FOI release

BSCC/FOI/0121-2/KS: The use of military drones for surveillance

Updated 27 August 2021

Our reference: BSCC/FOI/0121-2/KS

Published 24 April 2021

Freedom of Information Request regarding the use of military drones for surveillance and under what circumstances facial recognition technology is deployed for use on the UK general public

Dear

I write to you in my capacity as the Biometrics and Surveillance Camera Commissioner and in response to your Freedom of Information Requests dated 5 and 20 April 2021.

In your email dated 5 April 2011 you asked:

1. Does the Surveillance Camera Commissioner hold information on whether high altitude remote piloted/unmanned, surveillance aircraft such as military drones have been used or are intended to be used over UK airspace for the purpose of surveillance of the civilian population?

I do not hold this information.

You also asked:

2. Could the Surveillance Camera Commissioner inform me as to where, when and under what circumstances facial recognition technology is deployed for use on the UK general public?

On 20 April 2021 you clarified this question and asked:

The purpose and scope of any deployments can be varied across different organisations, and the regulations governing use of facial recognition technology would depend on whether the organisation utilising the technology is a private or public organisation.

My statutory function under Section 34(2)(a) of the Protection of Freedoms Act 2012 is to encourage compliance with the Surveillance Camera Code of Practice (PDF, 518 KB) (SC Code), which relevant authorities (generally the police and local authorities) must have regard to when operating surveillance camera systems, including facial recognition technology, overtly in public places in England and Wales. Non-relevant authorities fall outside of my remit, although I do encourage those organisations to adopt the SC Code on a voluntary basis.

My predecessor, Tony Porter, issued ‘Facing the Camera’ (PDF, 701 KB) in December 2020. This is not a Code of Practice or policy document, but rather is good practice and guidance for the police use of overt surveillance camera systems incorporating facial recognition technology to locate persons on a watchlist, in public places in England and Wales. In the context of police forces using Live Facial Recognition, “where the processing of data is “sensitive processing” then such processing must be strictly necessary for the law enforcement purposes, the processing must meet at least one of the conditions in Schedule 8 DPA and at the time when the processing is carried out the Data Controller must have an appropriate policy document in place in accordance with Section 42”. I do not hold any records of internal policy documents.

All organisations, whether private or public, would also be required to comply with data protection and other human rights laws when operating facial recognition technology. Data protection laws are separately regulated by the Information Commissioner’s Office (ICO).

I do not hold any information pertaining to where facial recognition technology is currently being deployed, however I am aware that the use of facial recognition by both private and public organisations is widely reported in the media and you may be able to find information on current deployments by conducting research on the internet.

The matter of whether the authorities would need to inform the public of any deployment is dependent on whether it is a covert or overt operation. If overt, authorities must be transparent in its use, as per principle 3 of the SC Code which states “There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints.” Section 3.3.1 goes on to state “People in public places should normally be made aware whenever they are being monitored by a surveillance camera system, who is undertaking the activity and the purpose for which that information is to be used.”

If the deployment is covert, by the very nature of its deployment, there would not be a requirement to inform members of the public that this surveillance was taking place. Covert surveillance by public authorities is covered by the Regulation of Investigatory Powers Act 2000. Covert surveillance in public places by those who do not fall within the 2000 Act (for example, the private operator of a surveillance camera system in a shopping centre) may be used as part of a specific investigation in exceptional and justifiable circumstances. Any such covert use of private systems by or on behalf of a public authority (with the authority’s knowledge) immediately places such use within the bounds of the 2000 Act. Covert surveillance is separately regulated by the Investigatory Powers Commissioners Office (IPCO).

With regards to your last question, there is no statute which puts a legal obligation on members of the public to have their faces recorded, however, organisations utilising this technology may for example deny citizens access to buildings and services unless they consent to this. In the case of police forces overtly using this technology to find persons on a watchlist, individuals should be made aware of the technology being used and can therefore opt to walk away from the area where the cameras are being used without having their faces scanned. It is not an offence to cover your face or wear a mask in public, although you may be required to remove face coverings in shops, banks, etc.

It would then be a matter for the police to decide whether the act of avoiding the cameras or covering one’s face was deemed to be suspicious behaviour (this may also be assessed alongside other behavioural indicators) and whether that warranted a need to stop and question that individual. The police do have the power to remove face coverings if they believe the garments are being used as a disguise. This comes under section 60AA of the Criminal Justice and Public Order Act 1994.

If you are dissatisfied with this response, you may request an independent internal review of our handling of your request by submitting a complaint within two months to the email address below, quoting reference BSCC/FOI/0121-2/KS. If you ask for an internal review, it would be helpful if you could say why you are dissatisfied with the response.

As part of any internal review my handling of your information request will be reassessed by staff that were not involved in providing you with this response. If you remain dissatisfied after this internal review, you have a right of complaint to the Information Commissioner as established by section 50 of the Freedom of Information Act.