UK Information Commissioner warns public use of facial recognition technology could spur legal action
UK Information Commissioner Elizabeth Denham has warned that she will consider legal action against users of facial recognition technology, including the Home Office and the National Police Chiefs Council (NPCC) if her concerns about the intrusiveness of its uses are not addressed.
Denham said in a blog post that improved technological capabilities, such as to link to different online databases, and to apply it to mobile or fixed camera systems, increases both the risk and opportunity associated with facial recognition. She singles out the use of the technology by law enforcement at public events such as the Notting Hill Carnival and the Champion’s League final in Cardiff as examples of a significant change in surveillance practice, and says that a lack of transparency risks mitigating the benefits of facial recognition if public trust is not addressed.
She recently wrote to the Home Office and NPCC to express a range of concerns.
While she welcomed both the recent appointment of a member of the NPCC to govern the use of facial recognition in public spaces and the establishment of an oversight panel including herself, Biometrics Commissioner and the Surveillance Camera Commissioner, Denham also noted that she is “deeply concerned about the absence of national level co-ordination in assessing the privacy risks and a comprehensive governance framework to oversee FRT deployment.”
Denham also expressed concern with both the transparency and proportionality aspects of the retention of the 19 million images in the Police National Database. A Home Office representative recently said it could not delete facial images previously ruled unlawful for it to retain due to the expense involved.
“For the use of FRT to be legal, the police forces must have clear evidence to demonstrate that the use of FRT in public spaces is effective in resolving the problem that it aims to address, and that no less intrusive technology or methods are available to address that problem.”
New data protection rules are about to come into force in the UK, requiring organizations to assess the risks of new technologies, particularly when biometric data is involved, and also to provide a data protection impact assessment to Denham’s office in some circumstances.
Denham says she will also consider recent reports by Civil Society, Big Brother Watch, and the Electronic Frontier Foundation.