What Is Face Recognition Privacy?

Biometric data — including face embeddings — is uniquely sensitive because unlike passwords or credit cards, it cannot be changed if compromised. Illinois' Biometric Information Privacy Act (BIPA) is the most comprehensive U.S. state biometric law, requiring informed consent before collecting facial data and providing a private right of action. Texas and Washington have similar laws. Federal legislation on facial recognition is still developing. In the NCII context, face recognition privacy cuts both ways: ScanErase uses facial recognition to protect victims (searching for their content), while perpetrators may use face recognition to target victims. Privacy-by-design principles — processing data in memory, not retaining embeddings — are essential.

Key facts about this term

1. BIPA requires consent before facial data collection In Illinois, collecting biometric identifiers including facial geometry without informed written consent is illegal under BIPA and provides up to $5,000 per violation in damages.
2. Facial recognition for self-protection is a permitted use Using facial recognition technology to search for content of yourself — with your own reference photo — is a distinct and permissible use case from corporate or government surveillance applications.
3. ScanErase's privacy-by-design approach protects users ScanErase processes face embeddings in memory during scans and does not retain biometric data between sessions. This approach is designed to be consistent with the spirit of biometric privacy laws.