Posted on

ICO issues GDPR warning to police forces over facial recognition technology

ICO issues GDPR warning to police forces over facial recognition technology

The future of facial recognition in public? Image from Thoughty2/YouTube – 10 Conspiracy Theories That Turned Out To Be True

Information Commissioner Elizabeth Denham has issued a warning to police forces, reminding them that live facial recognition technology is subject to GDPR.

“Any organisation using software that can recognise a face amongst a crowd then scan large databases of people to check for a match in a matter of seconds, is processing personal data,” warned Denham, referencing recent trials by South Wales Police and the Metropolitan Police.

“These trials also represent the widespread processing of biometric data of thousands of people as they go about their daily lives. And that is a potential threat to privacy that should concern us all,” she added, warning: “Live facial recognition is a high priority area for the ICO.”

She continued: “My office has been conducting an investigation, monitoring the trials carried out by the police. The relevant forces piloting this technology have cooperated with our investigation and the ICO has learned a lot from our deep dive in examining how it works in practice.

“Legitimate aims have been identified for the use of live facial recognition. But there remain significant privacy and data protection issues that must be addressed, and I remain deeply concerned about the roll out of this technology.”

The ICO, she revealed, has been advising the court involved in the case brought by a member of the public against South Wales Police over facial recognition trials in Cardiff city centre.

While the ICO will produce more detailed guidance following conclusion of that trial, Denham advised police forces to:

  1. Carry out a data protection impact assessment prior to each facial recognition trial, submitting data protection impact assessments to the ICO for its consideration first;
  2. Produce an ‘appropriate policy document’ covering why, where, when and how the technology is being used; and,
  3. Ensure that the software treats everyone equally.

Likewise, Denham also warned private organisations over the use of facial recognition. “We’ll consider taking regulatory action where we find non-compliance with the law,” Denham warned.

Further reading

Source: Ico Search Results