ICO warns about privacy implications of live facial recognition

Share This Post

In a recent blog, the Information Commissioner highlights the ICO’s concerns with the use of live facial recognition technologies.

The focus on the article relates to an ongoing case (R (Bridges) v Chief Constable of South Wales Police) which led to the ICO looking at how the police are trialing facial recognition technology and makes the point that “any organisation using software that can recognise a face amongst a crowd then scan large databases of people to check for a match in a matter of seconds, is processing personal data” and therefore GDPR applies.

In the article, the Information Commissioner says

For the past year, South Wales Police and the Met Police have been trialling live facial recognition (LFR) technology that uses this software, in public spaces, to identify individuals at risk or those linked to a range of criminal activity – from violent crime to less serious offences.

We understand the purpose is to catch criminals. But these trials also represent the widespread processing of biometric data of thousands of people as they go about their daily lives. And that is a potential threat to privacy that should concern us all.

LFR is a high priority area for the ICO. My office has been conducting an investigation, monitoring the trials carried out by the police. The relevant forces piloting this technology have cooperated with our investigation and the ICO has learned a lot from our deep dive in examining how it works in practice. Legitimate aims have been identified for the use of LFR. But there remain significant privacy and data protection issues that must be addressed, and I remain deeply concerned about the rollout of this technology.

Whilst a lawful basis for processing any personal data is always required, biometric data that is used for identification purposes is considered, by the GDPR, as “special category” data which also requires a specific lawful condition to apply for it to be lawful. And as this is a new technology or way of processing data, the ICO highlights the need to carry out DPIA and implementing appropriate policies and controls around its use.

We should expect more from the ICO (as well as the outcome of the legal case) on such processing in the future and how it applies to businesses as well as the police.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy