Data and privacy for Face
This article provides some high level details regarding how Face processes data provided by customers. Face was designed with compliance, privacy, and security in mind. Biometric identification technologies are intended to process personal data that may be considered sensitive personal information. Please be aware that the laws governing biometric recognition technologies often vary internationally and domestically, including at the federal, state and local levels. In addition to regulating allowed use cases, some jurisdictions impose special legal requirements for the permissions governing collection, transfer, online processing, and storage of biometric data, particularly when used for identification or verification. Before using Face and our Azure services for the collection, transfer, processing and storage of any data subject’s biometric data, you must ensure compliance with the relevant legal requirements that apply to your service application.
- Inform people in your locations with conspicuous disclosure about use of image data and use of facial recognition.
- Comply with all applicable laws and regulations in your jurisdiction.
For our customer’s convenience, please consider utilizing the following disclosure regarding Microsoft's role when you use of Azure AI services Face with your end users: [Company] uses Microsoft face recognition technology to process [Company’s] users’ biometric data as its service provider (“Processor”). Microsoft may process and store face templates for the purposes of providing face verification and/or identification services on [Company]’s behalf, and only as instructed by [Company]. Microsoft will store this data as long as [Company] requests, which shall be no longer than a limited grace period after the date when (i) [Company] ceases to have a relationship with Microsoft or (ii) when [Company] requests deletion.
What data does Face process, how long is it retained and what protections are in place?
Face processes the following types of data. This is also detailed by feature in the table below:
- Configuration: Key-value pairs passed in the API calls to the service that are processed per API call and then discarded, such as "recogntion_model" (the key) and "recognition_04" (the value)
- Images: One or more images of an individual that are processed for the purpose of Face technology. The images themselves – whether enrollment or probe images (see terms) – are not stored by Face, and the original images cannot be reconstructed based on a template. The service is intended to process face images only; if text is sent along with the image, this information will not be processed or retained by the face service.
- Template: The template created from the images. Customers can delete or add any data stored at rest, but neither the customer, developer, nor Microsoft have access to the actual facial feature template data, which is stored in an isolated storage account in the enterprise SKU of the face resource.
All faces and people within the service are associated with a random GUID and Microsoft is not able to connect it with any personally identifiable information.
Face maintains GDPR data processor classification across all supported regions.
|Face feature||Input||Output||Retention of images||Retention of Face feature template||Customer controls|
|Face Detection: detects faces within images||Image||Coordinates of the bounding box location(s) of the face(s) generalized regardless of who is in the image. Cannot be used to recognize faces.||Images are not stored after analysis||No template is created|
|Approved Customers Only: Face Detection with faceID: detects faces within images and one of the outputs, the faceID, be used for the following Face calls. Note the faceID is only provided for customers that have been approved for access: Face – Identify, Face – Verify, Face – Group and Face – Find Similar.||Image||Face location, (if one or more attributes are specified, the attribute output), and the faceID which is a randomly generated identifier assigned to a new face feature template for each image submitted to the API. The faceID changes for each image submitted, even if the image is of the same face. There's no matching or comparison in the Detect() with faceID API.||Images sent to the service are not stored after analysis.||The randomly generated unique identifier assigned to each face detected and associated template expires within 24 hours.||The template expiration date can be adjusted to less than 24 hours with faceIdTimeToLive|
|Approved Customers Only: Find Similar: Given a face, searches for similar-looking faces from a faceID array, a faceListID or a large face list ID.
Depending on the type of Customer request (i.e., for a faceID array or a faceListID) the results returned to Customers for similar faces list contains faceIDs or persistedFaceIDs ranked by similarity.
|faceID; faceID array; faceListID; largeFaceListID||faceID||Images sent to the service are not stored after analysis.||The input faceID array may contain multiple faces with detected by Face – Detect. The faceID array and associated template expires within 24 hours.
The input faceListID is created by FaceList – Create containing persistedFaceIDs and associated template that will not expire.
The input largeFaceListID is created by LargeFaceList – Create containing persistedFaceIDs and associated template that will also not expire.
|facelistID; LargeFaceListID; and PersistentfaceIDs can be managed and deleted by Customers via the Face API commands. faceID array template expiration can be adjusted to less than 24 hours with faceIdTimeToLive|
|Approved Customers Only: Face Identification or Verification service calls: Create or enroll faces to a person group for face identification or verification||faceIDs; personGroupId; LargePersonGroupId||Candidate personIDs for each faceID||Enrolled images to a Person and add a person to a PersonGroup: Images sent to the service are not stored after analysis.
Images sent to the service to compare to face group: Images sent to the service are not stored for analysis
|A PersonGroup / LargePersonGroup is created by LargePersonGroup - Create containing PersonID which contains persistentFaceIDs and associated template that will not expire.||Customer can delete LargePersonGroup Person Face - Delete, LargePersonGroup Person - Delete or LargePersonGroup - Delete and associated template(s).|
|Approved Customers Only: Face Group service calls: Group similar faces together||faceID array||One or more groups of faceIDs||N/A||The input faceID array may contain multiple faces with detected by Face – Detect. The faceID array and associated template expires within 24 hours.||faceID array template expiration can be adjusted to less than 24 hours with faceIdTimeToLive|
How does the Face process data?
The diagram below illustrates how your data is processed for Face Detection with Face ID (approved customers only).
Security for customers’ data.
The security of customer data is a shared responsibility.
The following are a few best practices for further securing Azure AI services Face:
- Customer managed encryption keys are available.
- Azure AI services Face supports VNET to restrict access to certain IP addresses, IP ranges, or a list of subnets.
- Azure Active Directory (Azure AD) authentication allows you to authenticate to Azure AI services using Azure AD. This capability provides greater flexibility for managing access to Azure AI services and makes it easier to use existing policies for credential rotation and to enforce custom password standards.
- You can also further protect access to sensitive facial feature templates by using Azure role-based access control (Azure RBAC) to use the Cognitive Services Face Recognizer role that restricts access to detect, verify, identify, group, and find similar operations on Face. This role does not allow create or delete enroll operations, which makes it well suited for endpoints that only need inferencing capabilities, following “least privilege” best practices.
For additional security best practices and information, visit Azure AI services security baseline
Should you have any additional questions or concerns, please let us know by opening a support ticket in the Azure portal.
To learn more about Microsoft's privacy and security commitments visit the Microsoft Trust Center.