Traffic violations; facial recognition technology can be used in commercial buildings to monitor entrances and exits in real time, etc. At the same time, facial recognition technology is being deeply integrated with industry applications, and has also achieved great strides in the field of financial payment and logistics. Take offline payment as an example. Alipay and WeChat have launched facial recognition payment functions, which have been implemented in many cities across the country. At the same time, Alipay has invested 3 billion yuan to encourage merchants to use facial recognition payment.

When we walked through the "face recognition" channel to quickly pass through customs, and when financial institutions were allowed to use face recognition to confirm identity, we saw that all Cainiao Network's domestic Cainiao Station smart cabinets with cameras have been opened one after another. When the facial recognition function was used to pick up packages and send goods, many people began to worry about the "face recognition" technology. People are worried about whether facial recognition technology will provide the government with unprecedented power to track people's daily lives and invade people's privacy; and facial recognition technology is not yet mature. Some people have used simple operations such as color photos of equal proportions to You can obtain other people's express delivery through the "swipe your face to get express delivery" function of Cainiao Station. If this technical loophole is exploited, you can steal other people's property.

Furthermore, facial feature information is highly sensitive information, and facial information is easy to read, so there is a high risk of facial information leakage. If any illegal person attempts to obtain this information through illegal means and use it, the consequences will be disastrous.

Face recognition technology is originally used to verify "whether you are really who you say you are." In the case of remote control transactions or identity confirmation, it can confirm that an action is personally performed by the person. It is the most effective technical measure to date to solve identity security issues such as electronic payment, online transactions, and online application for public security services. However, once the easily accessible "biological password" such as face information is lost or replaced at will, or if others can truly impersonate themselves through face technology, then using face recognition technology to verify the true identity becomes nonsense.

Facial features are unique throughout life and cannot be changed. People can frequently change their passwords, but it is difficult to ensure the security of their accounts by frequently "changing faces." Once personal information is leaked, it is not only a privacy problem, but also a security risk to your personal and property. Once someone else has the same facial features as yours, he or she can put on a high-definition 3D mask and cooperate with the system instructions to take corresponding actions, and then he or she can commit various frauds, which will be very harmful to society.

The legal limits of "face recognition"

The continuous advancement of technology is a social trend, and social trends are irreversible. Fear should not be a reason to limit technological development. Only technology can Making good use of it and providing effective guidance is the rational choice. Nowadays, facial recognition technology can be used for personnel access management and urban security, including police arrests of fugitives, community access control with face-swiping systems, VIP management of some businesses, "face-swiping sign-in" in university classes, identity verification of parties, delivery, etc. In the fields of law enforcement and judgment enforcement, it is used in business fields such as detecting potential customer characteristics (such as age, gender, etc.) to more accurately place advertisements. There are also a large number of "face" applications, such as face-changing entertainment software, ghost videos, and classrooms. Monitoring and security. In fact, the above applications all have the risk of infringement. The nature of personal information, including facial information, falls within the scope of citizens’ privacy rights. Illegal collection, use or transaction will bear legal liabilities including criminal, civil and administrative. So what provisions does our country’s law provide for facial data?

(1) According to the "Constitution of the People's Republic of China":

Article 38 The personal dignity of citizens of the People's Republic of China shall not be violated. It is prohibited to use any method to insult, slander or falsely accuse citizens.

Article 40 The freedom of communication and the confidentiality of communication of citizens of the People’s Republic of China shall be protected by law. Except for the need for national security or the investigation of criminal crimes, where the public security organs or procuratorial organs inspect communications in accordance with the procedures prescribed by law, no organization or individual may infringe on citizens' freedom of communication and communication confidentiality for any reason.

(2) According to the "Criminal Law of the People's Republic of China":

Article 246: Use violence or other methods to publicly insult others or fabricate facts to slander others , if the circumstances are serious, he shall be sentenced to fixed-term imprisonment of not more than three years, criminal detention, public surveillance, or deprivation of political rights.

The crimes in the preceding paragraph will only be dealt with upon complaint, except for those that seriously endanger social order and national interests. If the victim commits an act specified in paragraph 1 through an information network and reports it to the People's Court, but it is really difficult to provide evidence, the People's Court may request the public security organs to provide assistance.

Article 252 Whoever conceals, destroys or illegally opens other people's letters and infringes upon citizens' right to freedom of communication, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than one year or criminal detention.

Article 253 Postal workers who open or conceal or destroy mail or telegrams without permission shall be sentenced to fixed-term imprisonment of not more than two years or criminal detention. Anyone who commits the crime in the preceding paragraph and steals property shall be convicted and severely punished in accordance with the provisions of Article 264 of this Law.

Article 253-1 Whoever violates relevant state regulations by selling or providing citizens’ personal information to others, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, and shall also or solely be fined; If the circumstances are particularly serious, the offender shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years, and shall also be fined.

Anyone who violates relevant national regulations by selling or providing personal information of citizens obtained in the course of performing duties or providing services to others shall be severely punished in accordance with the provisions of the preceding paragraph.

Anyone who steals or illegally obtains citizens’ personal information through other methods shall be punished in accordance with the provisions of paragraph 1. If a unit commits the crimes in the preceding three paragraphs, it shall be fined, and its directly responsible supervisor and other directly responsible personnel shall be punished in accordance with the provisions of the respective paragraphs.

(3) According to the "General Principles of the People's Republic of China and Civil Law":

Article 100: Citizens enjoy the right to portrait, and may not use it for profit without their consent. Use portraits of citizens.

Article 101. Citizens and legal persons enjoy the right to reputation. The personal dignity of citizens is protected by law. It is prohibited to damage the reputation of citizens or legal persons by means of insult, slander, etc.

(4) According to the "Tort Liability Law of the People's Republic of China":

Article 2 The civil rights and interests mentioned in this law include the right to life, health and name. rights, reputation rights, honor rights, portrait rights, privacy rights, marital autonomy, custody rights, ownership rights, usufruct rights, security rights, copyrights, patent rights, trademark rights, discovery rights, equity rights, inheritance rights, etc. rights and interests.

(5) According to the "Interpretation on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Citizens' Personal Information":

The Supreme People's Court and the Supreme People's Procuratorate on June 1, 2017 The officially implemented "Interpretation on Several Issues Concerning the Application of Laws in Handling Criminal Cases of Infringement of Citizens' Personal Information" clarifies the specific standards and types of criminal acts that infringe on citizens' privacy, and places the security of citizens' personal information at the highest level of legal protection. The government has clearly defined the bottom line for violations of citizens’ data rights. However, the focus of the judicial interpretations of the two Supreme Courts is to combat "overt theft" and "covert robbery" that infringe on citizens' personal information. It has less impact on the "covert theft" and "covert robbery" that abuses format clauses to illegally "obtain" user authorization and infringes on citizens' privacy rights. Not big.

This is because the right to privacy is a civil right, and users also have the right to self-discipline. Once a website uses a "privacy clause" that has been authorized by the user as a defense, it will be difficult to identify it as a crime under criminal law.

(6) According to the "Cybersecurity Law":

It must be emphasized that personal information and big data are not the same in nature, and the applicable laws are also different. According to Article 76 of my country’s Cybersecurity Law, personal information refers to various information recorded electronically or by other means that can identify a specific natural person alone or in combination with other information or reflect the activities of a specific natural person.

The nature of personal information falls within the scope of citizens’ privacy rights, and any illegal collection, use or transaction will result in legal liability including criminal, civil and administrative liability.

Big data information is data information that cannot directly or indirectly identify the specific identity of a natural person, and belongs to the category of intellectual property rights in legal terms.

From a practical perspective, data rights in the Internet era place more emphasis on users’ “right to control” their own data than privacy rights. In addition to ethical rights such as users’ right to know, my country’s Cybersecurity Law also specifically clarifies users’ “right to self-determination” over their own data. Article 43 of the Law stipulates that if an individual discovers that a network operator has collected or used his or her personal information in violation of laws, administrative regulations or the agreement between the two parties, he or she has the right to request the network operator to delete his or her personal information; If their personal information is incorrect, they have the right to request the network operator to correct it. Network operators should take measures to delete or correct it.

"Cybersecurity Law" "Article 44: No individual or organization may steal or obtain personal information in other illegal ways, and may not illegally sell or illegally provide personal information to others."

(7) According to the provisions of the "Information Security Technology Personal Information Security Specifications":

The "Information Security Technology Personal Information Security Specifications" explains personal information as "personal information that can be recorded electronically or by other means. Various information that identifies the identity of a specific natural person or reflects the activities of a specific natural person alone or combined with other information. Note 1: Personal information includes name, date of birth, ID number, personal biometric information, address, and communication contacts." Special emphasis is placed on individuals. Biometric information is personal information.

Biometric information is not only personal information but also personal sensitive information. Personal sensitive information, once leaked, illegally provided or abused, may endanger personal and property safety, and can easily lead to damage to personal reputation, physical and mental health or Discriminatory treatment, etc.

According to the "Information Security Technology Personal Information Security Specifications", personal information refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person alone or in combination with other information. , such as name, date of birth, ID number, personal biometric information, address, communication contact information, communication records and content, account password, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information wait. To determine whether a certain piece of information is personal information, the following two paths should be considered: First, identification, that is, from information to individuals, identifying specific natural persons based on the particularity of the information itself. Personal information should help identify specific individuals. The second is association, that is, from individuals to information. For example, if a specific natural person is known, the information generated by the specific natural person in his activities (such as personal location information, personal call records, personal browsing records, etc.) is personal information. Information that meets one of the above two situations should be determined as personal information. The collection of personal information requires the consent of the personal information subject. Without consent, his or her personal information may not be transferred, shared, or processed. For details, please refer to the "Information Security Technology Personal Information Security Specifications".