Biometrics Commissioner criticizes UK police, home office governance rules in annual report

UK Biometrics Commissioner Paul Wiles has published the office’s annual report for 2017, expressing concern about a lack of adequate governance practices in several areas of biometric data collection and retention among police and government agencies.

The 125-page report includes a range of pointed criticisms, and points out that legislation is urgently needed to extend the Protections of Freedom Act (PoFA) beyond fingerprints and DNA to cover other modalities.

The report notes that while fingerprint and DNA biometrics are widely used and accepted, and evidence from them is rarely challenged in court, the same is not true of “second generation biometrics” or some new technologies for fingerprint and DNA identification. It identifies efforts undertaken so far towards establishing consensus within the scientific community about how evidence from other biometrics should be presented, and to produce primers to help the judiciary understand evidence given in the form of these biometrics.

Gaps in legal and procedural foundations for biometric programs are already having a negative impact, however.

“Lack of governance is leaving a worrying vacuum which the police tell me is making their experiments with new biometrics more difficult and uncertain and so risks undermining public confidence in policing,” Wiles writes.

“Furthermore, lack of clarity about future governance arrangements for new biometrics may actually impede growth, since it is less costly to develop operational systems within a known governance structure than to have to adapt existing systems to take account of governance rules developed later.”

The commissioner also pointed out the importance of evaluating the cost-effectiveness of different biometrics as more programs are initiated.

The expansion and sharing of biometric databases, as well as the retention and deletion of the data they contain are also considered in the report. The commissioner criticized the lack of a governance structure for the IDENT1 police fingerprint database comparable to the one used for the national DNA database, and urged the establishment of a legal basis and governance arrangements for inter-departmental searches.

In a section on “Future Biometric Challenges,” Wiles says the new Home Office Biometrics platforms due to begin limited operation in 2020 have “no governance rules about access and use to the different databases,” and urged the Home Office to create a clear governance structure and rules for data sharing.

Delays in the Home Office biometrics strategy, which is due this month, as well as in the deletion of facial images in accordance with a court order were recently criticized by the parliamentary Science and Technology Committee.

Article Topics

biometrics  |  data collection  |  data protection  |  police  |  privacy  |  UK