China has seen the launch of the first self-regulatory convention in the country to govern the use of facial recognition technology by the payments sector.
On 21 January the Payments & Clearing Association of China (PCAC) issued the “Facial Recognition Offline Payments Sector Self-regulatory Convention (Trial)” (人脸识别线下支付行业自律公约（试行）) to its member institutions.
According to PCAC the purpose of the Convention is to “standardise application innovations in facial recognition offline payments; prevent facial recognition payments security risk, protect the rights and interests of member entities, and uphold the interests of the public.”
The Convention calls for all member entities to:
- Establish full-life facial data security management mechanisms;
- Uphold the principles of “user authorisation – minimum sufficient usage” at the collection phase;
- Clearly notify users of the goal, method and scope for the usage of user information, as well as obtain user authorisation in order to avoid unnecessary collection;
- During the storage phase, provide encrypted storage of facial data, and provide security walls between bank account numbers or the payment account numbers and the security numbers of users;
- During the usage phase, vendors are not permitted to gather or copy facial data, in order to achieve end-to-end personal privacy protection.