Month: July 2025

Need help navigating biometric data and GDPR? Contact us at hello@athlex.co.uk

This week, the Guardian and Liberty Investigates revealed that UK police forces have sharply expanded their use of live facial recognition (LFR) cameras, scanning nearly 4.7 million faces in 2024, more than double the previous year, with deployments increasing dramatically.

A Sky News–style update also confirms deployment by the Met and South Wales, raising concerns about a surveillance “Wild West” libertyhumanrights.org.uk.

What Is Live Facial Recognition?

LFR uses real-time camera footage to scan faces in public places—comparing them with watchlists like those of wanted or missing individuals—unlike CCTV, which only records footage for later review.

Thinking of using facial recognition in your workplace or premises? You’ll need to ensure you’re complying with UK GDPR. Contact us for guidance.

What Did the Coverage Reveal?

According to the Guardian:

• Nearly 5 million facial scans were carried out by police in 2024, up from 2.3 million in 2023thesun.co.uk+13theguardian.com+13theguardian.com+13.
• Deployments included mobile LFR vans across multiple forces and permanent cameras in Croydon, with expansion plans underway.
• There’s no dedicated facial recognition legislation in place, despite rapid rollout.

What CivilLiberties Groups Are Saying

Liberty, Big Brother Watch, Privacy International, ARTICLE 19, and others warn this week that LFR:

• Treats the public “as potential suspects” and facilitates functioncreep, potentially making mass
• May intensify misidentification of people of colour, women, and young people, replicating past discriminatory outcomes
• Is being deployed without Parliamentary oversight or judicial review, weakening democratic accountabilitytheguardian.com.

Legal and Privacy Concerns

• Sensitive Biometric Data: LFR uses special category data under UK GDPR, demanding a strong legal basis (e.g., public interest + necessity).
• Transparency Gaps: Without clear rules on watchlists, retention limits, and audibility, these programs lack needed oversight.
• Bias in Outcomes: Studies show misidentification disproportionately affects marginalized groups—echoing warnings in Bridges v South Wales Police (2020).

Worried your use of facial recognition could be noncompliant or unfair? Contact us to review your processes under UK GDPR.

What Businesses & Organisations Should Do

If you use, plan to use, or even monitor facial recognition (retail, events, access control), you must:

• Conduct a Data Protection Impact Assessment (DPIA).
• Clearly document your lawful basis under GDPR.
• Publish transparent privacy notices and allow people to opt out.
• Be mindful not to mirror public sector surveillance practices unlawfully.

Need help with a biometric DPIA or compliance review? Contact us at hello@athlex.co.uk.

Final Thoughts

Live facial recognition isn’t futuristic—it’s here, expanding fast. Yet public support doesn’t equal legal license. The explosive growth this week shows just how urgent it is to get compliance—and public trust—right.

At Athlex, we help businesses and public bodies strike that balance: innovation aligned with rights. To explore how that applies to you, contact us today.

Contact us for expert advice on biometric data, GDPR, and privacy compliance: hello@nzr.2e7.myftpupload.com.co.uk.

Latest on live facial recognition?

ft.com

UK must toughen regulation of facial recognition, say AI experts

May 29, 2025

Need help navigating biometric data and GDPR? Contact us at hello@athlex.co.uk

Recent enforcement by the ICO shows that valid consent isn’t optional — it’s essential. In April 2025, a company was slapped with a £90,000 fine for making 95,000+ marketing calls to people on the Telephone Preference Service without valid consent. They couldn’t even prove they’d asked — a clear breach of UK GDPR.

New legal changes — what you need to know

On 19 June 2025, the Data (Use and Access) Act 2025 (DUAA) received Royal Assent. This updates key parts of UK GDPR and PECR by:

• Raising maximum fines (up to £17.5m or 4% global turnover) for electronic marketing
• Introducing new rules around cookie consent, subject access requests, and automated decisions
• Expanding the ICO’s powers to compel reports and interviews when needed

These changes reinforce that consent must be clear, recorded, and verifiable.

Why this matters to your business

• Reputation: A fine or public enforcement can seriously hurt trust
• Customer relations: Being transparent builds loyalty
• Peace of mind: Clear consent means clear marketing

But many businesses find this complicated. That’s where Athlex comes in.

How Athlex Helps — Simply and Clearly

We’ve designed our support with your needs in mind — straightforward, effective, and jargon-free.

Marketing Compliance Packages

• Clear, compliant consent wording
• Reliable record-keeping systems
• Seamless integration into your campaigns

One-off Consultancy

• A no-nonsense audit of current processes
• Plain-English recommendations
• Practical fixes with no long contracts

DPO Services

• Ongoing expert oversight
• Support with consent, DPIAs, training, and ICO contact
• Confidence that everything’s above board

What You Can Do Now

• Check your consent wording — is it specific and unambiguous?
• Make sure you record it — including time, method, and wording
• Update your processes to reflect the DUAA’s new rules
• Consider using a DPO — proactive compliance beats reactive fixes

Learn More

• ICO overview of the Data (Use and Access) Act — ideal for understanding changes to consent, cookies, and ICO powers.
• Technology Law Dispatch: “UK Enacts Data Use and Access Act 2025” — a helpful breakdown of enforcement updates and new fines tiers.bdo.co.uk+5technologylawdispatch.com+5ico.org.uk+5

Don’t Leave It to Chance

Recent fines show the cost of getting consent wrong. At Athlex, we make compliance simple, clear, and stress-free — from one-off help to ongoing DPO support.

Get in touch today to discuss the best fit for your business.