FACIAL

RECOGNITI
ON LAWS
IN INDIA
Need for
Regulation
Facial recognition is a category of biometric software that maps an individual's facial features mathematically and stores the data as
a faceprint. It is technology capable of matching a human face from a digital image or a video frame against a database of faces,
and has therefore been used for surveillance, security and authentication of one’s identity by various organizations including the
government.

Broadly there have been no laws regulating this field, making its use potentially invasive. The applications of this technology have
been considered to seriously violate an individuals privacy rights, thus making it contrary to principles enshrined in the Indian
Constitution and also International human rights law.

K.S. Puttaswamy vs. Union of India (2017)

It was this landmark judgement, that incuded an individual’s
proporti
right to privacy under the ambit of Article 21 of the Indian onality
Constituion, thus granting it the status of a fundamental right. It legitimat
e goal
has been contended that FRT is not in line with the guidelines
laid down in the K.S. Puttaswamy Judgement. legality Tests Laid down in the
Case
A Chronology of
Legislations
governing Facial
Recognition
Technology in India
Information Technology Act, 2000
The IT Act classifies biometric data as
sensitive personal data, and contains rules
for collection, disclosure and sharing of such
information.  In the event of violation,
recourse can be taken to section 43A which
holds a violating body corporate to be liable
to pay damages as compensation to the
affected person.
 Aadhar Act, 2016
The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 was the first legislation in India
specifically dealing with the collection, storage and processing of biometric data.

Categories Consent Purpose Confidentiality

Section 2 (n) defines

“identity information”
S.28 (5) prohibits
S. 8(2)(a) mandates S.8(3) ensures that
Central Identities Data
acquiring the consent of individuals are kept
Section 2 (g) defines Repository from
principal and therefore informed about the
“biometric information” revealing any
reflects GDPR purpose of data
authentication record to
principles collection
anyone
Section 2 (j) defines “core
biometric information”
Personal Data Protection Bill, 2019
The PDP Bill, India’s most recent legislation dealing with data laws, has specific provisions devised to govern the use of facial
recognition technology in India. FRT comes under the ambit of ‘sensitive personal data’, thus being regulated strictly.

Clause 3 (7): 'biometric data' defined which includes 'facial images' as a part of it.

Clause 3 (36): categorizes 'biometric data' as 'sensitive personal data', as compared to critical or general data.

Clause 33: It states that 'sensitive personal data' may be transferred outside India, but must be stored in India. Nevertheless,
transfer of 'sensitive personal data' shall be subject to conditions laid out in Clause 34.

Clause 34: Lays down the conditions for transfer of sensitive personal data outside India in cases such as medical emergencies,
intra-group schemes, when authorised by the Central government etc.
Questions are
welcome.
Presented by: Trisha
Agarwala