Your Face is your Data

This article was first published in The Statesman on Friday, 15 February 2020. | Dr. K.K Paul

Your Face is your Data


Inspite of several advantages of the latest technology of facial recognition, having a direct application to access control and security surveillance, doubts continue to prevail in view of its very thin legal base. Regardless of the grey area, in which this technology operates, it appears that plans are at an advanced stage to introduce it in a big way for a countrywide network. In this context, extensive trials have already been undertaken in the national capital.

Essentially, there are two direct applications of this technology, one being for access control on the basis of facial recognition. Such an application has a limited range but has been found to be quite effective and useful. The stored data, in this case, pertains to those who have bonafide access to the secure premises and at the time of their entry, besides other forms of checks, facial recognition, which is just an additional check, is also done. The scope of this application is limited to installations and premises which are already secure and the number of personnel whose data is maintained for reference purposes is also relatively small. Immigration check posts have also found it useful.

The other application of security surveillance is more controversial. It is so because very large volumes of facial data, with the general public as its source, is collected and monitored on a continuous basis. It is natural that this data is collected and stored without any permission from the individual. It is then run against the reference data, where a match is attempted through Artificial Intelligence enabled software. In a lighter vein, the situation may be termed as comparable to a fishing expedition. At present, some areas in the US states of California and Massachusetts have banned the use of this technology, while pre-induction considerations are still in progress in the UK and EU. On the other hand, an area of worldwide concern arising from this technology has been its rampant use by China to cover the public protests in Hongkong, besides for tracking the Uighur Muslims of Xinjiang.

In our country, no specific statutory provisions for coverage of the facial recognition data exist so far, at best it can be treated as a form of biometric data which is covered under the IT Act. Advantages of biometric technology are well known and have been used very popularly as in Aadhaar, however, privacy concerns as also apprehensions on violation of fundamental rights remain. Particularly so as after the Puttaswamy judgement (2017), the right to privacy has also been treated as a fundamental right. Since all biometrics including facial data is of a sensitive nature, some basic rules are required to be followed, unfortunately, in respect of the usage of facial recognition technology, these safeguards are unavailable. Some of the drawbacks in the system are, absence of any written content from the subject for collection of the requisite data and its storage, as also a transfer of this data and its disclosure to other entities. It is, thus, obvious that the use of facial recognition technology, in its present form, is not in conformity with the right of privacy. With the people becoming aware that they are under constant watch and are being photographed, it may also be a blow to fundamental rights and particularly Article 19 of the Constitution.

Along with these concerns, one is aware of the situation that as of now the system is practically unregulated as the bill on personal data protection is yet to be passed. In fact around this Republic Day, and on a few earlier occasions also, the use of this technology in Delhi had been well publicised. A robust oversight mechanism needs to be put in place without any further delay, as trials have already commenced. Such an operating mechanism should inspire confidence in the public and meet the legal requirements of privacy and fundamental rights, besides safeguarding the data.

As far as the security and protection of the data are concerned, the government had constituted a committee of experts headed by Justice B.N. Srikrishna to produce the framework for a comprehensive law. This Commission was constituted in 2017 and submitted its report the next year, on the basis of which the Personal Data Protection Bill 2019, was drafted. The Parliament has now sent this Bill to the select committee. A certain degree of dilution has since taken place in the recommendations of Justice Krishna, as while drafting the Bill, the safeguards suggested for accessing the data by government departments, without the consent of the person concerned, are no longer there. The private data of the individual, which will necessarily include biometrics, thus, can be used by any department without the knowledge or consent of the subject. There is, however, still enough time and opportunity to correct the situation and strengthen the bill with adequate safeguards while it is still pending consideration and scrutiny at the committee level, who have also invited suggestions from the public.

One of the pitfalls of any modern technology and particularly in a case backed by Artificial Intelligence is that it may bring out results which are completely inconsistent with a given situation or a human element. As such where the future of human beings is at stake, we have to exercise a certain degree of restraint and caution, giving full respect to our constitutional norms.


(The author is a former Governor and a Sr. Advisor at the Pranab Mukherjee Foundation)