Measures from cyberspace regulator and police ministry taking effect on June 1 mark first major attempt to regulate widely used technology

William Zheng

Published: 8:00pm, 22 Mar 2025

The use of facial recognition identification should not be forced upon people, and service providers will be required to offer alternative ID methods, under regulations due to come into effect in China on June 1.

The new rules mark Beijing’s first major attempt to regulate facial recognition, a technology widely adopted around the country – such as at hotel check-ins, entrances to gated communities and to make digital payments.

Jointly released by the Cyberspace Administration of China and Ministry of Public Security on Friday, the final version of “regulations for the safe application of facial recognition technology” comes nearly two years after a public consultation on creating comprehensive guidelines.

The regulations aimed to address “growing concerns” among the public about the risks posed to personal data privacy and security, the authorities said.

China is a global leader in the adoption of facial recognition technology, driven by its robust internet industry and relatively lax regulatory environment on privacy protection. It has also heavily integrated facial recognition into its security surveillance network.

The new regulation mandates that “voluntary and explicit consent made on the premise of full knowledge” must be obtained “when processing facial information based on individual consent”.

Individuals shall also have the right to withdraw consent, and the body that processes the personal information should provide “a convenient way” for such withdrawal.

Also, when alternative methods to achieve the same ID verification are available, facial recognition shall not be offered as the only option. If someone refuses facial verification, “reasonable and convenient” alternatives shall be provided.

On data security, the new regulations specify that facial information shall not be transmitted externally through the internet, unless otherwise provided by laws and administrative regulations or with the individual’s separate consent.

The retention period of facial information shall also not exceed the shortest time necessary for processing.

Further, facial recognition applications shall adopt necessary security measures such as data encryption, security auditing, access control, authorisation management and intrusion detection to ensure data security.

Facial ID processors are also required to register with their provincial cyber administration body within 30 working days when they hold more than 100,000 facial data sets.

In strict moves on privacy protection, the regulations ban facial recognition equipment in private spaces such as hotel rooms, public bathrooms and dressing rooms.

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772734)

In July 2021, the Supreme People’s Court issued a judicial interpretation that effectively banned the use of the technology to verify identities in public places like shopping malls and hotels without consent. The ruling also allowed residents to request alternative methods of verification to enter their neighbourhoods, emphasising the need for consent and providing options for those who refuse facial recognition.

That November, China’s personal information protection law took effect, mandating consent for the collection of facial data and imposing heavy fines on companies that fail to comply.

In 2022, a resident of the northern city of Tianjin sued his estate management company over making facial recognition the sole ID method for entry. The court ruled in favour of the resident and ordered the company to provide alternatives.

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772737)

funny how western media never discusses this, it shows china isnt some police state unlike USA

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772754)

But the chinese govt gets whatever info they want without restriction.

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772783)

Article 38: Protects the dignity of citizens, prohibiting insults and defamation.

Article 39: Guarantees the inviolability of the home, meaning searches and intrusions require legal justification.

Article 40: Protects the privacy of correspondence (letters, emails, messages), but allows state interception if necessary for security or criminal investigations.

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772786)

hth

(http://www.autoadmit.com/thread.php?thread_id=5698215&forum_id=2#48772792)