sb-as logo
Story image

UK privacy watchdog 'deeply concerned' about live facial recognition

17 Jul 2019

The UK’s Information Commissioner Elizabeth Denham has cast a harsh light on how every organisation that uses facial recognition to identify certain people are a threat to all citizens’ privacy, so those organisations must comply with data protection laws.

The privacy watchdog says that any police force or organisation that uses live facial recognition  (LFR) technology - in which crowds can be scanned and compared against databases for matches in mere seconds - is processing personal data.

The South Wales Police and Met Police are two organisations that have been trialling LFR technology. While police are generally trying to identify those who are linked to criminal activity, they are also processing biometric data belonging to thousands of innocent people.

“That is a potential threat to privacy that should concern us all,” says Denham.

The Information Commissioner’s Office (ICO) has been monitoring how police use LFR trials. Police have been fully cooperative and the ICO understands the practical benefits of the technology, but there are still ‘significant’ privacy and data protection issues that are not being addressed. 

Denham says she remains deeply concerned about LFR technology’s rollout. She wants to see demonstratable evidence that the technology is necessary, effective and proportionate to the amount of privacy invasion the technology imposes.

“There is also public concern about LFR; it represents a step change from the CCTV of old. There is also more for police forces to do to demonstrate their compliance with data protection law, including in how watch lists are compiled and what images are used. And facial recognition systems are yet to fully resolve their potential for inherent technological bias; a bias which can see more false positive matches from certain ethnic groups.”

Osborne Clarke is an international law firm. Partner Tamara Quinn offers comment:

“There's a lot of excitement around the use of face recognition systems. While the benefits are endless, businesses must also consider the risks that arise from deploying face recognition systems as they need to take appropriate steps to comply with the law.  Facial recognition and video surveillance are covered by a complex web of regulations which isn't easy to navigate, plus there is reputational risk if companies aren't seen to be taking privacy seriously."

“With the ICO promising to pay closer attention to private organisations that use facial recognition systems that cover public areas, businesses should act now to ensure that their software doesn’t break the law. And this can include reassessing the use of external cameras overlooking the street, public parking or other communal spaces. As well as making sure that their systems comply with strict legal requirements, companies should be looking at their contracts with external suppliers of these systems, to make sure that they have strong legal protections in place.”

While the courts examine how to construct a framework that safeguards privacy, in particular the case of R v Chief Constable of South Wales Police, any force that aims to deploy LFR must consider a range of concerns. These include:

•    Carrying out a data protection impact assessment and updating it for each deployment - because of the sensitive nature of the processing involved in LFR, the volume of people affected, and the intrusion that can arise. 
•    Producing a bespoke ‘appropriate policy document’ to cover the deployments - it should set out why, where, when and how the technology is being used.
•    Ensuring the algorithms within the software do not treat the race or sex of individuals unfairly.”
•    In the UK, law enforcement organisations are advised to submit data protection impact assessments to the ICO for consideration, with a view to early discussions about mitigating risk.

Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More
Story image
McAfee names ThreatQ innovation partner of the year
ThreatQuotient has been named McAfee Global Security Innovation Alliance Partner of the Year for the second consecutive year.More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More