The UK Information Commissioner has issued an opinion on the use of live facial recognition (LFR) technology in public spaces, based on the assessment of 14 examples of LFR deployments and proposals. The Commissioner found that none of the organisations involved in these assessments were able to fully justify the processing of personal data in the context of the LFR systems, and, where systems were live, none were fully compliant with the requirements of data protection law. However, all organisations chose to stop or not proceed with the use of the technology. The opinion highlights several key data protection issues that can arise where LFR is used for the automatic collection of biometric data in public spaces: the governance of LFR systems, including why and how they are used; the automatic collection of biometric data at speed and scale without clear justification, including of the necessity and proportionality of the processing; a lack of choice and control for individuals; transparency and data subjects’ rights; the effectiveness and the statistical accuracy of LFR systems; the potential for bias and discrimination; the governance of watchlists and escalation processes; the processing of children’s and vulnerable adults’ data; and the potential for wider, unanticipated impacts for individuals and their communities. Organisations that want to deploy LFR systems need to demonstrate high standards of governance and accountability, and justify that the use of LFR is fair, necessary, and proportionate. They also need to assess the risks of using a potentially intrusive technology and its impact on people’s privacy and lives.

cross-circle