Compare with different regulatory event:
On 1 May 2023, China's National Information Security Standardisation Technical Committee (TC260) implemented the Information Security Technology Face Recognition Data Security Requirements, which include rules on the collection, processing, and storage of facial data from natural persons. The Requirements identify three scenarios involving facial recognition: face verification, face recognition, and face analysis, with the first two scenarios being subject to the Requirements. Aside from general data processing and security standards, the Requirements stipulate that means of identification not using facial recognition must be provided, that minors under the age of fourteen should not be identified using facial recognition, the data subject's informed consent must be obtained, and that the data may not be used for purposes other than identification. The Requirements also limit the retention of face recognition data and stipulate that face images should be deleted immediately after verification or identification.
Original source