Two United States Senators recently introduced proposed legislation to regulate some aspects of facial recognition software. As their primary focus is preserving privacy of the individual, the bill requires consent to its use, where it corresponds to head shots stored or used by an FRS program. It is named the "Commercial Facial Recognition Privacy Act of 2019."
It would be impossible specifically notify individuals whose images are part of a database employed to identify them; perhaps the posting of an online notice, such as the public signs warning of CCTV cameras in use, might be appropriate, or the inclusion of such notices in contracts and agreements publicly posted on the Internet. Individuals could then opt out, if they do not want their images used.
The other issue is the problem of notifying individuals (known as "Users" in the proposed bill) that facial recognition software is being deployed on their behalf in a commercial or business matter. This could be accomplished by a written notice that bank clients, or other beneficiaries of FRS programs, would sign, indicating their acknowledgement and acceptance of the use of such systems.
Additional language dealing with vetting new programs is in the bill, but not detailed enough to draw any conclusions. You can read the bill here.
Law enforcement, intelligence agencies, and anti-crime programs are exempt from the act. It also appears that exemption will apply to commercial FRS platforms being used by banks and others to confirm the identity of clients or white-collar criminals, but the matter will require more study, and perhaps more specific language placed in the act.
The bill does not appear to be moving forward at this time, and it will never become law without sufficient support in the Senate, but it does indicate that there is increasing interest in regulation. It bears watching.