Companies in Britain face large fines if they break privacy rules by using powerful facial recognition software recklessly to target people in public places, a watchdog said on Friday.
Elizabeth Denham, the UK's information commissioner, said people in the UK had the right to go shopping or tour a city without having "our biometric data collected and analysed with every step we take" by what she called supercharged security cameras.
"I am deeply concerned about the potential for live facial recognition technology to be used inappropriately, excessively or even recklessly," she said.
“When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant.”
The use of live facial recognition is controversial in the UK, where the world's first legal challenge to police use of the technology was launched. London is one of the top 10 cities in the world for numbers of security cameras with 400 per square kilometre, according to data company Surfshark.
Cameras using the software are used to scan faces in streets and football stadiums and at major public events. Images can then be compared with a database of people of interest, including those suspected of criminal offences.
But the mass harvesting of data raises concerns about how the information is used, what safeguards are in place and the accuracy of identification.
Judges ruled last year that the use of the technology by South Wales Police breached privacy rights, data protection and equality rules. The ruling came after a complaint by an activist that his face was scanned while shopping in Cardiff and at a peaceful anti-armaments protest.
The judgment meant the police force – leading the use of the technology for UK law enforcement – was forced to halt the long-running trial, although the ruling did not ban its use outright.
The private landowners of a prestigious development in London also halted the use of the software after a public outcry in 2019 because it captured and analysed pictures of people without their consent.
Lack of public trust in LFR systems
In a report detailing extensive legal concerns, Ms Denham said there was the potential to overlay the data information from social media in the future that could target unwitting members of the public with personalised advertising.
She said her comments were informed by six cases in which none of the organisations involved were able to fully justify the systems or demonstrate compliance with law, and they all chose to stop the use of facial recognition schemes.
She highlighted bans on the technology in some US cities where people did not trust the systems.
“Without trust, the benefits they may offer are lost,” she said. “If used properly, there may be benefits. LFR has the potential to do significant good – helping in an emergency search for a missing child, for example.”
She also cited more efficient passport checks and setting up bank accounts. But she said companies needed to show that less intrusive techniques would not work.
"It is not my role to endorse or ban technology but, while this technology is developing and not widely deployed, we have an opportunity to ensure it does not expand without due regard for data protection," she said.
“My office will continue to focus on technologies that have the potential to be privacy invasive ... where necessary we will tackle poor compliance with the law.”
The information commissioner’s office has the power to impose financial penalties of up to 4 per cent of a company's global turnover for breaches of the rules.
