Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

UK government called on to publish biometrics strategy by end of 2015


The UK government has not explained how it intends to use biometrics as a means of enabling access to government services and what conclusions it has reached on the "associated ethical and legal implications" of doing so, according to a committee of MPs.

The Science and Technology Committee called on the government to publish a "comprehensive" strategy to help clarify the issue before the end of this year. It said the government had not fulfilled its commitment to publish such a strategy before the end of 2013.

"Over a year later, there is no strategy, no consensus on what it should include, and no expectation that it will be published in this parliament," the Committee said in a new report. "In its absence, there remains a worrying lack of clarity regarding if, and how, the government intends to employ biometrics for the purposes of verification and identification and whether it has considered any associated ethical and legal implications."

"The government should be developing a strategy that exploits emerging biometrics while also addressing public concerns about the security of personal data and the potential for its use and misuse, with particular reference to biometric data held by the state. We expect a comprehensive, cross-departmental forensics and biometrics strategy to be published by the government no later than December 2015," it said.

Last year the UK government issued guidelines that envisage the use of biometric data in helping to verify individuals' identity prior to authorising individuals' access to government services.

The Committee said that, because of this, it "unfortunately … appears that the prospect of biometric verification has been announced [by the government] without full consideration of how it might be implemented".

The Committee called on the government to detail the "the steps taken to mitigate the risk of loss, or unauthorised release, of the biometric data that it holds" in its response to the report.

To preserve security and privacy, the government should conduct privacy impact assessments when undertaking projects involving, or formalising policies on, the collection, retention or processing of personal data, including biometric data, it recommended. Biometric systems deployed by the state must also not be closed to "human intervention".

The government should further keep "under review" whether existing legislation such as the Data Protection Act provides "adequate regulation in the face of developments in biometric technologies", the Committee said.

In its report the Committee also criticised failings which meant that facial recognition technology was deployed by the police without being properly tested. It said it is "imperative" that the biometric systems are "accurate and dependable" when they impact on individuals' privacy.

"Rigorous testing and evaluation must therefore be undertaken prior to, and after, deployment, and details of performance levels published," the Committee said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.