Facial recognition technology (FRT) identifies or otherwise recognises a person from a digital facial image. Businesses can use FRT in a variety of contexts – for example, in allowing access to devices, taking payments, or allowing entry to secure areas.

Depending on the use, FRT involves processing personal data, biometric data, and special category personal data. Such technologies can intrude on people’s privacy, so businesses need to think carefully when deciding if they should implement them.

If you are a small business looking to begin using facial recognition technology, read the ICO’s latest FAQ about using FRT for payment, entry, or other security systems.

The information highlights key issues to be aware of, such as:

  • what you need to consider before using this technology
  • when you must complete a data protection impact assessment
  • how to identify and satisfy a special category condition
  • what to include in your privacy notice if you use FRT

See: Additional considerations for technologies other than CCTV | ICO