Compare with different regulatory event:

Description

Implemented Information Security Technology Face Recognition Data Security Requirements

On 1 May 2023, China's National Information Security Standardisation Technical Committee (TC260) implemented the Information Security Technology Face Recognition Data Security Requirements, which include rules on the collection, processing, and storage of facial data from natural persons. The Requirements identify three scenarios involving facial recognition: face verification, face recognition, and face analysis, with the first two scenarios being subject to the Requirements. Aside from general data processing and security standards, the Requirements stipulate that means of identification not using facial recognition must be provided, that minors under the age of fourteen should not be identified using facial recognition, the data subject's informed consent must be obtained, and that the data may not be used for purposes other than identification. The Requirements also limit the retention of face recognition data and stipulate that face images should be deleted immediately after verification or identification.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2021-04-23
in consultation

On 23 April 2021, China's National Information Security Standardisation Technical Committee (TC260)…

2021-06-22
processing consultation

On 22 June 2021, China's National Information Security Standardisation Technical Committee (TC260) …

2022-10-14
adopted

On 14 October 2022, China's National Information Security Standardisation Technical Committee (TC26…

2023-05-01
in force

On 1 May 2023, China's National Information Security Standardisation Technical Committee (TC260) im…