Judgment Approved by the court for handing down.
R (Bridges) -v- CC South Wales & ors
others should not be introduced without regular assessment to
ensure the underlying data is fit for purpose.”
“4.12.2 A system operator should have a clear policy to
determine the inclusion of a vehicle registration number or a
known individual's details on a reference database associated
with such technology. A system operator should ensure that
reference data is not retained for longer than necessary to fulfil
the purpose for which it was originally added to a database.”
Surveillance Camera Commissioner's AFR Guidance
33.
The Surveillance Camera Commissioner has published “guidance” or “advice” on the
use of AFR by the police in conjunction with CCTV entitled “The Police Use of
Automated Facial Recognition Technology with Surveillance Camera Systems” (“the
AFR Guidance”). The guidance explains the roles of the Surveillance Camera
Commissioner and Information Commissioner in relation to the regulation of the police
use of AFR. The Surveillance Camera Commissioner AFR Guidance is designed to
assist relevant authorities in complying with their statutory obligations “arising under
section 31(1)” of the PFA 2012 and the SC Code (paragraph 1.3).
34.
The AFR Guidance was promulgated on the basis that the Surveillance Camera
Commissioner “should provide advice and information to the public and system
operators about the effective, appropriate, proportionate and transparent use of
surveillance camera systems” (SC Code, paragraph 5.6). It is said that the AFR
Guidance indicates “the way in which the Commissioner is minded to construe the
particular statutory provisions arising from PFA 2012 and those provisions within the
Code of Practice in the absence of case law” (paragraph 1.8).
35.
The AFR Guidance focuses on the assessment of the necessity and proportionality of
deployments of AFR. It also provides advice on conducting risk assessments and
making use of the Surveillance Camera Commissioner's ‘Self-Assessment Tool’. In
respect of watchlists there are suggestions concerning the nature of images used to
produce watchlists.
36.
Unlike the SC Code, there is no requirement for SWP to have regard to the AFR
Guidance. This guidance was first published in October 2018 and re-published without
changes in March 2019 (i.e. after the two deployments of AFR about which the
Appellant complains).
SWP Documents
SWP Policy Document
37.
SWP have issued a policy document entitled “Policy on Sensitive Processing of Law
Enforcement Purposes, under Part 3 Data Protection Act 2018” (Version 2.0, November
2018) (“the November 2018 Policy Document”). That Policy Document sets out SWP's
policy as regards compliance with the six Data Protection Principles in Part 3 of the
DPA 2018:
“3. Compliance with Data Protection Principles