Scottish Biometrics Commissioner lays out blueprint for regulating police use of biometrics

The Scottish Biometrics Commissioner is proposing its own blueprint and legal framework for the use of biometric data in law enforcement across England and Wales. The biometric technology watchdog has backed the creation of statutory codes of practice that would cover the police use of facial recognition and similar technologies.

The proposal comes as the UK debates its lack of unified regulation for police use of biometric technology. Scottish lawmakers and Commissioner Brian Plastow have jumped to the forefront of this discussion by calling for a dedicated legislative framework.

Plastow’s blueprint includes several broad measures to ensure” biometric data and technologies are used lawfully, effectively and ethically,” according to the letter addressed to the UK Home Office dated December 12th.

The Codes of Practice for England and Wales should apply to all law enforcement bodies but not the retail sector, it says.

Any changes to the legislative framework should not allow law enforcement to have “routine” access to the biometric databases of other branches of the UK State, such as the UK Passport images or UK driving licence images.

UK police have been using the country’s immigration and passport holder databases to conduct facial recognition searches without public disclosure. The practice was uncovered by media and digital privacy organizations in 2024, inviting concerns over privacy.

“There should be no ‘bulk washing’ of passport or driving licence images against retrospective police facial recognition for low level or volume crime,” says Plastow.

The Commissioner, however, added that a framework for searches against these databases should be established for “specific” cases, including violence against women and girls (VAWG) or Serious and Organised Crime Groups (SOCG).

Oversight and codes of practice should also be expanded to include inferential and behavioural biometrics.

“I would highlight the specific examples of the use of polygraph in England and Wales and using ANPR to profile driver behaviour as examples of the sort of ‘Biometric Wild West’ that ensues when the use of such technologies is not subject to ‘meaningful’ oversight,” says Plastow.

At the same time, England and Wales should reevaluate its definition of biometric data as it currently only covers DNA and fingerprints. The Home Office should look towards the Scottish Biometrics Commissioner Act 2020, which allows the definition of biometric data to be changed to include the latest technological developments.

Plastow is also backing the government’s plan to explore merging the functions of the Biometrics and Surveillance Camera Commissioner and the Forensic Science Regulator under a single body.

“This would of course necessitate legislative change but in my view, it is the correct strategic direction of travel,” he says.

At the same time, the Home Office should consider removing National Security Determinations (NSD’s) from the new function. These should, instead, be assigned to the Investigatory Powers Commissioner’s Office (IPCO).

The Commissioner has previously noted that the UK needs primary legislation that would help the police set clear boundaries around issues such as proportionality and necessity. In November, his office published a 4-Year Strategic Plan, which also includes a review of Police Scotland’s handling of biometric data.

The use of facial recognition in the UK is currently regulated by a combination of different regulations and standards, leaving it on shaky legal grounds. The London Metropolitan Police, for instance, has been facing a legal challenge in court over a misidentification case.

Article Topics

biometric identification  |  biometrics  |  Home Office Biometrics (HOB)  |  law enforcement  |  live facial recognition  |  real-time biometrics  |  regulation  |  Scottish Biometrics Commissioner