The Information Commissioner has addressed privacy concerns around the use of live facial recognition (LFR) technology in public places by private companies and public organisations.
The statement notes that while facial recognition technology can help make people’s lives easier, efficient and secure, it also puts privacy at risk. According to the statement, the Information Commissioner’s Office (ICO) has set out rules of engagement for the use of LFR.
In addition, the opinion explains how data protection and people’s privacy must be at the heart of any decisions to deploy LFR.
“When the technology and its algorithms are used to scan people’s faces in real-time and in more public contexts, the risks to people’s privacy increases,” the opinion from Information Commissioner Elizabeth Denham reads.
“I am deeply concerned about the potential for live facial recognition technology to be used inappropriately, excessively or even recklessly. When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant.
“We should be able to take our children to a leisure complex, visit a shopping centre or tour a city to see the sights without having our biometric data collected and analysed with every step we take,” she adds.
The opinion warned that CCTV, LFR and its algorithms have the power to automatically identify people and infer sensitive details about them. With this data, people can be profiled in real time. This enables companies or law enforcement to serve up personalised adverts or match people against known shoplifters when shopping.
“In future, there’s the potential to overlay CCTV cameras with LFR, and even to combine it with social media data or other ‘big data’ systems – LFR is supercharged CCTV,” Denham warned.
“It is not my role to endorse or ban a technology but, while this technology is developing and not widely deployed, we have an opportunity to ensure it does not expand without due regard for data protection.”
The Information Commissioner was informed in part by six ICO investigations into the use, testing or planned deployment of LFR systems, as well as an assessment of other proposals that organisations sent to it.
“It is telling that none of the organisations involved in our completed investigations were able to fully justify the processing and, of those systems that went live, none were fully compliant with the requirements of data protection law. All of the organisations chose to stop, or not proceed with, the use of LFR.”
- GDPR and the Cloud | How Brexit will affect data storage
- XpoNorth 2021 | New technology driving resilience
- Diverse talent pool being bypassed by Scottish tech firms, SDS says
The opinion explains how the law sets a high bar to justify the use of LFR and its algorithms in places where we shop, socialise or gather.
When seeking to utilise the technology, “organisations will need to demonstrate high standards of governance and accountability from the outset, including being able to justify that the use of LFR is fair, necessary and proportionate in each specific context in which it is deployed,” the opinion states. “They need to demonstrate that less intrusive techniques won’t work.
“Organisations will also need to understand and assess the risks of using a potentially intrusive technology and its impact on people’s privacy and their lives. For example, how issues around accuracy and bias could lead to misidentification and the damage or detriment that comes with that.”
Denham said that her office will continue to focus on technologies that have the potential to be privacy invasive, working to support innovation while protecting the public and tackle poor compliance with the law where necessary.
“We will work with organisations to ensure that the use of LFR is lawful, and that a fair balance is struck between their own purposes and the interests and rights of the public.
In addition, the statement reads that the ICO will also engage with government, regulators and industry, as well as international colleagues to ensure data protection and innovation can continue to work together.
She added: “With any new technology, building public trust and confidence in the way people’s information is used is crucial so the benefits derived from the technology can be fully realised.