YANG Jun , LIU Fang Fang
Biometrics tool such as “facial recognition” has been in wider commercial application in China since 2016. It becomes increasingly indispensable in areas such as e-payment, cyber-security, e-commerce and public security.
Though China has at least 3 national technology standards concerning “facial recognition”, there is currently no specific regulation regarding “facial recognition”/biometrics which may be however covered in some occasions by the “personal data” defined or referenced in a number of national laws (e.g. “Cyber Security Law”, “Law on protection of consumers’ rights and interests”, “E-commerce Law”).
In the case Guo Bin vs. Hangzhou Zoo, Mr. Guo subscribed a one-year package for unlimited visits offered by the local zoological park. The latter however unilaterally “upgraded” the requirement for access to the park and informed the former that the “facial recognition” would be required for access thereafter. Angered by this arbitrary decision, Mr. Guo filed a lawsuit against the Zoo on the statutory ground that the latter was in breach of article 29 of “Law on protection of consumers’ rights and interests” which provides that the collection and use of personal data shall be in line with the principle of legality, justification and necessity and subject to the consent of the data subject. It is note-worthy that unlike in the Beijing Metro case below in this case the consumer based his claim on the lack of his consent only without however challenging the “legality, justification and necessity” of the application of “facial recognition “itself.
The necessity of the “facial recognition” application proposed by Beijing Metro has been however vehemently questioned by a group of Chinese jurists who believed such application is disproportional and more than necessary and will eventually lead to discriminatory practice against certain group of passengers. Beijing Metro has reportedly postponed the implement of the “facial recognition” technology thanks to the critical remarks from the local community of jurists. Questions subsist despite this change and people appear concerned as to whether the introduction of a biometrics tool such as facial recognition to the public transportation system should be subject to a public hearing involving the representatives of passengers (current law in force only provides that pricing adjustment shall be subject to a public hearing).
Another high profile case involving biometrics concerns an application named as “ZAO” which was released by a Chinese technology company in August, 2019 and became shortly the top free entertainment app at “App Store”. This application enables in fact a user to replace the face of a celebrity by his/her own provided that the user uploads a picture of his/her face and mobile phone number (NB: Due to the “real name” requirement for accessing the telecom service in China, a mobile phone user has to register his/her real name with the telecom service provider.). The operator of this application may eventually have the name, mobile phone number and the facial data of a user of the said application. Meanwhile, in order to access this application, the user has to accept the “terms” including a clause which broadly provides that the user shall “irrevocably, permanently grant for free the right in favor of the operator of the application to sub-license, assign the image of the user.” Such terms obviously raised the concern of many users and prompted MIIT (Ministry of Industry and Information Technology), the Chinese watchdog of personal data protection, to step in. The operator of this application reportedly complied with the request of officers to cease the operation and rectify promptly. It is note-worthy that an individual may be sentenced to up to 3 year of imprisonment under Chinese criminal law if he or she refuses to observe his/her obligation for data protection and such omission results in severe consequences.
It would be however problematic to cite the above laws in other occasions due to the limited scope of application of the said laws. A recent report about application of facial recognition on campus of a Chinese university also triggered debates among local jurists. A set of facilities incorporating facial recognition technologies were installed within the classrooms to monitor the attendance of students and their behavioral performance. The University justified the installation of the said facilities by arguing that classroom is a “public place” and there is no “privacy” breached thereby. It appears that in this very case, one may not refer to the “personal data” due to limited scope of application of the laws we quoted above. Chinese legislature appears conscious of this legal deficiency and a “Personal Data Protection Law” is expected to be promulgated in coming year.
Disclaimers
Web Site Disclaimer
Jade & Fountain is a full-service law firm established in China, for the purpose of presenting the firm and promoting communications with the public, Jade & Fountain owns and operates the web site. The Jade & Fountain web site is intended for informational purposes only. Nothing in the site is to be considered as either creating an attorney-client relationship between the reader and Jade & Fountain or as rendering of legal advice for any specific matter. Readers are responsible for obtaining such advice from their own legal counsel.
No client or other reader should act or refrain from acting on the basis of any information contained in the Jade & Fountain web site without seeking appropriate legal or other professional advice on the particular facts and circumstances at issue. Jade & Fountain accepts no responsibility for loss which may arise from accessing or reliance on information contained on the Jade & Fountain web site. Jade & Fountain hereby expressly disclaims, to the fullest extent permitted by applicable law, any and all liability with respect to acts or omissions made by clients or other readers on the basis on such information.
The Jade & Fountain web site may contain links to external web sites and external web sites may link to the Jade & Fountain web site. Jade & Fountain is not responsible for the content or operation of any such external sites.
Copyright and Reproduction Notice
The content of the Jade & Fountain web site is protected under international copyright conventions. Reproduction of reasonable portions of the content of the web site is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Jade & Fountain, (iii)the portion of the web site being reproduced is not altered or made available in a manner that modifies the content of the web site or presents the portion of the web site being reproduced in a false light and (iv) notice is made to the disclaimers included on the web site. The permission to recopy does not allow for incorporation of any substantial portion of the web site in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.