China: Consultation closed on draft Information Security Technology Face Recognition Data Security Requirements

On 22 June 2021, China's National Information Security Standardisation Technical Committee (TC260) closed the consultation on the draft Information Security Technology Face Recognition Data Security Requirements, which proposes rules on the collection, processing, and storage of facial data from natural persons. The Requirements identify three scenarios involving facial recognition: face verification, face recognition, and face analysis, with the first two scenarios being subject to the Requirements. Aside from general data processing and security standards, the Requirements stipulate that means of identification not using facial recognition must be provided, that minors under the age of fourteen should not be identified using facial recognition, the data subject's informed consent must be obtained, and that the data may not be used for purposes other than identification. The Requirements also limit the retention of face recognition data and stipulate that face images should be deleted immediately after verification or identification.