When Big Brother gets smarter: Face recognition software and the law

Definitely not Dave.
Definitely not Dave.

Facial recognition is not a new idea.  It’s something that’s been around for a number of years.  What’s changing is the accuracy, and therefore prominence, of it.

Facebook revealed in the summer of 2014 that it had developed “Deep Face”, a tool that could recognise whether two images show the same person 97.25 per cent of the time (only fractionally behind a human’s performance – 97.53 per cent). So we’re told it’s getting better, and as it does so the range of potential uses also increases.

Biometrics is one of the main buzzwords around internet, and in particular banking, security and facial recognition could have a part to play here. So too in advertising. These are relatively simple stories to sell.

But it doesn’t stop there. Law enforcement and other security bodies are also looking at its benefits. There have been reports of facial image databases in the USA, while in this country it’s been trialled at music festivals to try and crack down on known offenders. And it is in taking the next step that we as a society potentially risk straying into a particular shade of grey if we allow organisations to start to maintain databases of suspected offenders without sufficient consideration of legal principles.’

It’s a very complex area, but it is worth highlighting just four key points here:

  • Our justice system is based on a principle of ‘innocent until proven guilty’. By maintaining databases of suspected offenders, we risk maintaining data on innocent individuals whose image has perhaps been wrongly or maliciously stored.
  • The commission (or alleged commission) of a criminal offence such as theft, is classed as sensitive personal data under the Data Protection Act 1998. As such it is subject to greater controls, particularly with regards to the conditions for processing and sharing it.
  • Consent. If private organisations start to maintain these databases, how will they do so against the backdrop of a regulatory regime that is moving towards greater emphasis on consent? The new Data Protection Regulation places renewed focus on this concept in the future use of data.
  • Accuracy and relevance. A key issue for organisations to consider is the length of time that data is held for. A key question for databases of suspected offenders would be how long it is reasonable to maintain that individual’s image on their database, particularly in the absence of any conviction.

It is this background that means we must from the outset exercise caution. We should be careful not to undermine one of the key principles of our justice system, and at the same time ensure that the right safeguards are in place to comply with the laws that we have to protect our rights and liberties in what is becoming an increasingly connected and recorded society.

Ed Bodey is a senior Associate at Foot Anstey