Unprecedented Deployment of Facial Recognition Technology Resides in a Vaguely Defined Legal Realm Due to Lack of Proper Oversight, According to Our Site
In the rapidly evolving landscape of biometric surveillance, the UK is navigating a transitional phase, strengthening its legislative foundation while addressing ongoing governance and trust challenges.
The Data (Use and Access) Act 2025, recently enacted, introduces provisions for the retention of biometric data for law enforcement purposes. However, many provisions are yet to be fully implemented, with a phased timeline potentially lasting up to 12 months [1]. The Act comes amid debates on AI transparency, but AI-specific transparency provisions remain separate to avoid complicating the broader data use framework [3].
Currently, there is no fully independent regulatory body specifically dedicated to biometric surveillance in the UK. Existing data protection authorities and law enforcement oversight mechanisms are responsible for overseeing biometric data usage [4]. Identity verification using biometric methods is becoming mandatory in certain contexts, such as Companies House registrations, but this is regulated through existing legal frameworks and authorized service providers rather than an independent biometric regulator.
Despite these legislative advances, concerns about legal uncertainty and the scope of biometric surveillance persist, especially regarding rapid technology deployment and public trust [5]. Parliamentary debates, including those about police use of facial recognition technology, reflect ongoing scrutiny and calls for transparency and accountability. These debates highlight unresolved tensions between national security, privacy rights, and ethical use of biometric technologies.
The UK’s forthcoming adequacy assessment by the European Commission in late 2025 underscores the importance of clear legal frameworks that protect personal data, including biometric data, to maintain international data transfer agreements [3].
Michael Birtwistle, Associate Director at the Institute, and Nuala Polo, UK Public Policy Lead at the Institute, express concern about the lack of adequate governance for police use of facial recognition, which they deem as a high-stakes application. They argue that if proper safeguards cannot be established for police use of live facial recognition, people are less protected from the impacts of private sector surveillance and invasive newer applications.
Polo's analysis shows that the UK's ad hoc and piecemeal approach to governance is not meeting the bar set by the courts. The proposed legislation should introduce tiered legal obligations based on the risk posed by each biometric system, similar to the EU AI Act.
The Home Office has spent £3 million on 10 new live facial recognition vehicles for future deployment. Over 800,000 people have had their faces scanned by the Metropolitan Police since 2020. The UK's first permanent facial recognition cameras are set to be installed in Croydon later this year. Biometric technologies are being used beyond police use, such as in train stations to monitor passenger behaviour, in schools for cashless payments, and in supermarkets to identify shoplifters.
In conclusion, while the UK has recently strengthened its legislative framework for biometric data use, implementation is phased, and independent regulation is currently embedded within existing data protection bodies. Public trust and legal clarity remain issues under active parliamentary and public discussion, with ongoing efforts to balance innovation, security, and privacy rights. Legislation is urgently needed to establish clear rules for deployers and meaningful safeguards for people and society.
The Data (Use and Access) Act 2025, a recent legislation, introduces provisions for biometric data retention in law enforcement, yet its full implementation is pending, potentially lasting up to 12 months. Despite this, concerns about legal uncertainty and the scope of biometric surveillance remain, particularly as technology continues to advance rapidly.
The UK's ongoing debates about AI transparency and police use of facial recognition technology highlight unresolved tensions between national security, privacy rights, and ethical use of biometric technologies. These debates underscore the need for clear rules and meaningful safeguards to ensure protection for individuals and society as biometric technologies are increasingly deployed in various sectors, including transportation, education, and retail.
