Ryder Review calls for biometrics regulation through new, comprehensive legislation

Legislation is urgently needed to govern the use of biometrics, according to the widely-anticipated ‘Ryder Review’ from the Ada Lovelace Institute, the culmination of the organization’s three years of research into the challenges and potential harms brought on by use of the technology.

The Ryder Review is an independent legal review 221 pages long, and addresses the use of biometric technology and risks associated with it in England and Wales. The policy environment was formed by the passage of laws in 2001 that allowed for the collection and retention of biometric data by law enforcement, according to the report, in what it called “a wrong turn.”

The subsequent rush to build up databases of fingerprint and DNA biometrics to aid in criminal investigations was only slowed by a legal challenge filed with the European Court of Human Rights seven years later. According to the review, appropriate governance measures remain an ongoing attempted balancing act.

Remedying this situation will take a concerted legislative push, according to Ryder, a barrister at Matrix Chambers.

“Overall, we contend that if biometric technologies are to be used, they must be governed by a legal framework and a regulatory approach that align their use with the expressed needs of people and society,” writes Ada Lovelace Institute Senior Policy Advisor Madeleine Chang in a summary of the report.

Ryder makes 10 recommendations, starting with the passage of “new, primary legislation,” as well as a new regulatory body that would publish a register of biometrics deployments in the public sector. The regulator should assess both the effectiveness of biometric technologies and the proportionality of implementations in their proposed contexts.

A moratorium should be enacted for one-to-many identification biometrics in public spaces and public sector categorization, at least “until comprehensive legislation is passed,” the review says.

Ryder recommends extending the scope of legislation to include classification, as well as identification, and also that the statutory framework should require codes of practice for specific sectors or technologies, including a legally-binding code of practice for live facial recognition. A national biometrics ethics board should be established, and its advice published. Finally, further consideration is needed for private biometrics use, according to Ryder.

The Review delves into the EU’s AI draft regulation and, elsewhere, presents the views, sometimes aligned, sometimes opposed, of stakeholders from civil society, government, law enforcement and industry.

Responses from these and other stakeholders are already beginning. The Ryder Review promises to be a topic of significant discussion within the biometrics community.

Article Topics

Ada Lovelace Institute  |  best practices  |  biometric identification  |  biometrics  |  ethics  |  facial recognition  |  legislation  |  real-time biometrics  |  regulation  |  Ryder Review  |  UK  |  Wales