Skip to content

Independent legal review of the governance of biometric data in the UK

Matthew Ryder QC is leading an independent legal review of the governance of biometric data, commissioned by the Ada Lovelace Institute

Reading time: 4 minutes

Digital fingerprint on black screen.

The independent legal review of the governance of biometric data, led by Matthew Ryder QC and overseen by an advisory group of specialists, is due to report its findings in autumn 2021.

The ‘Ryder review’ will examine the existing regulatory framework for biometrics and identify options for reform that will protect people from misuse of their biometric data, such as facial characteristics, fingerprints, iris prints and DNA.

The review will:

  • provide fresh impetus to the issue of reassessing and updating the regulatory and policy framework for biometric data
  • ensure an independent, impartial and evidence-led analysis informs regulatory reform
  • ensure proposals for regulatory reform are informed by considerations of social justice and human rights.

Why we need a review of the governance of biometric data

Technologies that capture, analyse and compare biometric data are increasingly being used by police, public authorities and private companies in a range of settings, from public spaces to workplaces.

Growth in machine learning, camera and sensor technologies has led to increasingly widespread use of biometric attributes (metrics related to human physiological or behavioural characteristics) to identify or authenticate individuals or classes of people, or to measure and categorise their behaviour.

The range of unique biometric attributes that may be recognised or processed includes facial geometry, fingerprints, iris prints, hand or footprints, gait and DNA.

The regulatory and policy framework governing the use of biometric data in the United Kingdom is limited: it explicitly regulates few, if any, of these biometric technologies.

Regulations stipulating how police, public authorities and private actors use biometrics have not kept pace with advances in technologies that capture, analyse and compare biometric data.

What the review will consider

The Ryder review will include research, consideration of expert testimony and a national and international evidence.

The review will seek to understand:

  • the current state of use of biometric data by police, public authorities and the private sector
  • whether existing definitions of biometric data (in the Data Protection Act, for example) are sufficient
  • whether ‘sensitive’ use of biometric data for identification purposes appropriately captures the ways biometric data may be used in light of technological and societal changes
  • what additional protections need to be put in place to ensure people from Black, Asian or ethnic minority backgrounds are not disproportionately disadvantaged by the regulation of biometric data
  • what lessons can be learned from the Scottish Parliament’s consultation on enhanced oversight of biometric data, and the resulting Scottish Biometrics Commissioner Act 2020?

It will consider the following regulatory questions:

  1. What is the current regulatory framework for the governance of the use and retention of biometric data by public and private sector actors?
  2. Is the current regulatory framework adequate to protect human rights in the light of ongoing technological advancements in biometrics technologies?
  3. Is the current regulatory framework adequate to enable the effective use of biometrics technologies by police and public authorities in the public interest and with the public’s trust?
  4. What areas of regulatory reform should Parliament consider to ensure that biometric data is governed consistently with human rights, the public interest and public trust?

The recommendations

We can’t predict the specific recommendations of the Ryder review, because it’s commissioned to be independent and evidence-based (see the Terms of Reference). The recommendations will at the sole discretion of the independent reviewer, in consultation with (but not at the approval of) the advisory group and the Ada Lovelace Institute.

We can anticipate that the independent Ryder review will make recommendations for reform that will ensure biometric data is governed consistently with human rights, the public interest and public trust.

Matthew Ryder discusses developments in facial recognition technology

Matthew Ryder QC

Matthew Ryder QC

Matthew Ryder is a senior QC at Matrix Chambers, and a legal expert in the fields of human rights, equality and diversity, crime, policing and surveillance. Between 2016 and 2019 he was Deputy Mayor for London on social integration, social mobility and community engagement, and was also a member of the Lammy Review of racial bias and BAME representation in the criminal justice system.

The advisory group

While undertaking the review, Matthew Ryder will draw on guidance and advice from an independent advisory group of specialists in law, ethics, technology, criminology, genetics and data protection. As experts and important stakeholders, their contributions will be critical to guiding the outcome of the review, but they will not have ‘sign off’ of the review report.

The Citizens’ Biometrics Council

The review has been undertaken alongside the Citizens’ Biometric Council, which is deliberating on the ethical and social issues connected to the use of biometrics technologies. The recommendations from the Council will be taken forward into the Ryder review.

Related content