ICO neuters UK police use of facial recognition technology

Forces must assess data protection risks and eradicate racial bias from the software or face GDPR action

Man using facial recognition on phone

Live facial recognition (LFR) deployments by police forces across the UK have been dealt a blow after the UK data regulator confirmed its use falls under the umbrella of data protection.

In the midst of ongoing rows between law enforcement agencies and digital rights campaigners, the Information Commissioner's Office (ICO) has clarified LFR "is a potential threat to privacy" and a "high priority area".

The data regulator has advised police forces using facial recognition to carry out a full data protection impact assessment (DPIA), which must then be subsequently updated for each deployment. This is due to the sensitive nature of the processing, the volume of people affected, and the intrusion that can arise.

Forces must then submit these assessments to the ICO for consideration prior to any discussions between the two parties as to how the privacy risks can be mitigated. Any violations will be adjudicated under the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We understand the purpose is to catch criminals," the Information Commissioner Elizabeth Denham said in a blog post. "But these trials also represent the widespread processing of biometric data of thousands of people as they go about their daily lives.

"I believe that there needs to be demonstrable evidence that the technology is necessary, proportionate and effective considering the invasiveness of LFR."

A small number of police forces, including the Met Police and South Wales Police, have been trialling facial recognition in public spaces for more than a year. But the effectiveness of the software has come under heavy scrutiny, particularly after research found the failure rate can be as high as 98%.

Several reports alluding to high inaccuracy rates, as well as concerns about legality, led the ICO to launch a probeinto ongoing trials towards the end of last year. This investigation is ongoing and is also pending the outcome of a legal challenge against South Wales Police made in May.

"Legitimate aims have been identified for the use of LFR," Denham continued, adding the ICO has learned a lot from its deep dive into how LFR works in practice.

"But there remain significant privacy and data protection issues that must be addressed, and I remain deeply concerned about the rollout of this technology."

Advertisement - Article continues below

The ICO argues LFR significantly differs to CCTV, and that facial recognition systems haven't yet resolved potential instances of racial bias; where more false positive matches are generated from certain ethnic groups.

In addition to full DPIAs, police forces must produce a bespoke 'appropriate policy document' to set out why, where, when and how LFR is being used. This is in addition to ensuring the algorithms within the software to not treat the race or sex of individuals unfairly.

This aspect of deployments, however, may be beyond the reach of individual police forces given the software powering the technology is developed by a third-party vendor.

Use of such technology in the criminal justice system, particularly artificial intelligence (AI)and facial recognition technology, has come under fire for bias and discrimination in the UK, and in the US.

Advertisement
Advertisement - Article continues below

For example, according to one report, the Met Police's counterparts in New York were abusing facial recognition technology to arrest people when CCTV images were too unclear to identify suspects.

In extreme cases, New York Police Department (NYPD) officers took high-resolution pictures of a suspect's celebrity doppelgnger to generate a match with another license database.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020