The Information Commissioner’s Office (ICO) has reiterated that robust data protection must remain central to the governance of facial recognition technology (FRT) in policing, following a series of recent audits and growing scrutiny over the technology’s deployment across England and Wales.
In a statement published on the ICO’s website 17 March 2026, Deputy Commissioner for Regulatory Policy Emily Keaney stressed that public trust hinges on ensuring the technology does not erode civil liberties or operate without accountability.
Research by the ICO suggests that the public’s willingness to accept police use of FRT is conditional upon strong safeguards. Accuracy (53%), officer training (35%) and protections against bias (33%) emerged as the most important factors for the public when considering how the technology should be regulated.
Keaney warned that FRT can only remain a sustainable tool for modern policing if police forces demonstrate, transparently and consistently, that its use does not infringe on rights or embed discriminatory outcomes.
The ICO has recently completed audits of Essex Police and Leicestershire Police, examining both retrospective facial recognition (RFR) and, where deployed, live facial recognition (LFR). Leicestershire Police was audited for its use of RFR, as it was not deploying LFR at the time.
Essex Police had voluntarily paused live facial recognition deployments after identifying potential accuracy and bias risks. The ICO continues to work with the force to ensure these are addressed.
These reviews form part of the ICO’s broader AI and biometrics strategy, reflecting its intention to act as an “active regulator” in a fast evolving technological landscape. The
ICO will publish an outcomes report later this year to share learnings applicable across all police forces.
The ICO emphasised that police forces must fully understand the systems they are using and anchor their approach in strong governance. This includes:
• Clear policies
• Defined roles
• Processes ensuring lawful and secure handling of personal data
• Routine testing for bias and discriminatory outcomes
• Consistent staff training and regular policy updates [Why data p...technology | Word]
Keaney said: “if police forces can’t get their governance right, it’s unlikely they’ll get FRT right”, emphasising that governance failures will cascade into unfair or unsafe outcomes.
The ICO also confirmed ongoing discussions with the Home Office, following its identification in December of historic bias in the algorithm used for RFR searches on the Police National Database.
Last month, the ICO published its response to the Home Office’s consultation on a new legal framework for biometrics and facial recognition. While supporting greater legal specificity in statutory regulation, the ICO insists that any new framework must build on rather than replace existing data protection law.
