The French data protection authority (CNIL) has published an opinion on facial recognition technology and the challenges it raises.The CNIL said it is crucial to prioritize the security of such biometric data, by, for example, storing such biometric data on a personal device belonging to and accessible to the user rather than in central database storage solutions. The CNIL also gives examples of uses of the technology it deems acceptable, for example, to filter access to a carnival (on an experimental basis). It also explains prohibited uses, such as school entry controls, which in the CNIL's opinion can be achieved by less intrusive means.CNIL states that most of the risks facial recognition entails are due to the biometric nature of the information it processes. Since facial recognition is based on probability rather than certainty, a mistake or variations in performance may have far-reaching consequences on individuals. Moreover, the technology allows for such processing even without the data subject being aware that such data is collected and processed, making it a very intrusive tool on people's anonymity in the public space.Finally, the CNIL calls for establishing a fully-fledged European model that implements the principles of respecting individuals' rights by obtaining their consent wherever feasible and adopting a rigorous experimental methodology that will allow careful testing of different technical solutions.