The United Kingdom (UK) government is set to revise its data protection laws, giving counter-terrorism police more authority over biometric data.
One of the proposed amendments of the Data Protection and Digital Information Bill allows authorities to retain biometric information of individuals who pose a potential security threat.
In a statement released on 23 November 2023, UK Home Office James Cleverly stressed the importance of the Bill’s “common-sense” changes.
“This Bill will improve the efficiency of data protection for our security and policing partners—encouraging better use of personal information and ensuring appropriate safeguards for privacy,” Cleverly added.
He emphasized that law enforcement and security need biometric access to ensure everyone’s safety.
One main focus of the Data Protection and Digital Information Bill is improving national security.
The changes to biometric data retention will allow UK authorities to hold on to the data as long as the INTERPOL’s notice is active. This aligns with the inter-governmental organization’s own retention rules.
The proposed revision will also ensure that counter-terrorism police can indefinitely keep the biometric data of individuals with foreign convictions.
The change will be crucial when dealing with foreign nationals who may have prior convictions for serious crimes, including acts of terrorism.
Currently, the government can only retain indefinitely the biometric data of individuals with convictions in the UK.
Other proposed amendments to the Data Protection and Digital Information Bill include accessing third-party data to safeguard against benefit fraud.
Another is requiring social media companies to retain personal data of the deceased to support bereaved families and coroner investigations.
Data Protection and Management post-Brexit
Following the UK’s exit from the European Union (EU), the British government replaced the EU General Data Protection Regulation (EU GDPR) with the Data Protection Act 2018 or the UK’s implementation of the General Data Protection Regulation (UK GDPR)
The EU GDPR regulates the processing and transfer of personal data of individuals residing in the EU.
The Data Protection and Digital Information Bill intends to amend the Data Protection Act 2018 and the UK GDPR.
When passed, the Bill will also abolish the office of the Biometrics and Surveillance Camera Commissioner (BSCC) and replace it with a Forensic Information Database Strategy Board.
The BSCC’s role is to facilitate compliance with the surveillance camera code of practice. It is an independent monitoring body that works with the UK Home Office.
In a report published in October 2023, a government-backed Centre for Research into Information Surveillance and Privacy (CRISP) warned that eliminating the BSCC could leave Britain without proper oversight of technologies.
The House of Commons will consider amendments proposed at Parliament’s Report today, 29 November 2023. The Bill is expected to be signed into law in early 2024.
Biometric data and ETA
The UK government uses biometric technology to authenticate the identities of foreigners who apply for entry clearance, extend their stay in the country, or apply for British citizenship.
It also uses biometric data to pre-screen and verify foreigners required to obtain an Electronic Travel Authorization (ETA) before coming to the UK. These are citizens from countries with visa waiver status and do not need a visa to enter the country.
The new ETA system aims to improve border security. The application process currently adheres to the UK GDPR and Data Protection Act 2018.
The system typically stores facial biometric data for three years unless there’s a reason to hold onto them longer.
Personal information and biographics are kept for 15 years following the last case action under visa retention periods.
The Data Protection and Digital Information Bill is a significant effort to address the handling of personal data and ensure compliance with data protection standards.
Authorities having more control over biometric data can improve security by enforcing data protection standards more efficiently.
This is especially critical for vetting foreign nationals with prior serious crime convictions outside of the UK.
Both the ETA and the Data Protection Bill reflect the UK government’s commitment to modernizing and adapting the laws in response to evolving challenges in data protection and immigration control.