On May 24, the National Information Security Standardization Technical Committee (NISSTC) issued the Practical Guide to Cybersecurity Standard - Security Requirements for Personal Information Protection in Face Recognition Payment Scenarios (Draft for Comment) (the "Draft") to solicit public opinions, which has come to an end by this minute.

The Draft provides the security requirements for personal information protection in response to the face recognition payment scenarios in both indoor and outdoor areas. According to the Draft, for the purpose of maintaining public security and financial security, the data processed as per the explicit requirements of a relevant administrative department during the face recognition payment process shall only be used for the specified purpose and shall not be used for any irrelevant activity without permission. The Draft also sets forth the security requirements for service providers, which touch upon five aspects, including "data shall not be collected outside the face recognition period: data shall only be collected after a clear interaction, such as a click, is manually performed; data collection shall be terminated after face recognition is completed or one minute after data collection commences.

(Source: National Information Security Standardization Technical Committee of China)