Facial Recognition’s dual edges: A guide for law enforcement

by Niovi Vlachopoulou, Senior Compliance Consultant | Isabella Sacchi, Compliance Consultant | Maria Luisa Renzi, former Compliance Consultant
| minute read

Facial recognition technologies (FRT) are transforming law enforcement, offering remarkable speed and accuracy in identifying criminals and locating missing persons. However, this powerful tool raises significant concerns about privacy and ethics, prompting a critical question: How can law enforcement harness these tools without infringing on individual freedoms and rights? The key to successfully leveraging FRT lies in a thoughtful approach that maximises the benefits while mitigating the risks. 

What FRT can do for law enforcement

FRT technologies can recognize the unique characteristics of a person by recording biometric data through the conversion of the facial characteristics in the photos or images into a unique encrypted code. This code - known as “biometric template” - makes it possible to identify the person in a unique way. This biometric template is subsequently compared to other photos or images. In the context of law enforcement, this comparison can be performed for: 

  • Identification of people, by comparing the biometric template against many templates of missing or wanted people in the police database. The result of the comparison is a list of candidates ranked based on a similarity score.  
  • Confirmation of the identity of a specific person, by comparing the biometric template against another template in a targeted search. 

Facial recognition is used in two main ways: post-event analysis and real-time identification. Post-event analysis helps law enforcement review existing footage to identify suspects or trace movements after a crime. The technology helped law enforcement identify the attacker by matching images from the crime scene with a database of known individuals, speeding up the investigation process. 

Real-time identification, on the other hand, allows the police to monitor public areas and instantly identify persons of interest, enabling immediate response. Real-time facial recognition is often used in public areas like airports, train stations, or large public gatherings to identify persons of interest as they appear on live surveillance feeds. 

While FRT offers clear advantages in terms of speed, efficiency, and enhanced investigative capabilities, the potential for misuse is significant. The technology could result in unwarranted surveillance and discriminatory practices if left unchecked. So, the question is, how can law enforcement agencies use this tool safely and ethically? 

Five concrete steps for responsible use of FRT in law enforcement

To ensure that FRT is used responsibly, law enforcement agencies should adopt a comprehensive framework that includes the following five concrete steps.  

  • Conduct comprehensive risk assessments - Before deploying FRT, agencies must conduct thorough risk assessments. This involves identifying potential breaches of privacy and other risks to personal data. By recognising these risks early, targeted measures can be implemented to mitigate them. 
    Recommendation: Form a dedicated team to regularly assess and address these risks.  
  • Test for biases in the technology - A key concern with FRT is the risk of bias, such as discrimination based on race or gender. Before widespread use, extensive testing is essential to ensure that the systems operate fairly and accurately across all demographic groups. 
    Recommendation: Perform bias testing regularly, both pre- and post-deployment. 
  • Ensure transparency - It is crucial to document all data processing activities performed by FRT and make this information available for audits. Full transparency can build public trust and ensure compliance with regulations like the GDPR. 
    Recommendation: Create a centralized log for of all FRT activities and conduct periodically audits, sharing anonymized results with the public. 
  • Apply privacy by design - Privacy by design means embedding privacy protections into the technology from its inception. This helps minimise privacy risks and ensures the technology complies with legal requirements before deployment. 
    Recommendation: Involve privacy experts during the design phase and hold regular workshops to integrate privacy considerations throughout development.
  • Carry out impact assessments - In addition to risk assessments, specific impact assessments, such as a Data Protection Impact Assessment (DPIA) and a Fundamental Rights Impact Assessment (FRIA), should be carried out. The aim is to ensure that the technology complies with legal requirements and specific risks to the individuals' fundamental rights are identified. 
    Recommendation: Require a DPIA and a FRIA for every FRT implementation, using a diverse team of legal and ethical experts to guide the process. 

Navigating the legal frameworks 

In Europe, the use of FRT is tightly regulated. The General Data Protection Regulation (GDPR), the Law Enforcement Directive (LED), and the AI Act are designed to ensure that facial recognition is used transparently and within the law.  

Both the GDPR and LED specifically require avoiding the use of automated decision-making technologies which could lead to biased or discriminatory profiling. AI Act allows for real-time biometric identification in publicly accessible spaces exclusively to confirm a targeted individual’s identity for specific legal purposes after requesting prior authorization to a judicial or administrative authority. Additionally, the usage of the AI system needs to be notified to the data protection as well as the market surveillance authority accompanied with a Fundamental Rights Impact Assessment (FRIA).     

Conclusion 

Facial recognition technology offers immense potential for law enforcement agencies, but its use must be carefully aligned with ethical and legal standards. By conducting thorough risk assessments, applying privacy by design, and ensuring transparency and accountability, these technologies can significantly contribute to public safety without infringing on individual freedoms. 

Are you ready to implement FRT safely and effectively? Contact us today for our advanced cybersecurity solutions, designed to ensure privacy protection and regulatory compliance in every step of your technology project. 

 

Contact us today for our advanced cybersecurity solutions, designed to ensure privacy protection and regulatory compliance in every step of your technology project. 

Search

prevent

protect

detect-respond

cybersecurity

Related content

The Reliable Government

Transforming public services for a citizen-centric future: robust, agile, effective, and connected. Discover how modernizing IT systems and fostering digital skills can transform government services.

Digital Banking Experience Report 2023 The AI-enabled banking era

Banks must leverage their trust capital if they are not to lose market share to tech giants broadening their offer into financial services. Our Digital Banking Experience Report 2023 outlines the key trends globally shaping banking in the hyper-connected era.