In spite of several advantages of the latest technology of facial recognition, doubts continue to prevail in view of its very thin legal base. Regardless of the grey area in which this technology operates, it appears that plans are at an advanced stage to introduce it in a big way for a countrywide network. In this context, extensive trials have already been undertaken in the national capital. Essentially, there are two direct applications of this technology, the first one being for access control on the basis of facial recognition.

Such an application has a limited range but has been found to be quite effective and useful. The stored data in this case pertains to those who have bonafide access to the secure premises and at the time of their entry, besides other forms of checks, facial recognition, which is just an additional check, is also done. The scope of this application is limited to installations and premises which are already secure and the number of personnel whose data is maintained for reference purposes is also relatively small. Immigration checkposts have also found it useful.

The other application is for security surveillance which is more controversial. This is because of the very large volume of facial data, with the general public as its source. These are collected and monitored on a continuous basis. It is in the very nature of its procedure that such data would be collected and stored without any permission from the individual concerned. It is then run against the reference data, where a match is attempted through Artificial Intelligence enabled software.

In a lighter vein, the situation may be termed as comparable to a fishing expedition. It is understood that a fishing expedition, means an investigation that does not confine itself to its originally stated objective but hopes to uncover incriminating evidence during the course of and as the enquiry proceeds. At present, some areas in California and Massachusetts in the US have banned the use of this technology, while preinduction considerations are still in progress in the United Kingdom and the European Union.

On the other hand, an area of worldwide concern arising from this technology has been its rampant use by China to cover the public protests in Hong Kong, in addition to tracking the Uighur Muslims of Xinjiang. In our country, no specific statutory provisions for coverage of facial recognition data exists so far; at best it can be treated as a form of biometric data which is covered under the IT Act. The advantages of biometric technology are well known and have been used in the very popular Aadhaar application. However, privacy concerns as also apprehensions on violation of fundamental rights remain.

Particularly so, as after the Puttaswamy judgment (2017), the right to privacy has also been treated as a fundamental right. Since all biometrics including facial data are of a sensitive nature, some basic rules are required to be followed in respect of the usage of facial recognition technology. These safeguards are unavailable. Some of the drawbacks in the system are, absence of any written consent from the subject for collection of the requisite data and its storage, as also transfer of this data and its disclosure to other entities. It is, thus, obvious that the use of facial recognition technology, in its present form, is not in conformity with the right of privacy.

With the people becoming aware that they are under constant watch and are being photographed, it may also be a blow to fundamental rights and particularly Article 19 of the Constitution. Along with these concerns, one is aware of the situation that as of now, the system is practically unregulated as the Bill on personal data protection is yet to be passed. In fact around this Republic Day, and on a few earlier occasions also, the use of this technology in Delhi had been well publicised. A robust oversight mechanism needs to be put in place without any further delay, as trials have already commenced.

Such an operating mechanism should inspire confidence in the public and meet the legal requirements of privacy and fundamental rights, besides safeguarding the data. As far as the security and protection of the data is concerned, the government had constituted a committee of experts headed by Justice BN Srikrishna to produce the framework for a comprehensive law. This Committee was constituted in 2017 and submitted its report the next year, on the basis of which the Personal Data Protection Bill 2019, was drafted.

A certain degree of dilution has since taken place in the recommendations of Justice Srikrishna, as while drafting the Bill, the safeguards suggested for accessing the data by government departments, without the consent of the person concerned, are no longer there. Parliament has now sent this Bill to the select committee. The private data of the individual, which will necessarily include biometrics, thus, can be used by any department without the knowledge or consent of the subject.

There is, however, still enough time and opportunity to correct the situation and strengthen the Bill with adequate safeguards while it is still pending consideration and scrutiny at the committee level, which has also invited suggestions from the public. One of the pitfalls of any modern technology and particularly in a case backed by Artificial Intelligence is that it may bring out results which are completely inconsistent with a given situation or a human element. As such where the future of human beings is at stake, we have to exercise a certain degree of restraint and caution, giving full respect to the Constitutional norms.

(The writer is a former Governor and a Sr. Advisor at the Pranab Mukherjee Foundation)