3 Concerns of Facial Recognition and Privacy

In the last few weeks, three very interesting articles were published specifically around the use of facial recognition technology. In fact, all three articles address what seems to the central concern around AI-based facial recognition:

  • How should these databases be created?
  • Who should be able to access the technology?
  • How can regulators limit the possible abuse of organizations using the technology?

These new articles are critically important as biometric privacy policies (e.g. facial recognition) is not standardized across the US. For example, the Washing Privacy Act (WPA) has very strict standards around facial recognition while CCPA is a little more relaxed. 

Here are 3 recent articles highlighting different views on facial recognition:

Illinois Class-Action Lawsuit Over Facial Recognition Privacy:

New York has long been a state the empowers the use of technology and the freedom to build exciting companies. Recently one of those companies, Clearview AI is receiving some negative press specifically in the state of Illinois. The Clearview AI technology allows law enforcement agencies to act on real-time facial recognition technology. While this technology has been adopted by other law enforcement agencies across the globe citizens in Illinois feel it is violating their civil rights.

In a recent ZDNET article found here states that Clearview AI was scraping social media outlets and illegally capturing people’s photos. The citizens in the lawsuit are suggesting the process of scaping the photos violates biometric privacy.

It is really interesting about this process is how Illinois is using a class-action method to sue Clearview AI. And how a company not based in NY is still required to meet the privacy standards of another state. This trend will certainly continue until we have a national standard for privacy. Until we will have problems similar to the EU and London noted below.

London Police Using Facial Recognition:

In London police announce they are looking to use enhanced facial recognition technology to improve public safety by identifying criminals in real-time. In fact, the London police department is planning on rolling out the same company Clearview AI mentioned above in the new class-action suit.

A recent article from The New York Times found here highlights several countries and various security forces all finding success with the new technology including Clearview AI and NEC. However, opponents are quick to highlight the inaccuracy of the new technology the basis including gender and race. 

The most interesting part of this article is the police do seem to be as transparent as possible about using this technology. And from the tone of the article, it seems like they will be moving forward with it. However, the rest of the EU may not be in agreement.

EU Considers 5 year Ban on Facial Recognition:

The EU recently released a statement on possibly placing a 5-year ban on facial recognition technologies while the governing body determines how to effectively reduce police officially possibly abusing the technology. A recent article from the BBC can be found here

Regulators’ primary concern is police using surveillance videos to automatically scan the public via automated facial recognition technology. Some are concerned the technology is intrusive and inaccurate.

The best part of this story is the regulators are spending the time to learn the best way to use technology which ensuring public safety via the police department.

In summary, legal bodies need to be in alignment with new technology companies and law enforcement organizations. The real challenge is to know when to use technology to protect the public while ensuring the public is being protected while not abusing the technology. Only time will tell how the marriage of law, justice, and technology will all be aligned. 

Learn More at www.rivn.com

Consumer Online Privacy Rights Act (COPRA)

Consumers across the globe have heard new acronyms regarding privacy. From the General Data Protection Regulation (GDPR) to California Consumer Protection Act (CCPA). All of these regulations have a simple goal; create trust between brands and consumers. However, most of the regulations have been developed in silo’s at the state or regional level only. 

The latest US legislation is known as the Consumer Online Privacy Rights Act (COPRA). COPRA is designed to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement,” laudable goals and ones on which privacy advocates, consumers and industry are increasingly finding common ground as states around the countries craft disparate rules on privacy protection.

The quote above comes from a recent IAPP article entitled “US Senators Unveil New Federal Privacy Legislation” which can be found here. The article also highlights the penalty level included in COPRA which is between $100-1,000 per infraction per day.

One novelty or twist that COPRA brings to the table is the bill tackles algorithmic decision-making, requiring those engaged in the practice to facilitate advertising or eligibility determinations for housing, education, employment or credit to conduct an impact assessment annually for accuracy, fairness, bias and discrimination. Challenges related to “deep fakes” are also addressed.

Below is an excerpt from the article that highlights the six pillars of COPRA:

Consent: The bill requires individual consent for data processing, including express affirmative consent for processing sensitive data, which is very broadly defined but excludes “publicly-available information.” Much like the California Consumer Privacy Act, COPRA provides individuals the right to opt out of the transfer of their covered data for “valuable consideration” and would grant the FTC rulemaking in that area.

  1. Access: The act requires covered entities to provide individuals with their own covered data upon request, in a portable format, as well as the name of any third party to which it has been transferred for valuable consideration.
  2. Correction and deletion: Individuals are granted the right to correct and delete their own covered data.
  3. Transparency: Covered entities must publish a privacy policy that includes information commonly seen in such policies today. This includes contact information for the entity, the categories of data processed, and the categories of third parties and service providers to which information is transferred. Somewhat more novel requirements include retention timelines, and perhaps more contentious, the identity of each third party to which covered data is transferred. The policy must be made available in all languages in which the covered entity does business.
  4. Data minimization: Covered entities may only process covered data for specific purposes, subject to necessity and proportionality standards.
  5. Data security: Covered entities must provide reasonable security, assess vulnerabilities, implement corrective action when risks are identified and dispose of data that is no longer needed.

As noted in the third bullet point above consumer deletion request will continue to be a key part in almost all new privacy regulations. For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. 

Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below:

The Power of Privacy

If you search the term “privacy” in Google you would see about 19 billions results in half a of second. The reality is people across the globe are interested in learning more about privacy and how they can protect themselves. More importantly the power of consumer privacy is on the rise. Recent news stories have highlighted the power of privacy in regards to big technology companies and political campaigns. 

Pew Research recently reported that “roughly six-in-ten U.S. adults say they do not think it is possible to go through daily life without having data collected about them by companies or the government.”

The team at Forbes recently published a great article found here. The article gives great background into how the rise of privacy has become a mainstream topic along with certain business vertices and technologies that are the most impacted.

Credit:https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-protection-day

Below is an excerpt from the article:

Andrew Hawn, my former colleague and now founder of MetaForesight, is a technology, media and content expert. Andrew has been collaborating with my analytic startup, Metametrix, and we recently spoke about privacy and its far-reaching implications.

“We’re seeing a social shift in the long term effects of privacy…. As billions more in venture investing targets our personal data for resale in a multitude of ways, people are starting to more deeply question their growing lack of data privacy and control.”

Andrew went on to say:

“The truth is that there is only so much regular citizens can do without laws and policies that empower citizens to retake some personal data power. The EU’s GDPR was a blunt first instrument, and now California’s CCPA is trying to take a slightly smarter approach starting in 2020.”

“Just trying to turn things off by playing whack-a-mole won’t work; we need new innovations focused on protections that are more conversation driven and transparent.”

What these comments do give insight to is new technologies such as RIVN need to be in place so companies have the ability to respect user privacy preferences. All companies will need to adopt scalable technologies that lead to compliance.  

For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be consent management and the “Right to Erasure/Deletion” itself. Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below:

 

Data Subject Access Request (DSAR) Process Enigma

As we head towards the end of the year and closer to the establishment of the California Consumer Production Act (CCPA) companies are setting up strategies to handle Data Subject Access Request (DSAR). Since DSAR compliance was attached to the General Data Protection Regulation (GDPR) in 2018 companies are aware of the process, however, most companies are finding it is very expensive and a bit of an enigma. 

According to a recent Avepoint article (here), the cost for a DSAR request could range from $200 – $200k per request! The cost for a DSAR is heavily weighted towards ensuring a flexible process is a place including people and technology. 

Here is an example of a DSAR process from GDPR summit in Dublin last year:

Credit:https://www.slideshare.net/DamaIreland/the-data-value-map-for-gdpr-may-2018-gdpr-summit-dublin-100908410

As you can tell, the process is complicated. In fact, a quick Google search for “data subject access request process” will result in over 600M search results. Therefore organizations need to have a plan for the process and understand that technology + people = a successful process.

One helpful article from the Privacy Hub found here speaks to the DSAR requirements for companies under the GDPR.

“For individuals, gaining access to their data can often be the first step; it allows them to see what data is held on them – and how it’s used. The next step might be to exercise other important rights which the GDPR gives individuals:

  • The right to be informed
  • The right to rectification (data correction)
  • The right to erasure
  • The right to object to processing and to request that it is restricted
  • The right not to be evaluated solely based on automated decision making and the right in relation to profiling.”

What we at RIVN have found is every company will need a define a process that best suits their own business and an off the shelf solution is not sufficient. And that is important to select the best of breed technology solution for the DSAR process. 

The deletion function required for the DSAR request is where RIVN is here to help companies.  For digital marketers, finance, IT professionals and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” or the DSAR function itself.  Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about regulations mentioned above please see the following links below: