The ICO has called on the government to establish a statutory code of practice on the use of live facial recognition (LFR) technology in public spaces, saying current laws do not go far enough to manage its ethical risks.

Following an investigation on how the Metropolitan Police Service and South Wales Police trialled LFR, the ICO said there were "serious concerns" about the use of a technology that depends on large amounts of sensitive personal information.

Information commissioner Elizabeth Denham has issued her first commissioner’s opinion on the subject, which outlines the data protection rules police forces must follow in their deployment of LFR.

Denham said: "There is a balance to be struck between the privacy that people rightly expect when going about their daily lives and the surveillance technology that the police need to effectively carry out their role. Police forces must provide demonstrably sound evidence to show that LFR technology is strictly necessary, balanced and effective in each specific context in which it is deployed."

The Data Protection Act 2018 says live facial recognition for law enforcement purposes constitutes ‘sensitive processing', as it involves the processing of biometric data. 

While the high court ruled that South Wales Police’s use of the technology was lawful, Denham warned that this should not be taken as a "blanket authorisation" for all police forces to use LFR systems.

Denham said: "From a regulator’s perspective, I must ensure that everyone working in this developing area stops to take a breath and works to satisfy the full rigour of UK data protection law. Moving too quickly to deploy technologies that can be overly invasive in people’s lawful daily lives risks damaging trust not only in the technology, but in the fundamental model of policing by consent."