The Home Office is expected to announce imminently who will take up the new post of Biometrics and Surveillance Camera Commissioner (BSCC), to replace the existing, differentiated roles of Biometrics Commissioner (BC) and Surveillance Camera Commissioner (SCC).
Interviews for the new role were due to be conducted in the week of 25 September 2020, following the Home Office’s announcement in July that the two existing positions would be merged. Although details on the proposed combined role are scarce, the proposal has been met with concern, as it may represent a weakening of oversight of the use of biometrics and surveillance technology.
This blog post considers the current Commissioners’ duties and some of the implications of creating a combined role.
The use of surveillance and biometrics is increasingly widespread. By way of recent example, only last month the Government introduced regulations extending permission for the retention of fingerprints and DNA profiles under the Coronavirus Act 2020.
The need for robust scrutiny goes hand in hand with the widening of such powers. At a time when the direction of travel is towards more extensive use of biometrics and surveillance in the public and private sphere, the starting expectation might be that more extensive oversight would also be established: to safeguard against the impermissible use of such data and to ensure public trust in its legitimate collection and retention. The possible reduction in oversight that the merging of the Commissioners’ roles could entail has, therefore, caused some concern in the field – particularly at a time when the development of industry-wide standards and best practice is still a work in progress.
The Commissioners’ current roles
The BC role was established under the Protection of Freedoms Act 2012 (PoFA) and has oversight of the retention and use of DNA samples, DNA profiles and fingerprints by law enforcement agencies. The BC also provides reports to the Home Secretary about the carrying out of the BC’s functions and any matter related to them.
The scope of the BC has evolved over the course of the current Commissioner’s tenure, as increasing biometrics technologies are developed. For example, even though they are not covered by the PoFA, the BC’s most recent Annual Report discusses, and provides recommendations on, ‘second-generation biometrics’, such as voice recognition and gait analysis, because they are clearly relevant to the BC’s functions.
The SCC, also established under the PoFA, oversees public authority compliance with the Surveillance Camera Code of Practice and reviews the efficacy of the Code. For example, the SCC has recently surveyed the use of surveillance cameras by police forces in England and Wales and their compliance with the Code.
Additionally, the SCC provides recommended standards to the surveillance camera industry and encourages the voluntary compliance of private-sector organisations with the Code of Practice. Generally speaking, the SCC is a source of advice on the use of vision-based biometric technologies, although the role has no enforcement functions nor powers of inspection.
The joint role
The Home Office’s job advertisement states that the decision to establish a single role was made on the basis of ‘the confluence of existing and emerging regulatory issues around police use of automated facial recognition’. The focus on facial recognition may derive from the public attention that topic receives (including in the courts: see the first blog post in this series, which addressed the Court of Appeal decision in Bridges on South Wales Police’s use of automatic facial recognition).
But automated facial recognition constitutes a relatively small part of the domains that the two Commissioners’ roles currently cover. And, at least initially, the BSCC will carry out the duties of both the BC and the SCC, hence their initial remit will be broader than overseeing only facial recognition technologies.
However, the job advert suggests that this initial remit will only be in place while ‘the Government is considering reforms in this area’. What this future regulatory scheme will entail remains to be seen.
Current BC and SCC statements on the joint role
The merging of the roles has been met with some scepticism by the existing Commissioners. In his final Annual Report, published in March 2020, the BC noted that there was an intention to make a joint appointment of a BSCC. He stated, ‘Whoever is appointed will have a huge task covering the previous workload of two Commissioners and covering two very distinct functions’.
The SCC drew attention to similar concerns in a recent blog post warning: ‘Strengthen, don’t weaken the existing legal framework!’ The strength of oversight that a single person will be able to exert while tackling two separate issues was one of his key concerns:
One person to do two roles independently of each other – itself a full-time job– instead of two part time Commissioners (although we both do three days a week so it’s more than a full-time role). You might be thinking what’s the connection between surveillance and biometrics? That is a question Paul [the current BC] and I have been asking ourselves!
As mentioned above, the emphasis on facial recognition, also in the SCC’s view, misapprehends the full scope of the duties of the BC and SCC (95% of the SCC’s job ‘is not related to facial recognition’). Additionally, the SCC has raised concerns over the lack of consultation with the current BC and himself, and the lack of Parliamentary scrutiny prior to the announcement of the joint role. As he concluded in the post, ‘There is a danger of policy being developed due to the hype around automated facial recognition and developing policy based on hype can never be a good thing’.
The future of the Commissioner’s role
The Ryder Review team are keeping a close eye on the way in which this combined role develops, and will be seeking to take evidence from the postholder when they are appointed, as well as from the current BC, SCC and those in the Home Office who can explain the decision to merge the two roles. The initial concerns of the existing Commissioners raise real questions about whether the workload and responsibilities of the new role can be adequately performed by a single individual. It remains to be seen whether the combined role will effectively streamline oversight functions or erode them.
This is the second in a series of blog posts from the team carrying out an independent review of biometric data law and regulation – the ‘Ryder Review‘ commissioned by the Ada Lovelace Institute and chaired by Matthew Ryder QC.
The Ada Lovelace Institute commissioned Matthew Ryder QC to lead this independent review of the governance of biometrics data, which will examine the existing regulatory framework and identify options for reform that will protect people from misuse of their biometric data, such as facial characteristics, fingerprints, iris prints and DNA. Findings will be reported in spring 2021.
Image credit: SDI Productions
The appeal of R (Bridges) v Chief Constable of South Wales shows that, when it comes to facial recognition technology, the status quo cannot continue.
Independent Advisory Board of specialists in law, ethics, technology, criminology, genetics and data protection advising on the Ryder Review