re creating another potential avenue of risk for software that uses facial recognition technology; just look at what happened with Clearview AI.

You don’t even need to have expensive FRT or worry about making a significant investment. Google’s reverse image search feature allows you to search by image; you can trace the resulting matches back to their online source. In other words, somebody can use your pictures to find all of your profiles and online accounts.

5. Fight software with software

Since facial recognition technology shows no signs of slowing down, some organizations are choosing to fight software with software. One such project, known as ‘Fawkes,’ was launched by the University of Chicago.

According to its website, Fawkes ‘poisons’ algorithms that attempt to analyze and memorize your image. Using image cloaking, Fawkes makes minute changes to your photos that are invisible to the naked eye but throw facial recognition technology off your trail.

Each time you upload a photo, you can process it with Fawkes to protect yourself against data gathering organizations like Clearview. Of course, this wouldn’t work at all if the photos are being captured by third parties.

6. Continue using your face masks in areas of surveillance

Prior to the COVID-19 pandemic, it was unusual to see a face mask in public outside of Asian countries. But the pandemic largely normalized mask-wearing behavior, and many people continue to use them in public spaces.

Given the situation, law enforcement tends to be less likely to be suspicious of somebody wearing a mask than they might have been before. So, when you’re in an area that uses facial recognition technology, consider wearing a mask.

In the airport situation we outlined above, this’ll ensure that you dodge any FRT devices that you may not have spotted. This way, you’ll have chance to speak to an employee and opt out before your face can be captured.

Facial Recognition and Privacy: Roundup

Much like other AI-driven software, facial recognition technology is being heavily invested into and explored by tech companies. Coupled with a lack of up-to-date legislation, that’s leading to some unfortunate data privacy breaches.

It’s also resulting in some ambitious, yet questionable strategies by government and law enforcement agencies, like the time the IRS nearly used FRT to track taxpayers. Or, the time that Amazon gave Ring doorbell footage to the police without permission (11 times).

With legislation lagging behind technology, it presents some unique privacy risks that we should all be wary of. The entertainment industry has already started to shed some light on this with near-future sci-fi shows like The Capture, but these nightmare scenarios are more real than we might want to admit. Potential risks include:

  • Lack of protection for your “facial data”
  • Being unaware that your image has been gathered and stored
  • Misuse of data by law enforcement
  • Greater risk from cybercriminals who may steal your identity
  • Infringement of human rights, such as freedom of speech, in some countries

There are ways to reduce the impact of these risks, such as opting of facial scans at airports, being selective over the tech we use, and limiting what we post online. In the long-term, though, we hope that the new wave of data privacy legislation sweeping the U.S. state by state will help to better-protect this new type of identifiable information.

Facial Recognition and Privacy: Frequently Asked Questions

Facial recognition technology is a new topic for many readers, so we’ve listed some of our most frequently asked questions below.

What are the privacy risks of facial recognition?

There are numerous potential risks related to data privacy, some more likely than others. For example, your facial biometrics could be gathered and stored without your knowledge – this has already happened with Clearview AI on a massive scale. What’s more, facial recognition could lead to:

  • Compromised data due to lack of proper, secure storage for your “facial data”
  • Misuse of data by law enforcement, leading to wrong arrests
  • Data theft by cybercriminals, who might find it easier to steal your identity
  • Reduced freedom of speech, or infringement of other human rights
Is facial recognition a violation of our privacy?

This is a gray area. You could argue that being filmed, and having that image analyzed, without your knowledge is an invasion of your privacy. Yet this happens to most of us every day, and we simply accept it as part of life.

There are more than 1 billion surveillance cameras in the world, and most cities are covered in swathes of government or law enforcement cameras. What we need is comprehensive data privacy laws that include facial biometrics and issue penalties to companies that abuse them.

What are three privacy concerns that could result from facial recognition?

Given that facial recognition technology is relatively new, and laws haven’t necessarily caught up to manage it, there are several more likely risks we might face at the moment.

One is having our data gathered without our knowledge, which recently happened on a large scale with Clearview AI. A second is that data leading to wrongful arrests, which has already been reported on in the media. And of course, it could pose a risk of falling victim to identity theft.

Leave a comment