Skip to the content

ICO publishes guidance on use of biometrics data


Mark Say Managing Editor

Get UKAuthority News


Finger pressing digital face on screen
Image source:

The Information Commissioner’s Office (ICO) has published the finalised version of its guidance on the use of biometric data.

It says the guidance has been put together to explain data protection law applies in the use of data and recognition systems, and is primarily aimed at organisations that use or are considering using them.

The document sets out the key data protection concepts of what is personal information, biometric data and special category biometric data, with information on special category information and if personal information is being processed when it is deleted quickly.

Compliance and good practice

It then provides details on biometric recognition, followed by a series of processes for legislative compliance and good practice. These cover: demonstrating compliance with data protection obligations; processing biometric data lawfully and fairly; how the accuracy principle applies to the data; how to ensure the processing is transparent; how to consider rights requests for the data; and how to keep it secure.

The guidance does not apply to using the data for law enforcement purposes or by the security services.

The publication follows a consultation on a draft version that began in August of last year.

The ICO published the document on the day it issued an enforcement notice to Serco Leisure to stop using facial recognition and fingerprint matching to monitor its employees in some local authority services.


Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.