The Information Commissioner’s Office (ICO) has called for caution in the use of live facial recognition (LFR) technology in public spaces.
It has published an opinion on the issue, highlighting concerns over data protection and recommending a series of requirements for how LFR should be used.
This follows its call in 2019 for a statutory code on how police forces should use the technology, in response to worries about the potential for bias in the algorithms and intrusions into privacy.
LFR is being used by organisations other than police forces for surveillance and matching against watchlists from law enforcement agencies, along with marketing and advertising, and in security checks at airports. It also has potential for purposes such as monitoring queue times and estimating the ages of people on premises.
Identification and categorisation
The ICO opinion focuses largely on the use of LFR in the identification and categorisation of individuals and the implications for data protection. It highlights issues such as the governance of the systems, transparency and the rights of data subjects, the potential for bias and discrimination, the processing of data on children and vulnerable adults, and the governance of watchlists and escalation processes.
This leads to recommendations for the controllers of LFR systems including the need to identify a specific and legitimate purpose for their use a public place, along with a valid lawful basis and conditions for processing special category and criminal offence data.
Other steps include carrying out data protection impact assessments, ensuring the use of the technology is proportionate to its purpose, ensuring the use of any watchlists complies with data protection law, and being clear about roles and responsibilities when collaborating with law enforcement.
The industry is urged to reduce the risks of bias and discrimination in the algorithms, consider the adoption of common standards in systems, and put data protection by design and default into any new developments.
Information Commissioner Elizabeth Denham (pictured) said in a blogpost: “Facial recognition technology brings benefits that can make aspects of our lives easier, more efficient and more secure. The technology allows us to unlock our mobile phones, set up a bank account online, or go through passport control.
“But when the technology and its algorithms are used to scan people’s faces in real time and in more public contexts, the risks to people’s privacy increases.
“I am deeply concerned about the potential for live facial recognition technology to be used inappropriately, excessively or even recklessly. When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant.”
Image from Information Commissioner's Office
