[Answered]‘Increased use of facial recognition technology is dangerous in the absence of privacy and data security laws’. Comment.

Facial recognition system software has become increasingly popular in the past several years. It is used everywhere from unlocking phones, airports, shopping centres and even by law enforcement. While there are a few potential benefits to using the technology to prevent and solve crimes, there are many concerns about privacy, safety regarding the use of the technology in the absence of legislation privacy and data security laws.

Issues associated with facial recognition technology:

1. Infringement of Privacy: The privacy of users’ data is at stake with the technology. In absence of regulations it would expose data to cyber criminals. Companies are not regulated, thus they may sell facial data which can be misused for political purposes.
2. State surveillance: The most significant risk with the use of the technology is state surveillance. China’s reported use of facial recognition technologies for surveillance in Xinjiang is such an example. This raises concerns as it might be misused for political purposes.
3. Inaccuracy: Facial recognition technology is inaccurate. Evidence shows that the technology is not flawless. For example, the technology has been proven in multiple studies to be inaccurate at identifying people of colour, especially black women.
4. Predatory marketing: Software which analyses facial expressions could potentially be put to use by some companies to prey on vulnerable customers. This could be done by segmenting extreme emotions such as distress and tailoring their products and services to these individuals.
5. Stalking: Tools like reverse image searches can provide stalkers with more data about their victims. This is unsafe especially for women, who can be tracked and stalked and maybe assaulted by misusing information obtained.
6. Identity fraud: Criminals who have collected enough personal information on an individual could commit identity fraud. This could have a significant effect on your personal life, including on finances. For example, fake id can be created by exploiting information obtained from persons’ associated facial information. Crime like photo morphing can threaten the identity of an individual.
7. Dark activities: There is possibility of misusing facial information for illicit activities and markets like drug selling, weapons etc. By using stolen ids, Aadhar information, it also increases risk for being used in various terrorist activities across the border.

Need for Data Protection law in India:

1. Data management: For efficient management of data in the age of digitisation, a data protection law is needed. One of the major challenges to big data is information privacy which necessitates robust data protection.
2. Check frauds: To check unauthorised leaks, hacking, cyber crimes, and frauds. Economic cost of data loss/theft is high. Recent rise of crimes like WhatsApp Pegasus scam demands a data protection law in place.
3. No comprehensive framework: Until now, the only legal framework for the information technology in India is the Information Technology Act, 2000. However, it doesn’t provide guidelines or norms for data collection, storage, and processing.
4. Right to privacy: The need for legislation also got attention particularly after the landmark judgement of Supreme Court (SC) in Justice K.S Puttaswamy vs Union of India case, that maintained the right to privacy as an inherent part of the fundamental right under Article 21 of the constitution.
5. Protecting personal data: With a billion population, India has the second highest internet user base in the world. India has 450 million internet users and expected to increase up to 730 million by 2020. Therefore, a strong data protection law is needed to protect their personal data.
6. Consent: Without consent of the owner no data should be used for any purpose. It is important that data protection law must include the consent of an individual before its use for various purposes.

With right to privacy being a fundamental right and recent rise in risks to privacy of the individuals, use of such technology can be unsafe and dangerous. The state must work to prevent misuse of data and encourage data security through legislation. A framework regulating the use and that too with individuals’ consent is necessary. It is important to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state.