Source | Procuratorial Daily
Author | Lao Dongyan, Tsinghua University Law School Professor
Peking University Legal Information Network Signed Author
Governance modernization cannot be understood as digital management
At present, in Beijing and other places, facial recognition technology is advancing rapidly and universal. There are several reasons for this rapid expansion: First, China's face recognition technology is leading, and legal barriers are relatively small. The second is that companies are eager to cash out, and after technological development, companies are under pressure to go public, so they strive to make commercial promotion in various scenarios, including education, public security, etc. The third is the need for social governance. When Huang Renyu studied the history of the Ming Dynasty, he put forward a proposition that a unified country like the Ming Dynasty still has defects from the perspective of digital management. Even if there are government orders at the central level, it is difficult to truly implement it due to limited management methods.
The complexity of society undoubtedly requires the digitalization of management methods, but can the digitalization of management methods really solve the governance problems of complex social systems? In my opinion, the digitalization of management methods alone may not be able to solve the problem fundamentally. This approach has its limitations. If it is aimed at a certain object, the accuracy of the improvement method itself can indeed improve the efficiency of governance. However, the complexity of the contemporary social system's own operation leads to uncertainty. The control thinking is used to govern the uncertain society. This kind of thinking is difficult to adapt to the governance needs of contemporary society. The central level puts special emphasis on the modernization of the governance system and governance capabilities. “Modernization” here should never be understood as the realization of digital management by means.
Potential risks for the promotion and application of face recognition technology
The essence of face recognition technology is to collect, accumulate, and analyze biological data to outline personal portraits. At present, the use of face recognition technology has three purposes, one is identity authentication (this kind of use is less controversial), the second is identification and tracking, and the third is to influence the subject's behavior choice. Therefore, the face recognition technology involves not only privacy issues, but also the basic trend of society. The ability to develop technology now far exceeds the ability to control it. Why is
face recognition technology more sensitive than biological and fingerprint technology? This is because it is unconscious, non-contact, and invasive in use. The promotion of facial recognition technology will definitely bring some benefits. For example, if the technology is leading, the industry will make a profit. This will undoubtedly promote the development of the industry. Compared with the mobile phone, the face is definitely more convenient, but I think it brings risks. Nor can it be ignored. The potential risks of the promotion and use of
face recognition technology are the risks of making citizens "transparent people". Face recognition not only collects data, but also quickly locks your identity through your face data. The second is the risk caused by data leakage. For example, AI face-swapping technology, people whose faces are changed on illegal and criminal videos are likely to be criminally prosecuted, but real criminals can make profits and avoid criminal prosecution. The third is the risk of data abuse. In addition to criminals, the subjects of data abuse also include public power. The fourth is the danger of individuals being manipulated. The fifth is the risk of discriminatory use. Sixth is the risk of ineffective relief. It is extremely difficult in practice to find the person who leaked the data. In this case, a civil lawsuit is equivalent to painting a cake. Although some people now say that public law protection should be the mainstay, it is still difficult for individuals to be protected unless a large amount of data is leaked. However, once the face data is leaked, it is difficult to remedy it, so the application of face recognition should receive more attention than other technologies.
In the information age, the three-party relationship urgently needs to be balanced.
Face recognition technology disputes are not simply a dispute between privacy and public safety. After the promotion, the personal safety and property safety of the public may be threatened, and each of us is public component. For example, facial recognition payment methods are easily used by criminals, which infringes on personal safety and property safety. In order to solve the problem of illegal crimes, everyone is brought over to accompany them. Such a governance method is very dangerous in the long run, and it cannot fundamentally solve the problem of social security. If the maintenance of public order requires various organizations to collect a large amount of data, and there is not enough motivation for storage, this will inevitably lead to more data being leaked, which will lead to more crimes. In recent years, telecommunications fraud has been particularly rampant, which is related to the massive leakage of personal information.
There is a tripartite relationship in the social structure in the information age: the individual is the data subject; the enterprise is the data controllerAnd the processor; the government assumes a dual role, as the data controller and processor, collecting and using analysis data, and as a mediator between individuals and businesses. In the tripartite relationship in the information age, individuals are absolutely disadvantaged. At present, with the exception of a very small number of Internet giants that greatly expand their voice and influence with the help of Internet technology, the vast majority of ordinary people as individuals are still absolutely disadvantaged. square. At present, the data field basically implements the rules of the jungle, and the strong ones are enterprises. The strong position that technology enterprises obtain through Internet information technology is unimaginable for ordinary enterprises. Traditional enterprises cannot obtain such influence and status. In addition, it is the government. On the one hand, the government collects and uses data and is also in the position of data controller and processor. On the other hand, it is the mediator. The key is that the government, as a mediator, tends to emphasize the development of the industry. The government is more powerful and individuals are more vulnerable. From a natural and factual perspective, individuals are inherently the most vulnerable in the tripartite relationship structure. In addition, the thin legal protections have been emptied, which will only put them in a more vulnerable position.
Establish a reasonable legal protection framework
Legally, the protection of personal information is not based on privacy as a criterion, but based on identifiability. Therefore, we will find that whether personal information is protected by law has little to do with personal privacy. As long as the individual is identified, even the track information in public places is protected.
Regarding the protection of personal information, there is a view that the protection of information involves a dispute between personal privacy and public safety, and personal privacy can be sacrificed for public safety considerations. It should be said that this view is problematic. Among the current personal information protection framework of
, what is more encouraging is the "Personal Information Security Regulations" which was released on March 6 this year and came into effect on October 1. In addition to the notification of the information subject, the purpose, method, scope, and storage time shall also be notified, and independent and express consent of the information subject shall be obtained. Of course, this is not a legal requirement, but an industry standard.
In my opinion, a reasonable legal protection framework should consider the following factors. First, we should strengthen compliance with the collection and use of data, and regulate the collection and use of data by enterprises or government departments. This does not mean that relevant departments should strengthen direct supervision, but should be indirectly regulated, including the use of commercial means, such as strengthening the commercialization of security technology, and the government will purchase security technology services. Second, clarify the main responsible party for personal data and information protection. The reason why the party that collects and uses the data should be the main body of responsibility, because the risk is created by its collection and use behavior, and the corresponding benefits are mainly enjoyed by it. Based on this, data controllers and processors should bear more risks. Third, the focus of legal regulation has shifted, and the focus of regulation has shifted from the collection of personal data to the abuse of personal data. Fourth, different levels of protection should be carried out according to types and scenarios. Among the data, sensitive data must be distinguished from general data. Among sensitive data, biological data must be distinguished from general sensitive data. The latter includes personal religious beliefs, political positions, etc. .
-END-
Responsible Editor | Huaming Zhang
Reviewer | Zhang Wenshuo
▼
