Facial Analysis: Considerations for Planners

Closed-circuit television (CCTV) cameras are everywhere these days, including in conference rooms. Some are being used to recognize and track attendees (known as facial recognition), while others are analyzing the entire group to measure their engagement in the sessions.

This practice, called facial analysis, is leaving some attendees feeling uncomfortable, even upset, that they are being surveilled without consent.

It's All in the Details

Here are a few things to consider when it comes to this evolving technology.

Facial analysis systems don’t require consent.

Consent is required if data is being collected that can be used to identify you personally. This is referred to as ‘personally identifiable information,’ or ‘PII.’ While this normally includes things like your name, address and email, it also includes biometric templates or signatures based on your face.

However, because it neither creates biometric signatures nor stores or transmits video containing people’s faces, legal consent is not required for facial analysis. “We’re not looking at how one person is reacting; we’re looking at how everyone is reacting,” said Panos Moutafis, CEO and co-founder of Zenus, which provides video-based facial analysis.

Nonetheless, attendees should be informed that the technology is in use.

Most importantly, letting people know ahead of time that you are using the technology builds trust. It also serves to ward off any liability from a privacy or security perspective.  

Storing biometric signatures in a database is a security risk.

Even if everyone opts in, there is a risk the data could be breached. If that happens, those signatures could be compared with images on Facebook, LinkedIn or other social media to find a match.

Setting parameters is essential.

To avoid ethical implications, organizations need to clearly define the type of data being collected and the purpose of the deployment. An example would be to focus only on aggregated dwell time and reactionary data for the purpose of analyzing which educational sessions and experiences resonated with attendees. 

Follow these established best practices:

1. Be very intentional in implementing technology to avoid collecting data that might put attendees at risk.
2. Enlist your tech partners to help you determine safe and ethical practices.
3. Carefully determine the service provider’s security credentials and review their privacy policy.
4. Educate your attendees on the use of the technology, how it works, and whether there are any privacy implications. Err on the side of over-communication.
5. When you’re dealing with information attendees may perceive as sensitive, build trust through transparency and choice.