R. (on the application of Bridges) v Chief Constable of..., 2019 WL 04179616...
For educational use only
R. (on the application of Bridges) v Chief Constable of South
Wales
Negative Judicial Consideration
Court
Divisional Court
Judgment Date
4 September 2019
Where Reported
[2019] EWHC 2341 (Admin)
[2020] 1 W.L.R. 672
[2020] 1 All E.R. 864
[2019] 9 WLUK 9
[2020] 1 Cr. App. R. 3
[2019] H.R.L.R. 16
[2019] A.C.D. 122
Times, December 09, 2019
Times, December 11, 2019
[2019] C.L.Y. 1389
Judgment
Subject
Human rights
Other related subjects
Police; Information technology; Criminal evidence
Keywords
Crime prevention; Data protection; Facial recognition software; Personal data; Privacy; Public sector equality duty; Right to respect for
private and family life; Visual identification
Judge
Haddon-Cave LJ;
Swift J
Counsel
For the claimant: Dan Squires QC, Aidan Wills.
For the defendant: Jeremy Johnson QC.
For the interested party: Richard O'Brien.
For the first intervener: Gerry Facenna QC, Eric Metcalfe.
For the second intervener: Andrew Sharland QC.
Solicitor
For the claimant: Liberty.
For the defendant: In-house solicitor.
For the interested party: Government Legal Department.
For the first intervener: In-house solicitor.
For the second intervener: Government Legal Department.
© 2023 Thomson Reuters.
1
R. (on the application of Bridges) v Chief Constable of..., 2019 WL 04179616...
Case Digest
Summary
The current legal regime in the UK was adequate to ensure the appropriate and non-arbitrary use of automated facial recognition
technology. A police force's use of such technology in a pilot scheme was consistent with the requirements of human rights and
data protection legislation and the public-sector equality duty.
Abstract
A civil liberties campaigner applied for judicial review of the defendant police force's use of automated facial recognition
technology (AFR).
Using AFR involved processing the facial biometric data of members of the public. The technology had been used by the police
force in a pilot project which involved deployment of surveillance cameras to capture digital images of people, which were then
processed and compared with images of persons on police watchlists. If no match was made, the facial biometrics or image of
scanned persons were immediately and automatically deleted. The instant proceedings concerned the adequacy of the current
legal framework in relation to AFR. The claimant challenged the lawfulness of its use generally, and specifically regarding two
occasions when his image had been captured without warning.
The claimant contended that the use of AFR interfered with his ECHR art.8(1) rights, was contrary to the requirements of data
protection legislation and failed to comply with the public-sector equality duty under the Equality Act 2010 s.149(1).
Held
Application refused.
ECHR art.8 rights - The claimant's physical proximity to the location of the cameras was sufficient to give rise to a reasonable
apprehension that his image might have been captured and processed such as to entitle him to claim a violation of his art.8(1)
rights, AXA General Insurance Ltd, Petitioners [2011] UKSC 46, [2012] 1 A.C. 868, [2011] 10 WLUK 287 followed. The
use of AFR did entail infringement of the art.8(1) rights of those in the claimant's position (see paras 45-62 of judgment). His
primary argument was that use of AFR was not "in accordance with the law" for the purposes of art.8(2). The police's common
law powers were "amply sufficient" in relation to the use of AFR; they did not need new express statutory powers, R. (on the
application of Catt) v Association of Chief Police Officers of England, Wales and Northern Ireland [2015] UKSC 9, [2015] A.C.
1065, [2015] 3 WLUK 106 followed (paras 68-78). There was also a clear and sufficient legal framework governing whether,
when and how it could be used, R. (on the application of Gillan) v Commissioner of Police of the Metropolis [2006] UKHL
12, [2006] 2 A.C. 307, [2006] 3 WLUK 246 followed. It was important to focus on the substance of the actions that use of
AFR entailed, not simply that it involved deployment by the police of an emerging technology. The fact that a technology was
new did not mean that it was outside the scope of existing regulation, or that it was always necessary to create a bespoke legal
framework for it. The legal framework within which AFR operated comprised three elements, in addition to the common law:
primary legislation, in the form of the data protection legislation; secondary legislative instruments in the form of codes of
practice issued under primary legislation, including the Surveillance Camera Code; and the police force's own local policies.
Each element provided legally enforceable standards. When considered collectively against the backdrop of the common law,
the use of AFR was sufficiently foreseeable and accessible for the purpose of the "in accordance with the law" standard. It
was neither necessary nor practical for legislation to define the precise circumstances in which AFR might be used. The data
protection principles provided sufficient regulatory control to avoid arbitrary interferences with art.8 rights. With regard to the
content of local policies, AFR was still in a trial period. The possibility, or likelihood, of improvement was not evidence of
present deficiency (paras 79-97). The use of AFR relied on by the claimant struck a fair balance and was not disproportionate;
it was deployed in an open and transparent way, with significant public engagement, Bank Mellat v HM Treasury [2013] UKSC
39, [2014] A.C. 700, [2013] 6 WLUK 527 followed (paras 98-108).
Data protection - The primary point of dispute in respect of the Data Protection Act 1998 s.4(4) was the extent to which using
AFR entailed processing personal data. The police argued that the only personal data processed was the data of those persons
on their watchlist. There were two routes by which the data could be considered "personal data": indirect identification and
individuation. However, the processing of the claimant's image was processing of his personal data only by the second route. The
information recorded individuated, or singled a person out and distinguished them, from others. The biometric facial data was
© 2023 Thomson Reuters.
2
R. (on the application of Bridges) v Chief Constable of..., 2019 WL 04179616...
qualitatively different and clearly comprised personal data because, per se, it permitted immediate identification of a person. The
police were therefore required to process that data consistently with the data protection principles. The claimant's case rested
only on the first principle that personal data had to be processed lawfully and fairly. The use of AFR on the occasions relied
on satisfied that condition. It was necessary for the police's legitimate interests taking account of the common law obligation
to prevent and detect crime (paras 109-127). Under the Data Protection Act 2018 s.34(3), competent authorities had to be able
to demonstrate compliance with Pt 3 Ch.2 of the Act. The claimant argued that AFR use entailed "sensitive processing" under
s.35(8)(b) and did not comply with the requirement of the first data protection principle under s.35(3). The police force agreed
in respect of those persons who were on a watchlist, but disputed that it extended to all those captured by CCTV cameras.
However, s.35(8)(b) could properly be read as applying to both categories of person. The operation of AFR did therefore involve
the sensitive processing of the biometric data of members of the public not on the watchlist. However, it also satisfied the first
two requirements in s.35(5) as being necessary for law enforcement purposes and in meeting at least one of the conditions in
Sch.8 (paras 128-137). The impact assessment prepared by the police met the requirements of s.64 of the 2018 Act. There was
a clear narrative that explained the proposed processing and referred to concerns raised in respect of intrusions into privacy
of members of the public. Although not part of the s.64 requirements, the assessment specifically considered the potential for
breach of art.8 rights. The claimant's criticism on that point was therefore without foundation (paras 142-148).
Public-sector equality duty - The police relied on a document entitled Equality Impact Assessment - Initial Assessment as
evidence of its compliance with the s.149(1) duty. The claimant's criticism was that the police had not considered the possibility
that AFR might produce results that were indirectly discriminatory on grounds of sex and/or race because it produced a higher
rate of false positive matches for female and/or black and minority ethnic faces. However, there was an air of unreality about that
contention. There was no suggestion that, when the AFR trial started, the police force had, or should have, recognised that the
software might operate in an indirectly discriminatory way. There was still no firm evidence suggesting indirect discrimination.
The possibility of future investigation did not make good the argument that, to date, the police force had failed to comply with
its duty. The police force had continued to review events against the relevant criteria. That was the approach required by the
public-sector equality duty in the context of a trial process (paras 149-158).
© 2023 Thomson Reuters.
3