The world is at the beginning of an ambitious new revolution in the collection, use and processing of biometric data both by public authorities and the private sector. In almost every aspect of our lives – from online identification, to health status and law enforcement – our biometric data is being collected and processed in a way that previously would have been considered unimaginable. In order to protect our fundamental rights, particularly our data and privacy rights, this revolution in biometric data use will need to be accompanied by a similarly ambitious new legal and regulatory regime. The increasing use of live facial recognition (LFR), which we discuss in this Review, is perhaps the clearest example of why a better legal and regulatory framework for biometric data is needed urgently. It is important to acknowledge that in the last 20 years there have been huge legislative changes around the use and processing of personal data, including the EU General Data Protection Regulation (GDPR), mirrored by the UK General Data Protection Regulation. There are even more dramatic legal changes in the pipeline, such as the forthcoming EU Artificial Intelligence Draft Regulation (‘the AI Act’). However, these legislative changes have not brought sufficient clarity to the regulation of biometric technologies. There remains legal uncertainty as to when, if at all, techniques such as LFR can be used in accordance with the law, and how the use of biometric data should be regulated.
This Review has sought to address that uncertainty by assessing the existing legal and regulatory framework and by making 10 recommendations.
Authors
- Published in
- United Kingdom
