The UK Information Commissioner’s Office (ICO) has published their new AI and biometrics strategy, "Preventing Harm, Promoting Trust" outlining how it will regulate the use of AI and biometric technologies.
As these tools become increasingly embedded in public services, recruitment, and law enforcement, the ICO emphasises that their responsible use must be underpinned by public trust.
Understanding biometric technologies
Biometric technologies are systems and tools that use unique physical or behavioural characteristics to identify or verify individuals. These technologies analyse traits that are inherent to each person, making them useful for security, authentication, and identification purposes. Examples include facial recognition, fingerprint scanning and voice recognition.
When powered by AI, biometric tools can enhance efficiency and security across sectors, including law enforcement. However, their use also raises significant data protection and ethical concerns.
Public concerns and data protection risks
The ICO recognises that public confidence depends on how organisations manage risks such as bias, inaccuracy, and lack of transparency. For example, individuals may worry about being misidentified by facial recognition systems or unfairly excluded by automated recruitment tools.
Strategic priorities
The ICO’s strategy aims to help organisations harness the benefits of AI and biometrics while complying with data protection laws and maintaining public trust. It identifies three core focus areas:
The need for transparency and explainability: ensuring transparency in recruitment-related automated decision-making and with police use of facial recognition technologies.
Dealing with bias and discrimination: addressing the risk that AI systems may replicate or amplify existing societal biases, especially when trained on flawed or unrepresentative data.
Providing rights and redress: Providing clear mechanisms for individuals to challenge and correct harmful or inaccurate outcomes, such as being misidentified by facial recognition.
What to expect from the ICO
To support these priorities, they have pledged to take action over the next year to ensure that organisations can develop and deploy AI and biometric technologies with confidence and that people are safeguarded from harm. They will do this by:
1. Providing clarity on responsible AI and ADM use
Updated guidance and a statutory code of practice will help organisations use AI and ADM in a transparent, fair, and accountable way.
2. Promoting high standards in government automated decision making (ADM)
The ICO will collaborate with central government to share best practices and ensure ADM systems are used fairly and responsibly. The ICO will also set clear expectations and seek assurances that departments are applying appropriate safeguards.
3. Setting expectations for ADM in recruitment
The ICO will examine how major employers and platforms use ADM in hiring, focusing on risks like bias and lack of transparency. They will publish findings and hold organisations accountable for protecting applicants’ information rights.
4. Overseeing foundation model developers
Developers will be expected to protect personal data used in training AI models and prevent harmful outputs. Enforcement action may follow where necessary.
5. Ensuring responsible police use of facial recognition
The ICO will issue guidance for police on using facial recognition lawfully and audit deployments to ensure rights are protected. They will also advise government on legal reforms to maintain public trust and proportionality.
6. Anticipating emerging AI risks
The ICO will assess the data protection implications of advanced AI systems, including those that infer emotions or traits, and publish insights through a Tech Futures report. They will monitor high-risk use cases and intervene where systems cause harm or infringe rights.
Summary
The ICO’s strategy signals a shift toward more assertive oversight of AI and biometric technologies. With new guidance, codes of practice, and regulatory scrutiny on the horizon, the ICO aims to ensure that innovation is balanced with strong safeguards for individual rights and public confidence.
