UK Commissioner advises on risks of facial recognition use in public spaces
UK Information Commissioner Elizabeth Denham has set out recommendations and addressing concerns about live facial recognition (LFR) use in UK public spaces in a blog post.
Previously the Information and Privacy Commissioner for British Columbia, Canada, before taking the UK role in 2016, Denham explains how data protection and people’s privacy must be at the heart of any decisions to deploy live facial recognition.
The law, including the UK’s domestic version of the General Data Protection Regulation (GDOR), sets a high bar to justify the use of LFR and algorithms in places where we shop, socialize or gather, writes Denham, and when biometric technology is used to scan facial images, this increases the risk to people’s privacy.
Denham expresses concern for the potential that LFR has to be used inappropriately, excessively or recklessly, citing the significant impact of mass sensitive biometric data collection. Some of the uses of LFR mentioned include addressing public safety concerns and creating biometric profiles to target people with personalized advertising.
In 2020, The UK government’s Biometrics Commissioner criticized the Metropolitan Police’s deployment of live facial recognition-equipped cameras across London claiming police should not be able to have free reign over the technology. Similarly in 2019, UK Members of Parliament on the government’s Science and Technology Committee urged the Home Office to halt all trials of live biometric facial recognition so that adequate legal footing for them could be established.
Investigations into these uses by the Commissioner’s Office concluded that none of the organizations investigated were able to justify the processing and, of those systems that went live, none were fully compliant with the requirements of data protection law. All of the organizations chose to stop, or not proceed with, the use of LFR.
Therefore, Denham makes several recommendations; organizations will need to demonstrate high standards of governance and accountability from the outset, including being able to justify that the use of LFR is fair, necessary and proportionate in each specific context in which it is deployed. And they need to demonstrate that less intrusive techniques will not work. Organizations will also need to understand and assess the risks of using a potentially intrusive technology and its impact on people’s privacy and their lives.
These recommendations are detailed at length in the full report.
Denham explains that to propel good governance, the ICO will engage with Government, regulators and industry, as well as international colleagues to support data protection protect the public without stifling innovation.
The full Commissioner’s Opinion details builds on the 2019 ICO’s opinion into the use of LFR by police forces.