‘Proper regulation’ needed for UK biometrics use, outgoing Commissioner argues

The data protection framework through which the United Kingdom’s Information Commissioner’s Office will oversee surveillance cameras and biometrics may be inadequate. This is the primary concern of the former Biometrics and Surveillance Camera Commissioner, as expressed in his final annual report.

Recently departed Commissioner Fraser Sampson’s annual report for 2022-2023 was submitted shortly before Sampson left the position, at the end of last October.

Emerging issues and new technologies get short shrift in the new allocation of regulatory responsibility, he says. Sampson sees a need for further regulation as live facial recognition is increasingly adopted by UK police, but also a “lack of interest in proper regulation” posing a barrier to realizing the necessary changes.

While “judicious allocation of responsibilities and resources will go some way to addressing the closure of the Office,” Sampson also describes legal changes as “leaden paced.”

An independent analysis to identify likely gaps in oversight arising from the changes imposed by the Data Protection and Digital Information Bill makes up the first part of the report, and Sampson says he mostly agrees with its conclusions.

Abolishing the Surveillance Camera Code of Practice will leave both technology users and the individuals it is used on vulnerable to liability and rights violations, respectively, Sampson argues. It could also increase regulatory complexity, the opposite of the government’s intention.

The gap analysis suggests that transparency about how surveillance tools are used will be diminished without the Commissioner’s annual report to Parliament.

National Security Determinations (NSDs) declined, with 438 of 515 applications receiving final approval. The technology used for NSDs has still not been updated to reflect the latest legislative changes, and has limited functionality, Sampson writes.

Requests to retain biometrics under Section 63g, which allows police to keep fingerprint and DNA records from people arrested but not convicted of an offense, increased from 118 to 140. Section 63g powers appear to be underutilized by some police forces, however, according to Sampson, as ten have not made a single request since the mechanism became available to them in 2013.

DNA samples ruined by improper handling increased from 953 to 1,212, with failure to seal plastic bags an ongoing issue.

Engagement is also identified as a challenge moving forward. The BSCC Office provided a single point of contact for those deploying or interacting with surveillance systems, which has no obvious equivalent in the new system. Further, while Sampson says his correspondence with Ministers was positive, Ministerial departments often ignored his communications.

Sampson has joined Facewatch as an advisor since leaving the regulatory role.

Article Topics

biometric data  |  biometrics  |  Biometrics and Surveillance Camera Commissioner  |  data protection  |  Fraser Sampson  |  Information Commissioner’s Office (ICO)  |  regulation  |  UK