What are the current challenges in the UK video surveillance and biometric regulatory landscape?
Image source: GOV.UK, Open Government Licence v3.0
The Biometrics and Surveillance Camera Commissioner recently published his final report on reflections from his time in the role, including the current state of surveillance legislation and enforcement in the UK.
In a bid to simplify regulations, the recent Data Protection and Digital Information Bill (The Data Bill) proposes to scrap the Surveillance Camera Code of Practice and centralise surveillance oversight, by merging the functions of the Biometrics and Surveillance Camera Commissioner with the Information Commissioner's Office (ICO).
As to be expected, this proposed change has sparked debate over the trade-offs between regulation enforcement and video surveillance technologies.
The Commissioner’s report therefore aimed to:
Present a gap analysis of the new Data Protection and Digital Information Bill changes.
Evaluate the ethical and security implications of surveillance camera technology.
Provide a comprehensive overview of compliance and future oversight directions.
Challenges of abolishing the Surveillance Camera Code of Practice
Scrapping the Surveillance Camera Code of Practice would create noticeable gaps in existing UK regulations because of the lack of clear strategy around what replaces the Commissioner’s enforcement role.
The Data Protection Bill (which will supposedly compensate for getting rid of the Code) remains unclear about this challenge. There would be a lack of guidance in managing video surveillance systems, and therefore diminished transparency and weakened public confidence. Vulnerabilities would be exposed for both technology users and individuals under surveillance.
Notably, the Commissioner’s main concern is for the adequacy and capacity of the ICO (and others) to oversee all evolving areas of surveillance camera technology and biometrics within the framework of data protection alone.
Technological hurdles in National Security Determinations (NSDs)
National Security Determinations (NSDs) are legal tools which allow chief police officers to extend biometric data retention (e.g. fingerprints and DNA) when there are national security concerns. The Commissioner’s role has traditionally included overseeing how NSDs are applied and reviewing their use to ensure they comply with the law.
However, NSDs face tech problems that make people doubt their effectiveness and the legality of keeping biometric information for extended periods. These issues often arise from outdated IT systems and insufficient resources, leading to missed chances to improve public safety.
The new Data Bill does not directly resolve these underlying issues with NSDs nor do they seem to be properly mentioned. Additionally, potentially abolishing the Commissioner's role and removing certain statutory guidelines, could lead to greater regulatory complexity and less transparency in how biometric data is managed under NSDs.
Uncertainty from certification scheme closures
The “Secure by Default” and “Third-Party Certification” schemes ensure that surveillance technologies meet high standards of compliance and operational integrity.
The "Secure by Default" certification was designed to certify products that adhered to stringent security specifications from the outset, while the "Third-Party Certification" scheme involved independent assessments to verify that surveillance systems and their components were compliant with established standards and best practices.
However, the Commissioner notes that the anticipated Data Bill has created uncertainty about who will undertake these oversight and regulatory duties. Without clear guidance from the Home Office on non-statutory activities, these schemes were closed to ensure organizations were not led astray or left without clear direction should changes occur later. In turn, this has created more ambiguity around how surveillance technologies can be regulated to a high standard.
Advancing ethical surveillance practices across biometric technologies
Strides towards ethical practices across UK surveillance are strongly influenced by the Commissioner’s personal advocacy to create distance from technologies tied to human rights abuses - which the Data Bill itself does not explicitly tackle.
This includes the UK government stopping the use of surveillance technologies produced by companies under China’s National Intelligence Law. Also, the National Police Chiefs’ Council adopted ethical procurement guidelines to avoid partners with dubious human rights records.
The Commissioner also comments on the Home Office's narrow focus on traditional biometrics like DNA and fingerprints, and the gaps in compliance and awareness among local authorities - as there are risks in legislation lagging and oversight as technology advances.
He suggests educating businesses and public bodies about statutory responsibilities, and advocates for clearer plans and resources to efficiently regulate biometrics and surveillance camera systems effectively.
A call for a comprehensive regulatory framework for the future
“Weakening regulatory oversight raises the prospect of cherry-picking convenient parts of a growing library of guidance and legally unenforceable digital principles…Without a clear plan for how the Commissioner’s functions will be replaced, there is a risk that there will be more rather than less regulatory complexity.”
- Fraser Sampson, Biometrics and Surveillance Camera Commissioner
The Commissioner’s report emphasizes the need for a commitment to ethical surveillance, strong protection of privacy, and a deep understanding of privacy regulations. There are gaps and uncertainties in the upcoming Data Bill, which need to be addressed. By promoting ethical and effective surveillance regulation, this report aims to rectify current flaws, anticipate future obstacles and maintain robust enforcement of advancing surveillance technologies.
Moving forward, it calls for all involved parties—policymakers, technologists, and the public—to work towards a surveillance system that respects personal freedoms whilst leveraging technological innovations.