On paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracyIn data protection terms, the concept of ensuring data is not incorrect or misleading., takes the guesswork out of identifying perpetrators, helps protect businesses, and reduces crime. All in all, it offers extraordinary potential in offender identification, threat detection, and access control. However, despite its benefits, LFR technology brings significant data protection and compliance challenges that organisations must carefully address before deployment.
In this blog, we delve into the challenges of LFR implementation and data protection compliance. Using a night-time economy scenario, we explain how businesses can navigate these challenges whilst maximising the technology’s advantages for safety and security.
The night-time economy has some unique challenges for security management. Clubs, bars, and other venues often struggle to identify individuals who’ve been banned or who pose security risks. Typically, it relies heavily on human memory, which is particularly error-prone in tough conditions such as low-light conditions and crowded environments.
Enter LFR technology. By combining LFR software with Body Worn Video (BWV) cameras, security staff can identify potential threats accurately and swiftly. But this technology does raise its own unique set of privacy concerns around data protection.
The good news is that organisations can address these challenges with a comprehensive data protection strategy. One that balances security with privacy concerns by incorporating the following key practices:
Be open and honest about your LFR deployment with everyone who needs to know. Issue press releases, hold public consultations, and run webinars. Provide clear information in the form of privacy notices for data subjects that include information about the technology’s use, purpose, and safeguardsWhen transferring personal data to a third country, organisations must put in place appropriate safeguards to ensure the protection of personal data. Organisations should ensure that data subjects' rights will be respected and that the data subject has access to redress if they don't, and that the GDPR principles will be adhered to whilst the personal data is in the..., and you’ll build trust and get ahead of any public concerns.
Unlike traditional CCTV, BWV cameras have a much more intimate deployment profile and therefore a narrower field of vision. This reduces excessive data capture, meaning less collateral intrusion and interference with the data protection rights of individuals not on a designated ‘watchlist’. What’s more, BWV cameras can also assist organisations in adhering to the principle of data minimisation when used correctly.
Processing data quickly and deleting images that are not on any identified ‘watchlist’ near instantaneously can address concerns about excessive data retentionData retention refers to the period for which records are kept and when they should be destroyed. Under the General Data Protection Regulation (GDPR), data retention is a key element of the storage limitation principle, which states that personal data must not be kept for longer than necessary for the purposes for which the personal data are processed., while ensuring only relevant data is kept thereby reducing data protection risks.
Carefully managing the reference database of images used for matching can help limit the scope of data processing, ensure limited data is processed and improve accuracy of any potential matches.
Before deploying LFR technology, you’ll need to carry out a comprehensive and detailed Data Protection Impact AssessmentA formal documented assessment which allows decision-makers to identify, manage and mitigate any data protection risks associated with a project. (DPIA). This will help identify and mitigate risks associated with the processing of personal dataInformation which relates to an identified or identifiable natural person., including special category dataTypes of personal data listed in Article 9(1) GDPR that are considered sensitive and thus require extra protection. Article 9(1) lists data relating to: • racial or ethnic origin • political opinions • religious or philosophical beliefs • trade union membership • genetic data • biometric data • health • sex life • sexual orientation Where these types of personal... like biometrics.
To make sure LFR systems are effective, fair, and maintain compliance standards, your organisation should also:
As LFR technology evolves and finds new applications, having strong data protection processes and procedures in place will become ever-more important. Organisations will need to keep up to date with new regulations, too, whether driven by EU or UK GDPRThe UK General Data Protection Regulation. Before leaving the EU, the UK transposed the GDPR into UK law through the Data Protection Act 2018. This became the UK GDPR on 1st January 2021 when the UK formally exited the EU. or CCPA in the US.
By carefully balancing security needs with data protection rights, organisations can reap the benefits of LFR technology, all whilst keeping compliant with data protection regulations. As we move forward, the responsible deployment of such technologies – whatever the sector – will be key to building public trust and ensuring their long-term success.
For a real-life example of LFR deployment, read our Reveal Media case study.
To better understand some of the key issues surrounding live facial recognition data protection compliance and BWV cameras, read this interview with specialist DPO, Paul Collier, by the Dutch Association of Data Protection Officers (NGFG). You’ll need to translate it into English.
Get in touch with our team if you’re interested in how we can help support your LFR deployment and support your data protection compliance.
______________________________________________________________________________________________________________________________
In case you missed it…
______________________________________________________________________________________________________________________________
For more news and insights about data protection follow The DPO Centre on LinkedIn
Fill in your details below and we’ll get back to you as soon as possible