Are you considering using facial recognition technology in your business?
If the security of your site is an issue you may be considering installing facial recognition technology.
However, there are some issues to be considered before you go ahead.
The technology is relatively new and there have been questions about its use and its accuracy both in the UK and in the USA.
In the UK the Metropolitan Police invited the University of Essex to study the force’s trials of its facial recognition software and researchers concluded that only in 19% of the 42 cases studied could they be sure the force had identified the right person.
Then there are the privacy issues.
The ICO (Information Commissioners Office) announced this month that it would be studying the use of the technology following an outcry over its widespread use at King’s Cross Station in London.
It has already warned businesses that they needed to demonstrate its use was “strictly necessary and proportionate” and had a clear basis in law.
While there are those who argue that facial recognition technology is a useful law enforcement tool for helping keep public spaces safe from criminals and terrorists, others argue that its use is a gross invasion of privacy.
Since the introduction of GDPR (General Data Protection Regulations) businesses and organisations have a duty of care to protect any personal data they collect from users of their services, customers and clients.
In this context it would also apply to employees. It may be useful and more efficient if employees can gain easy access to their offices and IT equipment via facial recognition technology, but you should be very careful about how much information on them you store.
Under GDPR, as face recognition technology (or FRT) collects information of a person’s facial features, its classed under biometric data, which is labelled as “sensitive personal data”.
The regulations do include exemptions which allow the use of FRT in the following circumstances:
- If the user has given his/her consent willingly
- If biometric information is required for carrying out employment, social security, or social protection obligations
- If biometric data is required to protect the vital interests of the individual and he/she is incapable of giving consent
- If it’s required for legal issues
- If biometric data is necessary to aid in public interest such as health
So if you are considering using FRT in your business the crucial thing to do is to make sure you have user consent, that it is a positive opt-in to allow it and that there has been no implicit or explicit coercion. You should also make clear what information will be collected and name any third parties with whom it will be shared.
Above all, you must have clear documentation of all this and it should be made clear that people can opt out whenever they wish.