China has been ranked the world’s worst offender for its invasive use of biometric data, according to a study of 96 countries by a UK-based technology firm. Costa Rica, Iran and the United States were the second, third and fourth worst offenders. African nations including Ethiopia, and European countries Portugal and Ireland had the best practices based on how little data they collected or how strong their rules are for protecting collected data. The report, titled “Protected: Biometric data: 96 countries ranked by how they’re collecting it and what they’re doing with it” , was released in January by Comparitech. It found China had adopted widespread and invasive use of facial recognition technology. It also found a lack of privacy safeguards for employees in Chinese workplaces, and noted the introduction of fingerprinting for anyone who entered China. The Chinese public’s fears about the invasive use of biometrics have been heightened since the coronavirus pandemic began a year ago and the Chinese government “used drones with facial recognition to monitor people outside their homes during lockdowns”, the report stated. It said China had installed cameras on buses to take peoples’ temperatures and a photo of their forehead, and was working to develop facial recognition technology to identify individuals wearing Covid-19 protective masks. Alibaba says Uygur-tracking facial recognition violates company values The findings come two months after a law professor won China’s first lawsuit against the use of his biometric information. Guo Bing, an associate professor at Zhejiang Sci-tech University, sued the Hangzhou Safari Park in 2019 for breach of contract after it replaced its fingerprint-based entry system with one that uses facial recognition. The Hangzhou Fuyang People’s Court ordered the park in November to delete Guo’s facial recognition data and pay him 1,038 yuan (US$158) in compensation. It is one of the few cases in China in which an individual has been successful in challenging the country’s use of biometrics. The report found that some Chinese companies have been permitted to monitor employees’ brainwaves for productivity while they’re at work, and have even developed “smart cushions” to monitor employees’ vital signs and tell them when to get up and stretch. In China, artificial intelligence and its many applications constitute a major component of government strategy. The “Next Generation Artificial Intelligence Development Plan” issued in 2017 called for the country to become the world leader in AI innovation by 2030. Why India and Indonesia can’t say bye to WhatsApp so easily In particular, the use of biometric data has grown exponentially in key areas, such as scanning users’ fingerprints or faces to pay bills. Surveillance cameras equipped with facial recognition are used to shame jaywalkers and prevent toilet paper theft . The wide-scale usage and over-collection of biometric data in China has led to leaks, with images of people’s faces, national ID numbers and phone numbers frequently found for sale online at alarmingly low prices. The state-run Xinhua News Agency reported in July that some online vendors were selling facial recognition data for just 0.5 yuan (8 US cents) per face. State broadcaster CCTV also reported in 2019 that a bundle of 5,000 images of people showing various facial expressions was being sold for 10 yuan. A survey last month by Beijing News Think Tank of 1,515 anonymous Chinese residents found that almost 90 per cent of respondents oppose the use of facial recognition technology in commercial zones. Chinese authorities expressed concern about the potential for commercial abuse and issued a draft Personal Information Protection Law in December, which is designed to curb tech companies’ control over personal data. The draft law states that sensitive information such as facial biometrics must be “used for specific purposes and only when sufficiently necessary”. The law would significantly increase penalties for companies responsible for data breaches, proposing fines of up to 50 million yuan or 5 per cent of the companies’ annual revenue. Some observers noted that the draft law is vague about how businesses could comply with its measures, and the proposed penalty relatively mild given the billions of dollars the big-data market is worth and the risk of data breaches.