Facial Recognition Cameras and GDPR
Facial recognition cameras have become a valuable tool for our law enforcement agencies in their fight against crime and terrorism over the last few years. Now, this same technology is becoming increasingly available – and increasingly affordable – for private companies to help them protect their premises, staff and assets.
But, as with standard CCTV cameras, you can’t just install them and start recording, because there are important data protection issues that you have to be aware of.
This article will examine what facial recognition CCTV cameras are, how they can help protect your business, and what you need to do to make sure you’re not breaking the law surrounding GDPR (General Data Protection Regulation).
What are facial recognition CCTV cameras?
Standard CCTV cameras record images and can be used both as a deterrent – criminals are often discouraged from carrying out a crime if they know that they are being filmed – and as evidence if they do record an incident.
A facial recognition camera, on the other hand, puts you one step ahead. As it films, it compares the faces that come into view with those on a predetermined database. That makes it great both for general protection – because it can identify known criminals or spot when someone appears multiple times in a way that might be suspicious – and for general access control.
Modern facial recognition cameras are so smart that they offer superb performance and accuracy, even when people are wearing glasses, hats or scarves. Nor will they be fooled by attempts at disguise through the use of photographs.
What is GDPR?
With more and more data being stored by businesses through their IT systems, in 2016 the EU introduced the General Data Protection Regulation (GDPR) to ensure that the data they hold is kept safely and securely and that individuals’ privacy and human rights are fully protected.
Even though the UK formally left the EU in 2021, the law still applies in identical form.
How does GDPR apply to the use of facial recognition CCTV cameras?
We previously shared our Guide to Data Protection Laws and the Use of CCTV at Commercial Property, and all of the information in that guide also applies to facial recognition cameras.
However, there are extra requirements, because once facial images are processed in such a way that they can be used to uniquely identify an individual, that data becomes biometric data. It’s important to remember that a person does not have to actually be identified for the images to qualify as biometric data – just the fact that the images have been processed in such a way that an individual can be identified is enough for them to count as biometric under GDPR. Biometric data is ‘special category’ data subject to greater controls and more complex legislation.
For instance, if you plan on using LFR (Live Facial Recognition) technology in a public place, you need to have a specific and legitimate reason for doing so, and that reason has to be sufficiently important for its use to be justified. You also need to take a “data protection by design and default” approach to its development and use – in other words, data protection has to be fully integrated into every stage, from initial design through to use, processing and storage.
It is essential that if you wish to take advantage of the benefits that facial recognition cameras offer, you should become fully conversant with all your legal requirements under GDPR.
A report in 2021 by the Information Commissioner’s Office found that out of the organisations surveyed who were using LFR in public places, none were fully compliant with the relevant requirements under GDPR.
In a subsequent opinion piece based on the above findings, the Information Commissioner observed that “While all relevant elements of the legislation apply…the central legal principles to consider before deploying LFR are lawfulness, fairness and transparency, including a robust evaluation of necessity and proportionality”. The Information Commissioner also said that “where LFR is used for the automatic, indiscriminate collection of biometric data in public places, there is a high bar for its use to be lawful”.
If you’ve carried out a data protection impact assessment and you’re satisfied that you can meet all the requirements of GDPR as it applies to facial recognition cameras, Scutum London can help with the next step.
We can supply, install and maintain the best facial recognition cameras using the latest LFR technology to provide effective protection for your business premises.
Get in touch with us now to request a free site visit and assessment for your premises in South East England, including in and around London and Surrey.
Request a Callback
Just fill in your details below and we'll get back to you as soon as we can!
About Scutum London
Scutum London is a leading expert in fire safety and security solutions for businesses and organisations located across South East England, including London and Surrey.
From fire alarms, fire extinguishers and fire risk assessments to access control, CCTV and intruder alarm systems – and a lot more besides – we offer a comprehensive range of products and services designed to keep you, your business and your staff and visitors safe.
With decades of industry experience to call on, we’re proud to hold accreditations from leading trade associations and bodies such as British Approvals for Fire Equipment (BAFE), the British Fire Consortium, the Fire Industry Association (FIA) and Security Systems and Alarms Inspection Board (SSAIB).
If you’d like to find out more about Scutum London, get in touch with our friendly team or explore our products and services on our site.