Sainsbury’s is trialling facial recognition cameras in London and Bath. The idea is to spot repeat offenders and protect staff. But under the Data Protection Act (DPA) 2018 and UK GDPR, this isn’t just another CCTV upgrade. Biometric data is the most sensitive data there is and the law says its use must be necessary, proportionate and properly safeguarded. B P Collins’ criminal team explores what this could mean for you.
Facial recognition isn’t new. The Metropolitan Police already deploys it in public spaces. Under the DPA, it argues it is necessary for law enforcement purposes to prevent and detect crime. However, if a camera wrongly flags you as a thief or suspect, the burden suddenly shifts. You must prove you aren’t who the technology says you are, which runs directly against the presumption of innocence. This is why, while some argue they have no issue with facial recognition itself, the real concern is that software can and does fail. The Horizon scandal showed how devastating it is when unreliable systems are treated as infallible, and unlike Horizon, facial recognition has the potential to affect us all.
So, who decides whether the use of biometric data is “necessary, balanced and proportionate”? In theory, the Information Commissioner’s Office regulates supermarkets, and courts can review police use. In practice though, oversight could be patchy and may only kick in after something has gone wrong.
Facial recognition can be a useful tool in fighting crime, but it requires independent scrutiny, transparency and real accountability.
If you’ve been accused of wrongdoing after being identified through CCTV, please contact B P Collins’ criminal team in complete confidence by emailing enquiries@bpcollins.co.uk or call 01753 889995.
Related Articles
