Compare with different regulatory event:
On 14 October 2022, China's National Information Security Standardisation Technical Committee (TC260) adopted the Information Security Technology Face Recognition Data Security Requirements. The Requirements will be implemented on 1 May 2023 and include rules on the collection, processing, and storage of facial data from natural persons. The Requirements identify three scenarios involving facial recognition: face verification, face recognition, and face analysis, with the first two scenarios being subject to the Requirements. Aside from general data processing and security standards, the Requirements stipulate that means of identification not using facial recognition must be provided, that minors under the age of fourteen should not be identified using facial recognition, the data subject's informed consent must be obtained, and that the data may not be used for purposes other than identification. The Requirements also limit the retention of face recognition data and stipulate that face images should be deleted immediately after verification or identification.
Original source