Facial information belongs to sensitive personal information. Facial recognition is not the only way of identity recognition, let alone a mandatory option. According to the law, personal information processors can only use relevant information data with the consent of individuals and must ensure the security management of information. Nowadays, facial recognition technology covers more and more application scenarios, such as facial recognition payment, facial recognition accommodation, and facial recognition entering residential areas. While improving efficiency and convenience, it also brings many security risks. Since the beginning of this year, multiple regions have reported cases of illegal and irregular collection of facial information. Related cases show that criminals illegally obtain personal information, use AI face swapping and other software, directly log into the victim's payment account, and steal their bank card for consumption, turning "face swapping" into "money swapping" in seconds. In addition, incidents such as "loans" and "fraud" caused by the leakage of victims' facial information also occur from time to time... The situation of personal information protection is becoming increasingly severe. Facial information is the biometric information of a person's facial features, which belongs to sensitive personal information. Once leaked or illegally used, it is easy to cause the personal dignity of natural persons to be violated or their personal and property safety to be endangered. According to the Personal Information Protection Law, personal information processors may only process sensitive personal information when there is a specific purpose and sufficient necessity, and strict protection measures are taken. This processing method must be adopted in a way that minimizes the impact on individual rights and is limited to the minimum scope of achieving the processing purpose. On this basis, the application of facial recognition technology must prioritize the protection of personal information rights, placing "personal rights" at the forefront of technological applications. Legitimacy, legitimacy, necessity, and integrity are the fundamental principles for the application of facial recognition technology. In recent years, China has continuously improved its institutional norms for the application of facial recognition technology in processing facial information. Recently, the State Internet Information Office and the Ministry of Public Security publicly solicited opinions on the Regulations on the Protection of Personal Information on Large Network Platforms (Draft for Comments), which once again clarified the main responsibilities of service providers on large network platforms and reiterated the strict protection of sensitive personal information. With the implementation of systems such as security risk monitoring, risk assessment, and compliance auditing, the level of personal information protection will be further enhanced. In fact, facial recognition is not the only way of identity recognition, let alone a mandatory option. According to the law, personal information processors can only use relevant information data with the consent of individuals and must ensure the security management of information. The "Measures for the Security Management of Facial Recognition Technology Applications", which will come into effect on June 1, 2025, further draws a red line and clarifies that no organization or individual can mislead, deceive, or coerce individuals to accept facial recognition technology for verifying their identity under the pretext of handling business or improving service quality. Especially when installing facial recognition devices in public places, it is necessary to maintain public safety, legally and reasonably determine the facial information collection area, and set up prominent warning signs. Rejecting 'forced facial recognition' is not to oppose the application of facial recognition technology, but to prevent disorderly and excessive abuse. On the premise of protecting personal information, the application of facial recognition technology should be promoted in accordance with laws and regulations. On the one hand, focusing on the full chain security of facial information, operators or personal information processors need to upgrade their technology, establish strict closed-loop governance mechanisms, cover the entire process of information collection, data storage, compliance use, and risk disposal, and protect users' rights to choose and be informed; On the other hand, relevant departments and institutions should open up reporting channels, enhance the quality and efficiency of problem clue supervision, increase the crackdown on "AI face swapping" fraud, and businesses using "facial recognition" to bundle consumption, etc., to form an effective deterrent. Users should enhance their awareness of prevention and keep in mind the principle of 'not providing unless necessary'. Before "facial recognition", you may ask three questions: why collect? How to store? What is the risk? If it is found that the legitimate rights and interests have been infringed, the agreement, screenshots, recordings and other evidence shall be retained as soon as possible, and relevant enterprises or institutions shall be required to stop the infringement and bear corresponding responsibilities in a timely manner; You can also report to departments such as cyberspace administration and public security to protect your legitimate rights and interests in accordance with the law. (New Society)