EPIC urges changes to UK ICO’s biometric data guidance

The Electronic Privacy Information Center (EPIC), an advocacy group specializing in privacy and human rights, recently urged the United Kingdom’s Information Commissioner’s Office (ICO) to modify its draft guidance on biometric data, promoting more privacy-protective practices.

As the UK’s data protection authority, the ICO has developed guidance to instruct organizations on biometric systems and data use, including how the law applies to such use. Still in draft form, this guidance would affect a broad range of companies in and outside the UK.

In their comments, EPIC makes comprehensive recommendations to the ICO. It suggests that the organization expand its guidance to cover the use and regulation of biometric data, particularly toward law enforcement.

The group calls for implementing protection procedures for the sale and sharing of biometric data and clear guidelines on how private companies can work with law enforcement when biometric data is involved. They further request human oversight for any law enforcement automated decision-making tools and enhanced security measures, with risk assessment procedures outlined to prevent data breaches.

EPIC has also taken a firm stance on some biometric technologies. They have requested that live facial recognition technology be prohibited, except in extreme public threat situations. They also call for banning behavioral or soft biometrics.

The group has also called for more details and guidance on the dangers and potential harm of integrating AI into biometric data systems.

The ICO opened its doors for public input on the draft, which concluded on Oct. 20, 2023. Like EPIC, other watchdogs weighed in with calls for changes, underscoring the far-reaching implications of the ICO’s policies.

Article Topics

biometric data  |  biometrics  |  data privacy  |  EPIC  |  Information Commissioner’s Office (ICO)  |  regulation  |  soft biometrics