The Payment & Clearing Association of China on Tuesday issued a landmark guideline for strengthening the regulation of facial-recognition payment options available at some brick-and-mortar retailers.

The document claims to be the first regulation aimed at protecting users’ privacy when it comes to collecting, storing, and using facial data. According to the new guideline, users’ facial data must be encrypted, and merchants must provide additional payment methods so that users who opt to pay through facial recognition are consenting to doing so.

Merchants and any third parties involved in the payment process — such as WeChat or Alipay, China’s two dominant mobile payment platforms — are prohibited from storing users’ facial or other personal data, the guideline said.

As facial-recognition technology sees a widening range of applications in China, the public has become increasingly concerned with privacy and data security. Last year, the briefly popular “deepfake” app Zao came under fire for reserving the right to sell its users’ data. Afterward, Alipay — which has facial-recognition payment devices in over 100 cities — had to reassure users that its system could not be hacked using such face-swapping technology. (Image: Tuchong)