Question to the Home Office:

To ask the Secretary of State for the Home Department, whether she plans to expand the use of live facial recognition technology for non-criminal matters.

Live facial recognition technology, which involves processing live video footage of people passing a camera, is used in England and Wales to help locate people who are wanted by the police, in public spaces. The College of Policing has produced national guidance in the form of an Authorised Professional Practice (APP), setting out when the police can use live facial recognition and the categories of people they can look for. These include individuals wanted by the police or the courts, suspects, missing or vulnerable people, or those posing a risk of harm to themselves or others. In each case, inclusion on a watchlist must be justified and authorised, and must pass the tests of necessity, proportionality and use for a policing purpose.

On 4 December the Government launched a consultation on establishing a new legal framework which focuses on the use of facial recognition and similar technologies by law enforcement organisations, for a law enforcement purpose.

The consultation seeks views on whether seriousness of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology. The consultation also asks for views on what factors are relevant to consider when assessing ‘seriousness’ of harm and for which purposes should law enforcement organisations be allowed to use these technologies.

The consultation also explains that the new legal framework will apply to law enforcement organisations. This would include all police forces in England and Wales, and national and specialist law enforcement agencies like the British Transport Police and National Crime Agency and for law enforcement activity by other public bodies such as the Environment Agency, HMRC or Border Force.

We are aware that facial recognition and similar technologies are used more broadly across the public and private sectors. For example, we know that nightclubs use it to help identify barred patrons. Where that is the case they must comply with all relevant existing legislation including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and guidance, with the Information Commissioner’s Office (ICO) as the principal regulator.

Through the consultation we will therefore also consider whether public and private sector organisations ought to have due regard to the new legal framework and especially to any best practice established as a result.