PRIVACYBusinesses Are Harvesting Our Biometric Data. The Public Needs Assurances on Security

By Kamran Mahroof, Amizan Omar, and Irfan Mehmood

Published 11 July 2024

Visual data capturing and analysis are particularly critical compared to non-visual data. That’s why its growing use by businesses raises so many concerns about privacy and consent. While the public remains unaware of the extent to which their visual data is being captured and utilized, their information will be vulnerable to misuse or exploitation.

Imagine walking through a bustling railway station. You’re in a hurry, weaving through the crowd, unaware that cameras are not just watching you but also recognizing you.

These days, our biometric data is valuable to businesses for security purposes, to enhance customer experience or to improve their own efficiency.

Biometrics, are unique physical or behavioral traits, and are part of our everyday lives. Among these, facial recognition is the most common.

Facial recognition technology stems from a branch of AI called computer vision and is akin to giving sight to computers. The technology scans images or videos from devices including CCTV cameras and picks out faces.

The system typically identifies and maps 68 specific points known as facial landmarks. These create a digital fingerprint of your face, enabling the system to recognize you in real time.

Face landmarks include the corners of the eyes, the tip of the nose and the edges of the lips. They help to create a mathematical representation of the face without storing the entire image, enhancing both privacy and efficiency.

From supermarkets to car parks and railway stations, CCTV cameras are everywhere, silently doing their job. But what exactly is their job now?

Businesses may justify collecting biometric data, but with power comes responsibility and the use of facial recognition raises significant transparency, ethical and privacy concerns.

When even police use of facial recognition can be deemed unethical, then the business justification becomes less convincing, especially as little is known how businesses store, manage and use data.

Capturing and storing biometric data without consent could violate our rights, including protection against surveillance and retention of personal images.

Balancing safety, efficiency and privacy rights is a complex ethical choice for a businesses.

As consumers, we may often be reluctant to share our personal information. Yet facial recognition poses more serious risks, such as deepfakes and other impersonation threats.

Take for instance the recent revelation that Network Rail has been secretly monitoring thousands of passengers using Amazon’s AI software. This surveillance highlights a critical issue: the need for transparency and stringent regulations, even when a company is watching us with the aim of improving services. A Network Rail spokesperson said: “When we deploy technology, we work with the police and security services to ensure that we’re taking proportionate action, and we always comply with the relevant legislation regarding the use of surveillance technologies.”