China: Opened consultation on Practice Guidelines for Network Security Standards - Security Requirements for Personal Information Protection in Facial Recognition Payment Scenarios

On 23 May 2023, the National Information Security Standardization Technical Committee (TC260) published the draft Practice Guidelines for Network Security Standards - Security Requirements for Personal Information Protection in Facial Recognition Payment Scenarios and opened a public consultation until 6 June 2023. The Practice Guidelines were developed in accordance with policies and regulations, aiming to establish personal information protection requirements for both face recognition payment service providers and the management of relevant venues. The Guidelines focus on face recognition payment scenarios in diverse indoor and outdoor environments, excluding those made via personal mobile phones or smart mobile devices. The Guidelines outline general requirements and specific obligations for service providers, including rules for data collection, deletion of facial recognition-related data, compliance with GB/T 40660, and adherence to the General Requirements for Biometric Data Protection. Furthermore, the Guidelines note that facial recognition payment services must collect facial data for payment transaction purposes.