China: TC260 requests public comments on draft cybersecurity standard on facial recognition data
The National Information Security Standardization Technical Committee of China ('TC260') announced, on 23 April 2021, that it had released a draft Information security technology - security requirements of facial recognition data and has requested public comments on the same. In particular, the standard clarifies terms and conditions including facial imaging, facial features, facial recognition data, and data processing. In addition, the standard outlines basic, safe handling, and safe management requirements including recommendations on the collection, storage, use, sharing, transfer, and public disclosure of data, as well as data security management, incident response, and data localisation requirements. Specifically, the standard states that facial recognition data collected or generated in China should be stored in China, highlighting that if necessary to leave the country due to business needs, a security assessment must be carried out in accordance with the relevant regulations on the exporting of personal information.
Public comments can be submitted via email [email protected] until 22 June 2021.
You can read the press release and access the standard here, both only available in Chinese.