By Stephanie Hare
SCOTLAND is set to regulate biometric data, which includes DNA, fingerprint, facial images, iris, voice, and behavioural data. The Biometric Data Bill was recently announced in Scotland’s Programme for Government and is open for consultation until October 1.
UK law governs biometrics primarily as a police matter. It does not regulate the use of biometrics in the private sector, which means that a person has greater rights over their DNA when it is being handled by the police than by a company. And the Protection of Freedoms Act 2012 only regulates the use of biometrics in schools in England and Wales, not Scotland or Northern Ireland. With the new bill open for consultation, Scotland has an opportunity to decide whether it wants to see greater use of biometrics by the Government and the private sector at all.
Already the Draft Scottish Biometrics Code of Practice under consideration is superior to the biometrics regulation being proposed by the Home Office for the rest of the UK. The Home Office has defied since 2012 a High Court ruling that it is “unlawful” to keep the face and voice data of anyone taken into custody and released without charge, or anyone who is acquitted. Such data of innocent people should be automatically deleted from police databases, just as the police are required to delete DNA and fingerprint data. In Scotland, it will be.
Unlike the Home Office Biometrics Strategy, which limits its thinking to the here and now, the Scottish strategy is actually strategic by including not only DNA, fingerprint and facial images but also “second-generation biometrics” such as iris recognition, behavioural biometrics and voice pattern analysis.
However, the draft Scottish code still ignores the use of biometrics by private companies, whose poor track record at keeping our data secure inspires little confidence, and whose executives have yet to be held to account. This omission is all the more glaring given that Amazon, Google, Microsoft, Kairos and Axon have all requested that government regulate facial recognition technology.
Even as the use of our biometric data creeps more deeply into daily life, there is little public debate about whether people even want this, much less guidance for companies and consumers.
Nowhere is this more apparent than in the use of biometrics in schools. Since the mid-2000s, children across the UK have had their facial image, fingerprints and in some cases even infrared palm scans taken by schools for registration, to pay for school meals, or even to borrow library books. In Scotland, this practice dates even earlier, to 1999. While children in England and Wales have been covered since 2012 by the Protection of Freedoms Act, which requires schools to obtain consent from both the child and at least one parent, children in Scotland have no such protection. As a result, their biometric data has been collected for years without any clarity over how it is secured.
For the sake of convenience, an entire generation of children has been conditioned to use their most personal data – from their bodies – to interact with the authorities without any oversight or accountability. At a minimum, Scotland should give its children the same protections as children in England and Wales. Better yet, the Scottish people should demand that they do so – and lead the way in facing up to biometrics.
The Scottish Biometric Data Bill is an opportunity to secure a biometric data framework that protects all individuals while giving clarity to civil authorities and private companies. By setting a higher standard and taking greater responsibility for the ethical use of biometrics, Scotland could even inspire the rest of the UK to follow suit.
Stephanie Hare is researcher and broadcaster and will be speaking at an event by The Data Lab today. For more information, visit www.thedatalab.com.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here