Facial recognition technology is spreading across the United Kingdom at a pace that would make any regulator break out in a cold sweat.
And that is not an exaggeration.
While the Metropolitan Police in London has already scanned more than 1.7 million faces this year alone, an 87% jump compared to the same period in 2025, the agencies responsible for oversight of this technology are still trying to wrap their heads around just how big of a problem they have on their hands.
The situation is serious enough that the very guardians of the system are sounding the alarm.
Prof. William Webster, biometrics commissioner for England and Wales, summed up the landscape well when he said that the slow pace of legislation is trying to catch up with the real world and that the horse has bolted before the cart was ready. Dr. Brian Plastow, who holds the same role in Scotland, was even more blunt, stating that the technology is nowhere near as effective as the police claim and that there is a patchwork of legal frameworks scattered across the UK. According to Plastow, in England and Wales, the police are essentially marking their own homework.
On the public safety side, police forces and major retail chains like Sainsbury’s, Budgens, and Sports Direct argue that the technology makes streets safer and reduces crime.
On the other side, everyday people are being arrested, barred from stores, and treated as suspects because of mistakes made by a system that nobody seems to be genuinely monitoring. Citizens wrongly labeled as criminals by stores using AI-powered cameras reported that there is no accountability and no effective channel to file a complaint. They said the system made them feel guilty until proven innocent.
And meanwhile, regulation? It could take at least three years to go into effect.
What is at stake here goes far beyond cameras and algorithms.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
We are talking about data privacy, civil rights, and how far a society is willing to go in the name of security without making sure no innocent person pays the price for it. 👇
A system that outgrew every rule
The use of facial recognition in the UK did not appear out of thin air. It was introduced gradually, first in low-key pilot programs, then in regular operations, and today it is part of the daily routine for more than a dozen British police forces. The problem is that this expansion happened without any specific law being passed to regulate the use of this technology in a clear and comprehensive way. The result is an environment where each police force and each retail chain ends up setting its own rules, with different standards for transparency, data storage, and accountability when something goes wrong.
In practice, this means a London resident could have their face scanned dozens of times a week without ever knowing it happened. Cameras equipped with live facial recognition are already installed in subway stations, busy streets, and even in supermarkets and department stores. And contrary to what a lot of people assume, it is not just the police using this technology. Private companies in the retail sector have adopted these systems on their own, claiming they fight theft and protect employees, but without any standardized legal obligation to inform consumers or to ensure that collected data is securely disposed of.
Biometrics commissioner Prof. William Webster was quite direct in warning that the pace of adoption of this technology has completely outstripped the ability of oversight bodies to keep up with what is happening. He publicly stated that we could be looking at three years, at a minimum, before regulation is in place and working. He went on to say that the technology is getting cheaper and that over time it will be seen everywhere, including in the fixed network of surveillance cameras. The existing control mechanisms were designed for a different world, where the use of biometrics was limited and well-defined. Today, with cameras scattered everywhere and increasingly sophisticated systems being purchased by both the public and private sectors, those mechanisms simply cannot keep up.
Currently, several agencies share some level of oversight over the technology, including the Information Commissioner’s Office, known as the ICO, and the Equality and Human Rights Commission. But none of them has the mandate or tools needed to exercise truly effective control over how facial recognition is being used on a daily basis. The biometrics commissioners themselves are calling for the creation of a new dedicated regulator with the power to actively crack down on abuses.
Mistakes that have real names and real faces
One of the most sensitive aspects of this entire debate is that the mistakes made by facial recognition systems are not abstract. They affect real people, with real stories and real consequences.
In February, The Guardian revealed how police arrested a man for a robbery that took place in a city he had never visited. The facial scanning software confused his face with that of another person of South Asian heritage. Alvi Choudhury was arrested and held in police custody until the error was acknowledged. Cases like this show that the systems have significantly higher error rates when analyzing faces from certain demographic groups, which raises serious questions about how data privacy and fundamental rights are being equally protected.
In the retail space, the situation has also led to embarrassing and degrading incidents. Ian Clayton, a retired health and safety professional living in Chester, was asked to leave a Home Bargains store in February after being flagged by the facial recognition system as a shoplifter. He later discovered that he had been wrongly linked to a thief simply because he happened to stand next to that person during a previous visit to the store.
It is very Orwellian, Clayton said. We are constantly being recorded and put into these systems, but should we be there? It feels like spying without reason. It left me feeling vulnerable, exposed, and a bit powerless. Now I am hyper-aware of cameras.
A similar situation happened to Warren Rajah, a data strategist in south London, during a visit to a Sainsbury’s. Rajah described the scenario as a civil rights issue that we are slowly sleepwalking into, and pointed out that the cameras cannot capture the features of people with darker skin tones with the same accuracy.
The organization Big Brother Watch, a civil liberties advocacy group, reported being contacted by 21 people over the past year who believe they were wrongly added to watchlists or misidentified by these systems.
Reports of malicious use of watchlists
Beyond the technical errors, a whistleblower brought forward allegations that the systems are, in some cases, being used maliciously by store employees or security guards who add members of the public to watchlists even when those individuals have not been caught doing anything wrong.
Paul Fyfe, a former security guard who worked with cameras from the company Facewatch in Stockton-on-Tees until September of last year, stated that in some cases employees flagged people on the lists even when they had not been caught shoplifting or committing violence.
If you have someone there who has annoyed you, who you cannot catch, or who is bothering or threatening you, the easiest way to get back at them is to put them in the system, Fyfe said. He claimed to have knowledge of 10 to 15 cases where people were flagged for malicious reasons. The result is that security guards at other stores running the same software would receive alerts every time those individuals walked in.
Nick Fisher, CEO of Facewatch, denied the allegations. He stated that the company does not recognize the claims that the incident recording system is being misused and that the system was specifically designed to prevent misuse, with strict rules, safeguards, and controls. According to Fisher, retailers need to meet clear evidence standards before submitting a record, and every submission goes through human review before any person is added to the database.
Public safety versus privacy: a debate with no easy answers
British police forces are not using this technology for no reason. The results released by the Metropolitan Police show that facial recognition has already contributed to the arrest of suspects wanted by the courts, including in violent crime cases. The Home Office itself is planning to roll out the technology nationwide, describing it as the biggest breakthrough in catching criminals since DNA testing. For supporters of the system, this argument is enough to justify expanding its use: if the technology saves lives and takes criminals off the streets, the benefit to public safety outweighs the collateral risks.
But critics point out that there is a fundamental difference between a camera that records footage and a system that automatically identifies every face that passes in front of it, cross-references that information against databases, and makes decisions in real time. This technological leap completely changes the nature of the oversight that citizens are subjected to. A regular camera records; a facial recognition system tracks. And tracking a person’s every move in public spaces, without their knowledge and without their consent, raises deep questions about how far the state’s right to observe its own citizens should extend.
A survey conducted by Opinium with 2,000 adults last month revealed data that captures this unease well. About 57% of respondents believe the systems represent another step toward turning the UK into a surveillance society. Nearly a third opposed the use of facial recognition by retailers. And 62% expressed concern about the possibility of the technology causing problems for people who have done nothing wrong.
The central question in this debate, then, is not whether the technology works. It is who it works for, under what conditions, and with what guarantees that mistakes will be acknowledged and corrected. Without a robust legal framework that defines clear responsibilities, anyone can become the target of a system that does not make small errors — it makes errors with serious consequences — and rarely has to explain itself. And it is precisely this lack of accountability that makes the conversation about data privacy and public safety so urgent and so difficult at the same time.
The audit that never happened
Making the oversight gap even worse, an independent audit of the Metropolitan Police’s use of facial recognition has been postponed indefinitely. The investigation, which had been scheduled by the ICO for October of last year, was pushed back after the Met itself requested the delay.
Emails obtained by The Guardian through a Freedom of Information request show that the police cited as reasons for the delay the need to deal with a legal challenge to its facial scanning policy — which a court ruled in its favor last week — the officers’ Christmas holidays, and the operational demands of New Year’s Eve celebrations. The ICO accepted the request, and now there is no guarantee that the audit will actually take place.
The decision drew criticism that the regulator is being insufficiently aggressive. Member of Parliament David Davis, a former shadow Home Secretary and civil liberties advocate, stated that facial recognition is a massive development with all sorts of implications and that the ICO should be the champion of the ordinary citizen and should be much more aggressive in what it does.
The Met stated that it has always been transparent about its use of facial recognition technology and welcomes independent scrutiny. The ICO said it is assessing whether the audit will be rescheduled. Citizens who reported problems with the system described the ICO as toothless and unresponsive.
The regulation that still has not arrived
The British government acknowledges that it needs to act. The Home Office is considering a new legal framework for the technology while simultaneously planning its nationwide expansion. But even the most optimistic estimates suggest that any concrete legislation is still at least three years away from taking effect. In the meantime, the use of this technology will keep growing, the databases will keep being fed, and citizens will continue not knowing exactly what data about them is being collected, how long it is stored, and who has access to it.
The ICO, the British authority responsible for data protection, has issued general guidance on the subject, but without the legal force to compel companies and public agencies to follow uniform standards. This creates a scenario where every entity using facial recognition interprets the rules in its own way, making oversight practically impossible to carry out in a systematic and effective manner. The commissioners and regulators themselves admit they are operating with tools designed for another era, trying to regulate a reality that has changed faster than any legislative process can keep up with.
The biometrics commissioners are clear: new laws need to be created to define when and how police forces can use live facial recognition, and a new regulator needs to be established with real power to crack down on abuses. Without that, what we have is a system where, as Dr. Plastow put it, the police are essentially marking their own homework, and the ordinary citizen who gets hurt has nowhere to turn.
What experts agree on is that this debate needs to happen now, not three years from now. Every month that passes without regulation is another month in which millions of faces are scanned, more biometric data is stored on public and private servers, and more people are exposed to automated decisions that can change their lives without any real right to challenge them. Data privacy is not a luxury or a technical detail. It is a fundamental right, and making sure it is respected even as facial recognition technology advances at breakneck speed is exactly the kind of challenge that defines what a society truly values when the pressure is on. 🔍
