Privacy commissioners issue draft guidance on police use of facial recognition technology

Guidance aims to ensure such use adheres to law, reduces privacy risks, respects privacy rights

Privacy commissioners issue draft guidance on police use of facial recognition technology
The use of facial recognition technology involves privacy risks.

The Office of the Privacy Commissioner of Canada and the provincial and territorial privacy regulators have jointly released draft guidance on the use of facial recognition technology by police agencies so that stakeholders and the public can comment on it.

The draft guidance covers federal, provincial, regional and municipal police agencies. The guidance does not cover other public organizations such as border control or organizations in the private sector such as private security companies within its scope. But parts of the guidance may provide insight to organizations seeking to ensure compliance with privacy and human rights legislation, said the regulators.

The draft guidance aims to clarify police agencies’ privacy obligations regarding utilizing facial recognition technology and the circumstances and conditions under which such use can be allowed. The guidance also seeks to ensure that such use adheres to the law, reduces privacy risks and respects privacy rights.

According to the draft guidance, police agencies should have lawful authority for the use of facial recognition technology, should apply protective standards proportionate to the potential harm, should have a specific objective for using the technology and should have a demonstrable evidentiary basis on the pressing and substantial nature of this objective, with general public safety objectives being insufficient.

Police should review matches before deciding to detain, investigate or charge a person and should see that decisions on persons do not only rely on the technology, considering the propensity of the technology to identify some gender and racial groups incorrectly, says the draft guidance.

Police agencies should also ensure that, if third-party vendors have been retained, such suppliers are lawfully authorized to collect and use the personal information in their databases and are not using it for other purposes, the draft guidance adds.

The draft guidance touches upon the key principles that police agencies need to address before utilizing such technology. These principles include necessity, proportionality, accuracy, data minimization, transparency and accountability.

According to the guidance, necessity and proportionality help ensure a sufficiently important objective and the narrow application of such use to refrain from intruding on privacy rights more than is needed. Data minimization is meant to lessen excessively broad data collection and the severity of potential breaches, while transparency seeks to inform those affected of the use of such technology.

Accountability pertains to the knowledge of police agencies regarding what information is being collected, how and by whom it is being collected, what purposes the collection serves and what safeguards are in place.

The privacy regulators said they would consult stakeholders before finally deciding on their conditions on using such technology.

“I’m particularly interested in hearing perspectives from Ontarians on the suitability of our current legal framework for regulating police use of facial recognition technologies,” said Patricia Kosseim, Ontario’s information and privacy commissioner, in a statement.

Kosseim also said that she is interested in hearing feedback about whether regulators should create rules similar to the ones regulating the police’s use of lawfully collected DNA from convicted offenders to identify matches with crime scene samples for the utilization of facial recognition technology and whether such technologies should be used by law enforcement at all.

On June 7, an open letter drafted by Access Now, Amnesty International, European Digital Rights, Human Rights Watch, Internet Freedom Foundation and Instituto Brasileiro de Defesa doConsumidor called for a global prohibition on using facial biometric recognition technologies for mass surveillance and discriminatory targeted surveillance. Lawyers’ Rights Watch Canada was one of 179 signatories from 55 countries.

“No technical or legal safeguards could ever fully eliminate the threat they pose, and we therefore believe they should never be allowed in public or publicly accessible spaces, either by governments or the private sector,” said the open letter.

The open letter lamented that the use of such technologies, which undermine human rights and civil liberties, has led to abuses in countries such as China, the U.S., Russia, the U.K., Uganda, Kenya, Slovenia, Myanmar, the United Arab Emirates, Israel, India, Argentina, Brazil, Thailand and Italy.