Brian Sims
Editor
Brian Sims
Editor
INFORMATION COMMISSIONER Elizabeth Denham has commented extensively on privacy issues around the use of live facial recognition technology in public places, duly expressing “deep concern” about the potential for such technology to be deployed “inappropriately, excessively or even recklessly”.
Facial recognition technology realises benefits that can make aspects of our lives easier, more efficient and more secure. The technology allows us to unlock our mobile phones, set up a bank account online or go through passport control.
That said, when the technology and its algorithms are used to scan people’s faces in real-time and in more public contexts, the potential risks posed to individuals’ privacy increases.
Writing in a blog on the Information Commissioner’s Office (ICO) website, Elizabeth Denham states: “I am deeply concerned about the potential for live facial recognition technology to be used inappropriately, excessively or even recklessly. When sensitive personal data is collected on a mass scale without people’s knowledge, choice or control, the impacts could be significant.
We should be able to take our children to a leisure complex, visit a Shopping Centre or tour a city to see the sights without having our biometric data collected and analysed with every step we take.”
Unlike CCTV, live facial recognition technology and its algorithms can automatically identify who you are and infer sensitive details about you. It can be used to instantly profile you to serve up personalised adverts or match your image against known shoplifters as you do your weekly grocery shop. “In the future,” asserts the Information Commissioner, “there’s the potential to overlay CCTV cameras with live facial recognition and even to combine it with social media data or other Big Data systems. Live facial recognition is ‘supercharged’ CCTV.”
Further, Denham has observed: “It’s not my role to endorse or ban a technology but, while this technology is developing and not widely deployed, we have an opportunity to ensure that it doesn’t expand without due regard for data protection.”
Commissioner’s Opinion
Denham has authored a Commissioner’s Opinion on the use of live facial recognition in public places by private companies and public organisations. It explains how data protection and people’s privacy must be at the heart of any decisions to deploy such technology and goes on to outline how the law sets a high bar to justify the use of live facial recognition and its algorithms in those environments where we shop, socialise or gather.
“It’s rooted in law,” continues Denham, “and informed in part by six ICO investigations into the use, testing or planned deployment of live facial recognition systems, as well as our assessment of other proposals that organisations have sent to us. Uses we’ve seen have included addressing public safety concerns and creating biometric profiles to target people with personalised advertising.”
According to Denham, it’s “telling” that none of the organisations involved in the ICO’s completed investigations were able to fully justify the data processing involved and, of those systems that went live, it seems that none of them were fully compliant with the requirements of data protection law. All of the organisations chose to stop – or otherwise not proceed with – the use of live facial recognition.
“With any new technology,” explains the Information Commissioner, “building public trust and confidence in the way people’s information is used is crucial such that the benefits derived from the technology can be fully realised.
In the US, people didn’t trust the technology. Some cities banned its use in certain contexts and certain major companies have paused facial recognition services until there are clearer rules. Without trust, the benefits that the technology may offer are lost. If used properly, there may be benefits. Live facial recognition has the potential to do significant good.”
Rules of engagement
The Commissioner’s Opinion “sets out the rules of engagement” and builds on the ICO’s opinion on the use of live facial recognition by police services, as well as setting a high threshold for the technology’s use.
On that note, Denham has commented: “Organisations will need to demonstrate high standards of governance and accountability from the outset, including being able to justify that the use of live facial recognition is fair, necessary and proportionate in each specific context in which it’s deployed. They need to demonstrate that less intrusive techniques will not work. These are important standards that require robust assessment.”
Organisations will also need to understand and assess the risks of using a potentially intrusive technology and its impact on people’s privacy and their lives. For example, how issues around accuracy and bias could lead to misidentification and the damage or detriment that comes with that.
Denham concludes: “My office will continue to focus on technologies that have the potential to be privacy invasive, working to support innovation while protecting the public. Where necessary, we will tackle poor compliance with the law. We will work with organisations to ensure that the use of live facial recognition is lawful and that a fair balance is struck between the specific purposes of those organisations and the interests and rights of the public. We will also engage with Government, regulators and industry, as well as international colleagues, to make sure data protection and innovation can continue to work hand in hand.”