Automated Facial Recognition Systems: Not the win we were rooting for

The database breach of the government's digital platforms highlights the vacuum in legislation to adequately deal with such breaches. In the absence of legislation providing redress, attributing liability and adequate punishment— the fundamental right to privacy in India remains a toothless tiger. The author outlines the key shortcomings of automated facial recognition systems and proposes policy recommendations to address them effectively.

— 

THE recent breach of the CoWin database is yet another violation of the right to privacy on government-mandated technological platforms.

It highlights how technology used by the State machinery in India is prone to breaches, and is a timely reminder, if one was indeed needed, of the lack of robust data protection laws.

The growing concern is compounded by the fact that the State is operationalising more and more technology-driven solutions which collect and store sensitive personal data in the form of biometrics; and identification metrics such as phone, Aadhaar card and PAN card numbers, and age, gender and health data. 

Also read: The rise and rise of Facial Recognition Technology

An important issue that ought to be a cause of concern is the integration and use of an automated facial recognition system (AFRS) by the Delhi police, or even through the DigiYatra platform, which uses facial recognition technology (FRT) to authenticate and facilitate travel across airports and extends it to railways.