Lords have expressed “serious concerns” over the use of live facial recognition (LFR) technology by retailers, and are calling for new laws to ensure its safe and ethical use by private companies.

In May 2024, the House of Lords Justice and Home Affairs Committee (JHAC) launched an inquiry into tackling shoplifting, which partly focused on how police and retailers are using both live and retrospective facial recognition (RFR) to deal with retail crime.

Following its inquiry, the JHAC has now written to the Home Office detailing its concerns over facial recognition in retail, and is calling on the UK government to bring forward new legislation outlining general principles and setting minimum standards for the use of new technologies, especially when being used by private companies for crime prevention purposes.

Highlighting the fact that retailers will often collaborate with one another to create localised databases and watchlists of known shoplifting offenders, the Lords explained there is no criminal threshold for being included, which could lead to a number of issues.

“This means an individual can be placed on a private facial recognition watchlist and blacklisted from their high street (and subscribing retailers across the region) at the discretion of a security guard, without any police report being made and without the individual being informed that they have been added to a watchlist,” they told the Home Office.

“We are concerned about the implications of what is effectively privatised policing, the hidden nature of the decisions being made on the basis of data matched with entries in a private database, and the lack of recourse for individuals who may have been wrongly entered in the database due to a misidentification,” they added.

“We are concerned about potential GDPR [General Data Protection Regulation] infringements and the risk of misidentification due to bias and discrimination within the algorithms.”

Risks to rights and freedoms

Noting evidence from campaign group Big Brother Watch, the committee highlighted that the European Union’s (EU’s) AI Act “broadly prohibits” the use of LFR given the extraordinary risks it poses to individuals’ rights and freedoms, adding that there is also a risk of bias and discrimination from the algorithms in use, with studies showing the systems are less accurate for people with darker skin.

While the committee heard in September 2024 from retailers that LFR would be of limited use in tackling shoplifting due to the associated safety and ethical concerns (which it believes can be cleared up through new primary legislation), they also said working with police to automatically identify offenders after the fact with RFR should be standard practice.

Paul Garrard, the Co-op Group’s public affairs and board secretariat director, for example, told Lords that while the organisation itself does not use LFR to detect shoplifting in real time, it will compile an “evidence pack” for police when reporting a theft, which will include material like CCTV and staff body-worn camera footage to be run through RFR software.

He added that although some police forces will take the compiled footage and compare it with photos contained in the Police National Database (PND) – which holds millions of custody images, many of which are being unlawfully retained by the Home Office – it is not currently standard practice for police to automatically check the images provided against the database.

In October 2023, the UK government launched a business-police partnership called Project Pegasus, part of which revolves around 14 of the UK’s biggest retailers – including M&S, Boots and Co-op – sharing CCTV footage with forces so they can run it through the PND using RFR software.

Noting the “positive steps made by Pegasus to tackle organised retail crime”, the JHAC said it would welcome the continuation of the scheme – which focuses specifically on the organised criminal aspects of shoplifting rather than local or prolific offenders – adding that it should receive a further year of Home Office funding.

“We recommend the development of improved reporting systems to expedite the process by which retailers can report crime to the police,” it said. “This includes the introduction of a ‘retail flag’ to identify in the Police National Database and criminal justice case management systems when a crime has taken place in a retail setting.”

Reiterating previous findings

The JHAC also highlighted its previous investigation into advanced algorithmic technologies by UK police – including facial recognition and various crime “prediction” tools – which found the tech is being deployed without a thorough examination of their efficacy or outcomes, with police and the Home Office essentially “making it up as they go along”.

It further described the situation as “a new Wild West” characterised by a lack of strategy, accountability and transparency from the top down. “Given the potential costs of technologies and the problems that can and do arise from their implementation, including with respect to privacy rights, freedoms and discrimination, we consider that a stronger legal framework is required to prevent damage to the rule of law,” it said.

A short follow-up inquiry by the JHAC specifically looking at the use of LFR by police also found that they are rapidly expanding their use of the technology without proper scrutiny or accountability, and lack a clear legal basis for their deployments. However, the government claimed in the wake of the inquiry that there is already a “comprehensive legal framework” in place.

“We reiterate our earlier recommendation and believe there is a need for regulation of new technologies, particularly in relation to the use of it by private companies for crime prevention measures,” the JHAC told the Home Office in its shoplifting inquiry letter. “We consider that this approach would strike a balance between concerns that an overly prescriptive law could stifle innovation and the need to ensure safe and ethical use of technologies.”

Computer Weekly contacted the Home Office about the JHAC inquiry’s findings, including whether it still holds the position that there is already a comprehensive framework in place governing the use of facial recognition.

“Shoplifting is at a record high,” said a Home Office spokesperson. “This government is taking strong action by removing the £200 threshold for low-value shoplifting and making it a specific criminal offence for assaults on shopworkers. Facial recognition technology is an important tool that is helping the police identify offenders and bring them to justice. We constantly review its use to keep our streets safe and ensure we restore public confidence in our police.”

Both Parliament and civil society have repeatedly called for new legal frameworks to govern law enforcement’s use of biometrics – including two of the UK’s former biometrics commissioners, Paul Wiles and Fraser Sampson; an independent legal review by Matthew Ryder QC; the UK’s Equalities and Human Rights Commission; and the House of Commons Science and Technology Committee, which called for a moratorium on LFR as far back as July 2019.

During his time in office before resigning in October 2023, Sampson also highlighted a lack of clarity about the scale and extent of public space surveillance, as well as concerns over the general “culture of retention” in UK policing around biometric data.

Source