The UK privacy watchdog has ruled that any police force or private organisation using live facial recognition technology is processing personal data and needs to pay attention to data protection laws. Live facial recognition (LFR) technology that can scan crowds and then check large databases for matches in seconds is processing personal data, according to the Information Commissioner’s Office (ICO). This is a key preliminary finding of an ICO investigation into police trials of the technology and comes just days after an independent report into the application of the technology by a UK police force found that the use of LFR by the Metropolitan Police could be held unlawful if challenged in court. In case you are covering this story, I thought you might be interested in a comment from Tamara Quinn, Partner specialising in data privacy and intellectual property at international law firm Osborne Clarke.
Tamara Quinn, Partner at International Law Firm Osborne Clarke:
“There’s a lot of excitement around the use of face recognition systems. While the benefits are endless, businesses must also consider the risks that arise from deploying face recognition systems as they need to take appropriate steps to comply with the law. Facial recognition and video surveillance are covered by a complex web of regulations which isn’t easy to navigate, plus there is reputational risk if companies aren’t seen to be taking privacy seriously.
Under the GDPR, use of biometrics, such as facial recognition systems, is covered by stricter safeguard than ordinary personal data. For many companies, this means that they may need to get consent from every person scanned and prove that these individuals were fully informed and have given consent freely, without pressure or being penalised for not participating.
With the ICO promising to pay closer attention to private organisations that use facial recognition systems that cover public areas, businesses should act now to ensure that their software doesn’t break the law. And this can include reassessing the use of external cameras overlooking the street, public parking or other communal spaces. As well as making sure that their systems comply with strict legal requirements, companies should be looking at their contracts with external suppliers of these systems, to make sure that they have strong legal protections in place.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.