The Information Commissioner’s Office (ICO) has recently conducted its first data protection audit of UK police forces using facial recognition technology (FRT). The audit focused on South Wales Police and Gwent Police and examined how they handle and protect individuals’ personal information when utilizing facial recognition technology. The ICO’s findings were positive, indicating a high level of compliance with data protection laws by both police forces.
The audit specifically looked into the necessity and proportionality of using FRT, the fairness and accuracy of its design, and overall compliance with UK data protection regulations. The audit revealed that both South Wales Police and Gwent Police have implemented processes and procedures to ensure human oversight, mitigate discrimination risks, and assess the necessity and proportionality of each deployment of facial recognition technology.
While the audit provided assurance of compliance, it also highlighted areas for improvement that other police forces looking to deploy FRT can learn from. The audit emphasized the importance of ongoing oversight and scrutiny of facial recognition technology to demonstrate fairness, legitimacy, and ethical use.
The ICO made recommendations to the police forces regarding data retention policies and internal procedures, but did not provide specific details in the executive summary. Questions remain about how police forces assess the necessity and proportionality of their FRT deployments, especially concerning watchlist creation and selection criteria for images.
In response to the audit, the EHRC has joined a judicial review of the Met Police’s use of live facial recognition technology, raising concerns about the need for clear rules to ensure lawful and proportionate deployment. The involvement of EHRC adds another layer of scrutiny to the use of facial recognition technology by law enforcement agencies.
Overall, the audit highlights the importance of ongoing supervision and regulation of AI and biometric technologies, with the ICO focusing on creating clear regulatory expectations and best practices for police forces using facial recognition technology. The outcomes of these audits will be included in a report to be released in spring 2026, aiming to influence the wider landscape of AI and biometrics use in law enforcement.
