The Protection of Freedoms (PoF) Act received Royal Assent on 1 May will govern the use of individuals' data in a variety of contexts, including in relation to CCTV and ANPR technology.
The code "must contain guidance" on at least either "the development or use of surveillance camera systems" or "the use or processing of images or other information obtained by virtue of such systems", but may contain guidance on both, the Act said.
The code could set out guidance on the appropriate use of surveillance cameras, their locations, the publication of information about the systems as well as who should have access to the information gathered and how and when that information can be disclosed.
The Home Office said the new surveillance camera code would ensure a more "proportionate and effective" use of the technology. Compliance with the new code will be overseen by a new Surveillance Camera Commissioner.
The Home Office said that "commencement orders" would be issued from July to enact some of the measures in the PoF Act.
The PoF Act also sets out new laws governing the retention and destruction of DNA and fingerprint profiles of suspected and convicted criminals. Last year the UK's Supreme Court ruled that police guidelines that allowed DNA samples taken during criminal investigations to be retained indefinitely were unlawful because it violated individuals' rights to privacy as guaranteed by human rights laws.
DNA and fingerprint samples can be retained "indefinitely" under the PoF Act in select circumstances, including where arrested suspects have been guilty of a serious crime previously. If those arrested suspects have no such previous conviction, their data must be destroyed after a three year period. Police can ask a district judge to issue an order enabling them to retain the information for a further two years, although this request can be appealed against.
The PoF Act requires that DNA or fingerprint samples must be destroyed if "it appears to the responsible chief officer of police that" it has been gathered unlawfully or from a third-party person in connection with a suspected criminal's arrest where the arrest was unlawful or based on mistaken identity.
However, DNA or fingerprint profile details can be retained beyond the expiry of retention periods for national security purposes unless a Biometrics Commissioner decides that it is "not necessary" for those purposes that the information is retained. The Human Rights Joint Committee had criticised this clause in its scrutiny of the draft PoF proposals.
The Committee had said the clause would "create a broad 'catch all' discretion for the police to authorise the retention of material indefinitely for reasons of national security." There had, at that point, been no "justification" why the power was "necessary and proportionate", it had said..
Schools and further education bodies will not always need parents' consent in order to legitimately process 'biometric data' about children under the new laws.
Schools and further education bodies will be able to process "physical or behavioural characteristics or features" about a child and store the information in a system that can be used to automatically match those traits to verify individuals' identity. The precise data processed and collected may relate to individuals' skin patterns, features of their eyes or about their voice and handwriting techniques, according to the Act.
Although the Act requires that parents generally be notified about the schools or bodies' intentions to process biometric data about their children and obtain consent from at least one parent to conduct the activity, there are exceptions where processing can go ahead without parental consent.
Those exceptions include if a parent cannot be found, if they lack mental capacity to consent or if parents cannot be contacted for child welfare reasons, but also if "it is otherwise not reasonably practicable to notify the parent or (as the case may be) obtain the consent of the parent."
In scrutinising a draft of the PoF laws last autumn a Parliamentary committee recommended that the 'reasonably practicable' clause be removed from the final version because they deemed it "unnecessarily weakened" the requirement to obtain parent consent.
The Human Rights Joint Committee had recommended that children of "sufficient maturity" be able to decide for themselves whether their biometric information should be processed. Under the PoF Act schools and education bodies must not process a child's biometric data if that child objects to the activity, even if parental consent has been obtained.