ICO ‘encouraged’ by UK police facial recognition compliance with data protection law

The use of facial recognition by police in South Wales and Gwent is compliant with the UK’s data protection law, a new audit report from the country’s data watchdog has found.

Published on Wednesday, the Information Commissioner’s Office (ICO) data protection audit examined how the two police forces govern the use of live and retrospective facial recognition software and safeguard people’s personal information.

“We are encouraged by the findings, which provide a high level of assurance that the processes and procedures currently in place at South Wales Police and Gwent Police are compliant with data protection law,” says Emily Keaney, ICO’s deputy commissioner for Regulatory Policy.

South Wales and Gwent police, however, will need to implement additional measures to comply with data protection law. This includes documenting retention periods for facial recognition accurately and consistently and reviewing policies and procedures regularly.

The audit did not focus on examining the technology and instead covered staff training, retention of personal information and Data Protection Impact Assessments.

“The forces made sure there was human oversight from trained staff to mitigate the risk of discrimination and ensure no decisions are solely automated, and a formal application process to assess the necessity and proportionality before each LFR deployment,” adds Keany.

Police pilots of Operator Initiated Facial Recognition (OIFR), an app that allows police officers to take a photo of a suspect with mobile phones and run it through a database with facial recognition from NEC, was also examined in the review.

The audits are part of the ICO’s new AI and biometrics strategy, designed to ensure facial recognition use by police is proportionate and respects rights. The strategy includes a series of audits of police forces across England and Wales who adopted facial recognition. Future audits will cover the Metropolitan Police, Essex Police and Leicestershire Police, according to Keany.

They arrive as the UK police are stepping up facial recognition rollouts.

Met police announced in July that more than 1,000 wanted criminals have been arrested using  live facial recognition since the start of 2024. The UK government is also planning to build a predictive policing project relying on its facial recognition capacities.

The increasing use of biometric matching technology has stirred plenty of controversy. Digital rights organization Big Brother Watch has recently found that UK police have been allowed to search the nation’s passport and immigration databases since at least 2020.

The audits could help alleviate public concern about the technology, according to former Biometrics & Surveillance Camera Commissioner Fraser Sampson. But more security could come from legal clarity and a unified regulation, lawmakers and experts have pointed out.

Article Topics

biometric data  |  biometrics  |  data protection  |  facial recognition  |  Information Commissioner’s Office (ICO)  |  London Metropolitan Police  |  South Wales Police