FB pixel

Scottish government proposes immediate deletion of expired facial images in new biometrics code

 

facial-recognition-database

The Scottish government has won praise from the Open Rights Group with a draft Code of Practice which, if implemented in its current form, will result in immediate deletion of all mugshots at the end of their legal retention period, The Register reports.

The Code of Practice “On the acquisition, use, retention, and disposal of biometric data for justice and community safety purposes in Scotland” (PDF) establishes rules and oversight conditions that Scotland will appoint a biometrics commissioner to enforce.

The draft code includes sections on human rights and data protection, general principles and ethical considerations, privacy by design and data protection impact assessments (DPIAs), transparency, a process for reviewing and appealing biometric data, vulnerable individuals, and compliance with the code. It identifies fingerprint, DNA, and custody images as biometric data, but also notes that “second-generation” biometrics like iris recognition, behavioral biometrics and voice pattern analysis would be included if they are used.

It specifies the need for a “presumption in favor of deletion” and for agencies to ensure the deletion of data from any databases it has been replicated on.

“Open Rights Group called for rules establishing an automatic deletion procedure,” writes the organization’s Scotland director, Matthew Rice in a blog post. “It is welcome to see them included in the Code of Practice for Scotland and we encourage the rest of the UK to follow Scotland’s lead.”

So far, the rest of the UK has taken a markedly different approach, with the Home Office’s continued failure to delete facial images after being instructed to do so drawing criticism from the Parliamentary Science and Technology Committee, and Big Brother Watch filing a legal challenge to the continued trials of automatic facial recognition by UK police.

Open Rights Group also expressed disappointment with some elements of the draft code. It does not approve of its limitation to law enforcement, which would set different rules for biometric use by national security agencies or private companies, and also says the biometrics commissioner should have more power to deal with organizations that violate the code, as the office would only be able to issue an “improvement notice,” rather than legal challenges.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Discrepancy in enforcement between biometric data protection in public, private sectors

UK’s ICO plans to continue keeping fines low for the public sector, while on the continent CNIL has published the…

 

Nigeria tenders $83M digital identity system upgrade and MOSIP integration

Nigeria is planning to implement the MOSIP platform with its digital identity management system and upgrade its biometric capabilities with…

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events