Independent legal review of the governance of biometric data in England and Wales
An independent legal review of the governance of biometric data, commissioned by the Ada Lovelace Institute and led by Matthew Ryder KC.
The independent legal review of the governance of biometric data in England and Wales, led by Matthew Ryder KC and overseen by an advisory group of experts, reported its findings in June 2022.
The Ryder Review is supplemented by Countermeasures, a policy report that also draws on the Ada Lovelace Institute’s public engagement research on attitudes towards biometric technologies, and desk research to provide background on current developments in the realm of biometric technologies and their governance. It puts forward a set of ambitious policy recommendations, that are primarily for policymakers and will also be of interest to civil-society organisations and academics working in this contested area.
Why we needed a review of the governance of biometric data
Technologies that capture, analyse and compare biometric data are increasingly being used by the police, public authorities and private companies in a range of settings, from public spaces to workplaces.
Growth in machine learning, camera and sensor technologies has led to increasingly widespread use of biometric data (metrics related to human physiological or behavioural characteristics) to identify or authenticate individuals or classes of people, or to measure and categorise their behaviour.
The range of biometric data that may be recognised or processed includes facial characteristics, fingerprints, iris prints, hand or footprints, gait and DNA.
The independent review was commissioned by the Institute in 2020 after the Commons Science and Technology Select Committee called for ‘an independent review of options for the use and retention of biometric data’.
Recent legislative changes around the use and processing of personal data – including the EU General Data Protection Regulation (GDPR), which is mirrored by the UK General Data Protection Regulation, and the forthcoming EU AI Draft Regulation (the ‘AI Act’) – have not brought sufficient clarity to the regulation of biometric technologies.
There remains uncertainty as to when, if at all, techniques such as live facial recognition (LFR) can be used in accordance with the law, and how the use of biometric data should be regulated.
The recommendations
The Review sought to address that uncertainty by assessing the existing legal and regulatory framework and by making 10 recommendations to protect fundamental rights (particularly data and privacy rights), including:
- A new, technologically neutral, statutory framework which sets out the process that must be followed, and considerations that must be taken into account, by public and private bodies before biometric technology can be deployed against members of the public.
- Legislation that covers the use of biometrics for unique identification of individuals, and for categorisation (also known as classification).
- Sector and/or technology-specific codes of practice, including, as soon as possible a legally binding code of practice governing the use of LFR. The use of LFR in public should be suspended until the statutory framework described above is in place. This framework should supplement, and not replace, existing duties under the Human Rights Act 1998, Equality Act 2010 and Data Protection Act 2018.
- The establishment of a national Biometrics Ethics Board with statutory advisory role in respect of public-sector biometrics use.
Matthew Ryder discusses developments in facial recognition technology at the launch of the Ryder Review in 2020
Matthew Ryder KC
Matthew Ryder KC is a recognised legal expert in the fields of human rights; equality and diversity; crime, policing and surveillance; and data, technology and information. Between 2016 and 2018 he was Deputy Mayor for London on social integration, social mobility and community engagement, and was also a member of the Lammy Review of racial bias and BAME representation in the criminal justice system.
The Advisory Board
While undertaking the Review, the team drew on guidance and advice from an independent Advisory Board of specialists in law, ethics, technology, criminology, genetics and data protection. Their time and expertise kept the Review team alerted to important points as they were carrying out their work.
The Citizens’ Biometrics Council
The Review was undertaken alongside the Citizens’ Biometric Council, a convening of 50 UK adults assembled to learn and then deliberate on biometric governance in greater depth, The recommendations from the Council were taken forward into the Ryder Review.
Project publications
The Ryder Review
Independent legal review of the governance of biometric data in England and Wales
Related content
Countermeasures
The need for new legislation to govern biometric technologies in the UK
The Biometrics and Surveillance Camera Commissioner: streamlined or eroded oversight?
When the direction of travel is towards more extensive use of biometrics and surveillance, do we need more or less oversight?
Facial recognition technology needs proper regulation – Court of Appeal
The appeal of R (Bridges) v Chief Constable of South Wales shows that, when it comes to facial recognition technology, the status quo cannot continue.