The Information Commissioner has published a report on the use of live facial recognition (LFR) technology. There are several legal requirements for the use of LFR, including the need to identify a lawful basis to process the data.

Criminal defence solicitors – England and Wales

If you need a criminal defence solicitor, contact us at Ashmans. We specialise in criminal defence law and represent clients across England and Wales. We offer free police station representation and are available to take your call 24 hours a day, 7 days a week.

What is live facial recognition?

Facial recognition is a kind of technology that rapidly maps a face in order to identify an individual. Live facial recognition happens in real-time, like CCTV. A camera captures your image and compares it to stored facial templates to see if there’s a match. It’s often used for surveillance purposes to prevent crime or antisocial behaviour.

According to the Metropolitan police website: ‘LFR cameras are focused on an area; when people pass through the area their image is streamlined directly to the live facial recognition system. This system contains a ‘watchlist’: a list of offenders wanted by the police or the courts, or those who pose a risk of harm to themselves or others’.

Concerns over live facial recognition

Although LFR is not widely deployed, it does pose serious safety and data protection risks. This has now been acknowledged by the UK’s Information Commissioner, Elizabeth Denham. She has expressed concern about the risk to people’s privacy when the technology is used to scan faces in real-time, and in a more public context.

A facial biometric template is considered to be of an ‘intrinsically private character’, just like DNA. This has been confirmed by the courts. Clearly, if this sensitive data fell into the wrong hands, it could be used excessively, recklessly or inappropriately. This is all the more worrying if data is collected on a mass scale without people’s knowledge.

Information Commissioner’s report

These concerns have prompted the Information Commissioner to publish a paper on the use of LFR for the purposes of identification and categorisation. She identifies several key data protection issues, including:

  • A lack of control and choice for individuals
  • The effectiveness of the systems
  • The potential for bias and discrimination
  • The automatic collection of data at speed and scale without clear justification

The Information Commissioner states that controllers of LFR technology should carry out rigorous assessments to ensure they are meeting the legal requirements for the use of LFR. She has said that she now intends to do an audit of LFR systems in deployment across the country.

What are the legal requirements?

So, what exactly are the legal requirements for the use of LFR technology? In fact, for the use of LFR to be lawful, there are several factors that must be met. In particular, there is a high bar for the lawful use of LFR in public places which automatically and indiscriminately collects biometric data.

The key legal requirements are:

  • The controller must identify a specified, explicit and legitimate purpose for using LFR in a public place.
  • The controller must identify a valid lawful basis and meet its requirements.
  • The controller must identify conditions for processing special category data and criminal offence data, where required, and meet their conditions.
  • The use must be necessary and a targeted and effective way to achieve the controller’s purpose.
  • The controller must consider alternative measures and demonstrate that they cannot reasonably achieve their purpose using a less intrusive measure.
  • The use of LFR must be proportionate and of sufficient importance to justify any privacy intrusion or impact on individuals.
  • The LFR should be technically effective and sufficiently statistically accurate.
  • The controller should address the risk of bias and discrimination and must ensure fair treatment of individuals.
  • Clear and transparent information must be provided about how the personal data is processed
  • The controller should undertake a DPIA
  • The assessment must consider the risks and potential impacts of the processing on the interests, rights and freedoms of data subjects
  • There must be compliance with data protection principles and accountability for the use of personal data.

There have been a number of legal challenges against the use of LFR, including one against South Wales police in 2020. If the police fail to meet the legal requirement for the use of LFR in your case, then you could also have grounds for a challenge. This is a complicated area of law, so it is vital to instruct a specialist solicitor to represent.

Criminal solicitors – England and Wales

We are experts in criminal law and will explore every avenue in pursuit of your defence.

If you have been accused of a criminal offence, call us on 0333 009 6275. You can also email us at or complete our Free Online Enquiry Form and we will contact you.

We are available to take your call 24 hours a day, 7 days a week. We also offer free police station representation.