A man looks into a monitor that asks him to scan his face.
PHOTO: Andrew Grill

Marketers and customer experience (CX) professionals have a wide variety of choices when it comes to technology as they build campaigns and experiences. However, they are also faced with a great deal of scrutiny when it comes to privacy.

It’s no secret why Mark Zuckerberg found himself in front of US Congress last year, and just less than a year later the Facebook boss penned a new privacy vision for his social media site that emphasizes private communications vs. global, open sharing. And it’s no surprise when legislation like GDPR gets created and goes into effect to send stern, costly reminders to even the largest of tech giants that privacy matters.

The latest technology to come under such scrutiny is facial recognition software, which should concern and will affect marketers and CX professionals. Two US Senators have proposed legislation that would “strengthen consumer protections by prohibiting commercial users of facial recognition technology from collecting and re-sharing data for identifying or tracking consumers without their consent.” 

Providing Value in Exchange for Privacy

It’s another case of government meets technology, regulations vs. innovation, all in the name of consumer privacy rights. How can marketers and CX professionals prepare for the balancing act of providing customer experiences through facial recognition technology while protecting the privacy of customers and prospects and complying with current and forthcoming regulations?

It will take effort but here's a start: Be up front about the data you’re asking customers to share, provide opt-ins rather than opt-outs and create value in the experience that makes personal data sharing a worthy tradeoff, experts told CMSWire. “Marketers already know that customers are often willing to provide consent and additional personal information if the value proposition is there,” said Laura Boniello Miller, director of business development for KioWare Kiosk Software. Here are two best practices she offers.

  • Best practice 1: Obtain affirmative consent if data is being captured and stored
  • Best practice 2: Utilize non-identifying characteristics to serve relevant content without capturing information

Related Article: How Human-Computer Interaction Can Help Marketers

What You Need to Know About the Commercial Facial Recognition Privacy Act

The bill, called the Commercial Facial Recognition Privacy Act of 2019, running through the United States Congress was co-created by Senator Roy Blunt (R-Mo.) and Senator Brian Schatz (D-Hawaii). The bill was introduced on March 14 and still has to be passed by the US Senate and House of Representatives before it is signed by the President and passed into law. The official title of the bill, labeled S.847, includes this definition: “A bill to prohibit certain entities from using facial recognition technology to identify or track an end user without obtaining the affirmative consent of the end user, and for other purposes.”

Here are some things marketers and CX professionals in the market for facial recognition technology should know about the bill. Though text of the bill not yet available, the Senators noted in a press release the bill would: 

  • Require companies to notify consumers when facial recognition is being used. 
  • Require third-party testing and human review of technologies prior to their implementation to address accuracy and bias issues in the technology and avoid use cases that may result in harm to consumers.
  • Restrict redistributing or disseminating data to third-party entities without express consent from the end user.
  • Define data controllers and data processors in order to make requirements apparent for entities that either develop or vend facial recognition products or services, store facial recognition data, or implement these technologies on a physical premise.
  • Require facial recognition providers to meet data security, minimization and retention standards as determined by the Federal Trade Commission and the National Institute of Standards and Technology.

Related Article: What Is the California Consumer Privacy Act of 2018 and How Does It Affect Marketers?

Follow the Simple Process Used for Email Lists

It’s not all doom and gloom for marketers and CX professionals. Many marketing pundits have said, privacy legislation like GDPR and the potential forthcoming facial recognition privacy act can be a good thing, all but forcing brands to listen to their customers privacy concerns. And just like with the quest to provide seamless experiences, marketers and CX pros should provide seamless experiences in the privacy arena for facial recognition technology, according Peter Trepp, CEO for FaceFirst, a facial recognition platform. "Brands need to ensure that opting in and opting out of such systems is as easy as subscribing and unsubscribing to an email list,” Trepp said. 

Related Article: The GDPR Will Fundamentally Change Marketing

Make Your Opt-in Affirmative

Any technology that captures private data, including facial characteristics that would enable identification, should have an affirmative opt-in, rather than an "opt out" option, according to Boniello Miller. “This,” she said, “will make customers more comfortable with the technology, providing them with an opportunity to understand how, when and if this information can be captured and used.” 

Those using facial recognition tech in a non-identifying and non-captured or recorded manner should be clear of any privacy implications because they would not be identifying individuals, capturing their information or recording anything to a database. Using this tech to serve appropriate content without identifying users may provide a "safe" zone outside of the constraints of GDPR and future regulations. But, as Boniello Miller cautioned, watch for how this legislation is written because it could impact that opportunity. 

Provide Consent Options 

Capturing facial recognition data and recording it, storing it and referencing it in the future without consent should be strongly advised against due to existing regulations, customer trust and pending legislation, Boniello Miller said. “Instead, utilizing non-identifying characteristics and serving people based on those characteristics can provide ample opportunity for marketers. Additionally, obtaining consent is a best practice that will engage customers and create trust.”