Submission from LGA: Consultation on a new legal framework for law enforcement use of biometrics, facial recognition and similar technologies

The Local Government Association (LGA) is the national membership body for councils in England and Wales, representing local authorities across all tiers and political control. It works on behalf of councils to influence national policy and legislation, provide sector-led improvement and support, and promote local government’s role in delivering services, supporting communities, and driving inclusive economic growth. The LGA acts as a collective voice for councils, engaging with central government, regulators, and partners to ensure that local perspectives shape decision-making, while also sharing good practice and evidence to help councils meet current and emerging challenges.

1. To what extent do you agree or disagree that a new legal framework should apply to all use of ‘biometric technologies’ by law enforcement organisations? 

Agree / Neither agree nor disagree / Disagree / Don't know

Please explain your answer:

The Local Government Association (LGA) supports the introduction of a clear and comprehensive legal framework that applies to the use of biometric technologies by law enforcement organisations. From a local government perspective, clarity and consistency in the legal basis for the use of these technologies is essential to maintaining public confidence, ensuring proportionality and supporting effective partnership working at a local level.

A single, coherent framework would help address the current patchwork of legislation and guidance, making it easier for both practitioners and the public to understand when and how biometric technologies may be used. This is particularly important in local places, where police activity is closely connected to community trust, local democratic accountability and wider work by councils to promote community safety and cohesion.

The LGA considers it important that such a framework is principles-based and sufficiently flexible to accommodate technological change, while being underpinned by clear safeguards, transparency requirements and independent oversight. Applying the framework consistently to biometric technologies used by law enforcement would support lawful, ethical use, proportionate use and help reassure communities that appropriate protections for individual rights are in place.

2. Do you think a new legal framework should apply to ‘inferential’ technology i.e. technology that analyses the body and its movements to infer information about the person, such as their emotions or actions?

Yes, the legal framework should apply to technology which can make inferences about a person’s emotion and actions / No, the legal framework should not apply to technology which can make inferences about a person’s emotion and actions / Don't know

Please explain your answer:

The LGA considers any technology used by law enforcement that can make inferences about an individual’s emotions, intentions, or actions has the potential to significantly affect people’s privacy and civil liberties at a local level. Councils have a direct interest in ensuring that community trust is maintained and that residents feel confident that emerging technologies are used appropriately and proportionately.

Applying the legal framework to inferential technologies would help ensure consistent standards for necessity, proportionality, safeguards and would provide clarity about lawful use for both practitioners and the public. It would also support local government in its wider role of promoting community confidence in public services and ensuring that technology is deployed in ways that do not undermine equality, non-discrimination or human rights.

Given the new and evolving nature of inferential technologies, a clear legal framework would also allow oversight bodies to monitor risks, set standards for accuracy, bias mitigation and ensure that councils and partners are not indirectly affected by unlawful or inappropriate uses.

3. Do you think a new legal framework should apply to technology that can identify a person’s clothing or personal belongings, or things that they use (e.g. a vehicle)? 

Yes, the legal framework should apply to technology that can identify objects linked to an individual / No, the legal framework should not apply to technology that can identify objects linked to an individual / Don't know

Please explain your answer:

The LGA considers technology capable of identifying a person through their clothing, personal belongings, or other items they use can have implications for privacy, community trust and proportionality in policing at a local level. While such technologies may appear less intrusive than biometric or inferential tools, they can still enable surveillance of individuals in public spaces, potentially affecting residents’ confidence in law enforcement and local public services. This also raises the risk of mis-identification through a person having a “similar look” or stereotyping groups of people – especially the young who may follow particular fashion trends.

Applying a legal framework to these technologies would ensure consistent standards for necessity, proportionality, transparency and accountability. This is particularly important for councils, who work closely with local policing and community partners to maintain trust, safeguard rights and manage public spaces responsibly. Including object-based identification technologies within the framework would also provide clarity for law enforcement on lawful use, ensure independent oversight and prevent unintended impacts on communities or local services.

4. Do you think that the types of technology the legal framework applies to should be flexible to allow for other technology types to be included in future? The alternative would be for Parliament to consider each new technology.

Yes, the types of technology the legal framework applies to should be flexible / No, the types of technology the legal framework applies to should not be flexible / Don’t know

Please explain your answer:

The LGA supports a flexible approach to the scope of the legal framework, allowing it to cover emerging and future technologies without requiring separate legislation for each new development. Technology in law enforcement is evolving rapidly and a rigid framework risks creating gaps in oversight, inconsistent safeguards, or uncertainty for both practitioners and the public. Consideration should be given to national security as and when new technologies become available. For example, Chinese made technology is unlikely to meet GDPR standards.

From a local government perspective, flexibility helps ensure that councils can continue to engage constructively with law enforcement partners, support public confidence and manage the local impacts of new technologies without waiting for lengthy legislative processes. A principles-based framework with built-in flexibility would maintain the necessary protections for privacy, proportionality and human rights, while allowing oversight bodies to adapt standards and guidance to reflect technological change, operational needs and emerging risks in a timely manner.

5. Do you think a new legal framework should only apply to law enforcement organisations’ use of facial recognition and similar technologies for a law enforcement purpose?

Agree / Neither agree nor disagree / Disagree / Don't know

Please explain your answer:

The LGA considers that a legal framework for facial recognition and similar technologies should be clearly focused on law enforcement purposes, as this ensures clarity about the circumstances in which the technology can be used and protects councils and communities from unintended or inappropriate applications. However, although limiting the framework to just law enforcement would help maintain a clear distinction between policing functions and the wider public or private sector (which may be subject to other regulatory regimes such as data protection law) it allows councils, other public bodies and the private sector to nor comply with the framework. This can undermine confidence and lead to confusion as to how the technology is used.

From a local government perspective, uniform application would support community confidence and accountability by making it clear when such technologies are being deployed in the public interest and under lawful oversight. Councils work closely with police in shared public spaces and need certainty that deployment of biometric technologies is proportionate, necessary and transparent, with robust safeguards in place to protect privacy, rights and equality. Councils would require new burden funding to comply with new regulations.

6. When deciding on the new framework, the government will use the factors listed above to assess how law enforcement organisations’ use of biometric technologies, such as facial recognition, interferes with the public’s right to privacy. What other factors do you think are relevant to consider when assessing interference with privacy?

In addition to the factors already identified by government, the LGA considers that the following should also be taken into account when assessing how law enforcement use of biometric technologies interferes with the public’s right to privacy:

1. Context and location of deployment – The impact on privacy is likely to vary depending on whether technology is used in public spaces, private premises, or sensitive locations such as schools, community centres or areas associated with protests and assemblies.
2. Purpose and proportionality of use – Consideration of whether the use is strictly necessary to achieve a legitimate law enforcement objective and whether less intrusive alternatives could achieve the same aim.
3. Cumulative and long-term effects – How repeated or widespread use across a local area might affect public perceptions of surveillance, trust in authorities and community cohesion.
4. Accuracy and risk of error – The likelihood of false matches or misidentification, and the disproportionate impact on certain demographic groups, which can exacerbate inequalities and undermine public confidence.
5. Transparency and notice – Whether members of the public are informed about where and how technology is being used and the clarity of accessible information about their rights.
6. Retention, sharing, and secondary use of data – How data collected may be stored, shared with other agencies, or reused in ways that could affect privacy beyond the initial purpose.
7. Local accountability and oversight – How communities and local bodies can scrutinise or challenge the deployment of technologies, particularly where they intersect with council-managed public spaces or services.

Including these factors would help ensure that any new legal framework reflects the real-world impact on residents, communities and supports councils in their role of promoting public trust, proportionality and accountability in local policing activities.

7. When designing the new framework, the government will also assess how police use of facial recognition and similar technologies interferes with other rights of the public. This includes things such as the right to freedom of expression and freedom of assembly. In addition to the factors listed above Question 6, which factors do you think are relevant to consider when assessing interference with other rights?

In addition to the factors outlined in Question 6, the LGA considers the following relevant when assessing how police use of facial recognition and similar technologies may interfere with other public rights, such as freedom of expression and freedom of assembly:

1. Impact on lawful protest and civic participation – Consider whether the presence of surveillance technologies could deter individuals from participating in demonstrations, public meetings or community events, potentially chilling free expression and civic engagement.
2. Disproportionate effects on specific groups – How use of the technology might disproportionately affect certain communities, including ethnic minorities, faith groups, or vulnerable populations, which could exacerbate inequalities or lead to discriminatory outcomes.
3. Public confidence and trust in local institutions – Whether the use of these technologies could undermine residents’ trust in local policing, councils, or other public services, which is critical for effective community governance and partnership working.
4. Scope and duration of surveillance – How persistent or widespread monitoring in public spaces might affect the ability of individuals to exercise their rights without fear of undue observation or scrutiny.
5. Accountability and redress mechanisms – Availability of accessible, transparent avenues for the public to challenge decisions, lodge complaints, or seek remedies if their rights have been interfered with.
6. Context of sensitive locations and events – Consideration of the specific setting, such as schools, places of worship or politically significant events, where interference with rights could be particularly acute.
7. Integration with other datasets – Risks associated with combining facial recognition or biometric data with other personal data that may amplify impacts on rights and freedoms.

Including these factors would help ensure the framework balances the need for effective law enforcement with the protection of fundamental rights, and supports councils in maintaining community confidence, cohesion and inclusive civic participation.

8. Do you agree or disagree that 'seriousness' of harm should be a factor to decide how and when law enforcement organisations can acquire, retain, and use biometrics, facial recognition, and similar technology?

Agree / Neither agree nor disagree / Disagree / Don't know

Please explain your answer:

The LGA agrees that the seriousness of harm should be a key factor in determining when and how law enforcement organisations acquire, retain and use biometrics, facial recognition and similar technologies. From a local government perspective, proportionality is central to maintaining public trust and ensuring that the use of such technologies is justified, necessary and balanced against the potential impact on residents’ rights and freedoms.

Considering the seriousness of harm helps ensure that intrusive or high-risk technologies are deployed only in cases where there is a clear and significant public safety or criminal justice rationale, rather than for low-level or routine activities that may unduly infringe on privacy. This approach also supports councils’ work with local police in protecting communities while safeguarding civil liberties, ensuring that the deployment of biometric technologies does not erode community confidence or disproportionately affect particular groups.

By incorporating harm as a factor, the framework would encourage a risk-based and proportionate approach, guiding law enforcement to prioritise interventions where the benefits outweigh the intrusion on individual rights.

9. What factors do you think are relevant to assessing 'seriousness' of harm? For example: the type of offence that has been committed; the number of offences that have been committed; the characteristics of the victim; whether there is an imminent threat to life, or there is an urgent safeguarding issue.

When assessing the “seriousness” of harm, the LGA considers that a range of factors should be taken into account to ensure that the use of biometric and facial recognition technologies is proportionate, targeted and evidence-based. Relevant factors include:

1. Nature and type of offence – Whether the offence is violent, sexual, organised, or otherwise serious in its impact on individuals or communities. Higher-risk offences should justify greater intrusiveness in line with proportionality principles.
2. Scale and frequency of offending – The number of offences, repeat offending, or patterns of behaviour that indicate a higher level of threat to public safety.
3. Impact on victims and communities – Consideration of the characteristics of victims, the level of harm or vulnerability involved and the wider community implications of the crime or behaviour.
4. Immediacy of threat – Whether there is an imminent threat to life, serious injury, or urgent safeguarding concerns, which may necessitate timely use of intrusive technologies.
5. Potential for escalation or broader harm – Whether failing to intervene could result in more serious or widespread harm, such as escalation of criminal activity or risk to public order.
6. Contextual and environmental factors – Circumstances such as locations, times, or events that increase the risk or seriousness of harm (e.g. public gatherings, sensitive sites etc.).
7. Disproportionate impact considerations – How deployment of technology could affect different groups, ensuring the assessment of seriousness includes potential risks of inequality, bias or discrimination.

Including these factors would help ensure that the legal framework targets the use of intrusive technologies at genuinely serious harms, aligns with principles of proportionality, and supports local authorities in promoting public confidence and safeguarding communities.

10. The government believes that some uses of facial recognition and similar technologies require more senior authorisation and that this should be set out in the new legal framework. Do you agree? This could be different levels of authorisation within law enforcement organisations, or, in some circumstances, authorisation by a body independent of law enforcement organisations.

Agree / Neither agree nor disagree / Disagree / Don't know

Please explain your answer:

The LGA agrees that certain uses of facial recognition and similar technologies should require senior / independent authorisation and that this requirement should be clearly defined in the new legal framework. From a local government perspective, robust authorisation processes are critical to maintaining public trust, accountability and proportionality, particularly when deploying technologies that have the potential to significantly impact privacy, civil liberties and community confidence.

Requiring higher-level approval ensures that decisions to use these technologies are subject to scrutiny, risk assessment, and consideration of necessity and proportionality, reducing the likelihood of misuse or overreach. In some cases, independent oversight may be appropriate to reinforce transparency and impartiality, especially for high-risk deployments or sensitive contexts such as public gatherings, protests or safeguarding situations.

Embedding authorisation requirements in the legal framework would also support councils in their role as local leaders, giving them confidence that law enforcement partners are following clear, accountable procedures when using intrusive technologies in public spaces. This approach aligns with broader principles of governance, oversight, and community reassurance.

11. Are there circumstances where law enforcement organisations should seek permission from an independent oversight body to be able to acquire, retain, or use biometrics (for example, use facial recognition technology)? This could include exceptional circumstances outside of the usual rules.

The LGA considers that there should be circumstances where law enforcement organisations seek permission from an independent oversight body to acquire, retain, or use biometrics, including facial recognition technology, particularly in exceptional or high-risk scenarios.

Independent authorisation would provide an additional layer of accountability and public assurance in cases where the use of technology could have a significant impact on privacy, civil liberties, or community trust. Examples might include:

• Use in sensitive or high-profile public spaces, such as protests, schools, or healthcare settings.
• Deployment in cases with heightened safeguarding concerns, imminent threats to life, or urgent public safety issues.
• Novel or experimental applications of technology where the risks, accuracy, or bias are not yet fully understood.
• Situations involving the retention or sharing of biometric data outside usual operational procedures, particularly where long-term or secondary use is planned.

From a local government perspective, independent oversight helps ensure that deployment is proportionate, lawful, and transparent, protecting community confidence while supporting law enforcement to respond effectively to serious threats. It also reinforces public accountability, demonstrating that intrusive technologies are not used arbitrarily or without proper scrutiny. It should also be noted that some schools are still run by local authorities. 

enforcement records and specific conditions were met, the systems could be enabled in such a way as to enable them to biometrically search other government databases, such as the passport and immigration databases. 

In what circumstances should biometrics searches of other government databases be permitted? 

Searches should be for 'serious' offences

Yes / No / Don't know

Searches should be for a safeguarding purpose (e.g. a suspected missing or vulnerable person)

Yes / No / Don't know

Searches should be to identified injured, unwell or deceased people

Yes / No /Don't know

Answer:

The LGA considers that biometric searches of other government databases should be strictly limited to circumstances where there is a clear public interest and proportionality can be demonstrated. Searches for serious offences are justified where there is a significant threat to life, public safety or serious criminal activity - ensuring that the use of sensitive personal data remains targeted and necessary.

Similarly, searches for safeguarding purposes, such as locating missing or vulnerable individuals, or identifying injured, unwell or deceased people, are legitimate uses that directly protect individuals and communities. From a local government perspective, these applications align with councils’ broader responsibility to safeguard residents and support public safety, while ensuring that the use of biometric data is proportionate, transparent and accountable.

The LGA would emphasise that any such searches must be supported by clear authorisation, oversight, and data protection safeguards, and that inappropriate or routine searches outside these circumstances should be prohibited to maintain public trust.

13. If biometric searches of other government databases take place, what safeguards should be in place?

Search requests should be approved by a senior police officer or other appropriately qualified person

Yes / No / Don't know

Search requests should be approved by an independent body

Yes / No / Don't know

Search records should be kept for review by a senior police officer or other appropriately qualified person 

Yes / No / Don't know

Records should be kept for review by an independent body

Yes / No / Don't know

Are there any other limitations or safeguards you think should be considered?

The LGA considers that additional safeguards should include:

1. Purpose limitation: Searches should only be conducted for clearly defined, legitimate purposes, such as serious crime investigation, safeguarding, or identification of injured, unwell or deceased individuals.
2. Proportionality assessment: Each search should be subject to a formal assessment of necessity and proportionality, ensuring that less intrusive methods have been considered.
3. Time-limited retention: Records of searches, including approvals and outcomes, should be retained only for as long as necessary and deleted once no longer required.
4. Transparency and reporting: Independent oversight bodies should be able to publish aggregate statistics and summaries to support public trust while protecting sensitive operational details.
5. Audit and compliance checks: Periodic audits should be carried out by both law enforcement and independent oversight bodies to ensure compliance with the legal framework and to identify and address any misuse or errors.
6. Training and competence: Officers or staff authorised to request searches should be appropriately trained on privacy, data protection, and ethical use of biometric systems.

These safeguards would help ensure that biometric searches of government databases are conducted lawfully, proportionately, and transparently, maintaining public confidence while supporting councils and law enforcement in protecting local communities.

14. The functions set out above could be undertaken by one single independent oversight body – do you agree? This could be achieved by them overseeing multiple codes of practice (see also questions 15 and 16).

Agree / Neither agree nor disagree / Disagree / Don't know

Please explain your answer:

The LGA considers that a single independent oversight body could provide an effective and coherent approach to regulating the use of biometrics, facial recognition and similar technologies. Consolidating oversight functions would help ensure consistency in standards, guidance and enforcement, reducing confusion for law enforcement organisations, local authorities and the public.

From a local government perspective, a single oversight body could improve clarity and accountability, making it easier for councils and communities to understand how technologies are being used in public spaces and to whom they can raise concerns. It would also support coordinated auditing, reporting and guidance, ensuring that best practice is shared and compliance is monitored effectively.

The LGA notes that the oversight body must have sufficient resources, expertise, and independence to maintain public confidence, enforce compliance and adapt to technological developments. Where multiple codes of practice exist under one body, this should not compromise the ability to provide tailored guidance for specific technology types or operational contexts, but should enhance transparency and proportionality.

15. What sort of powers or obligations should the oversight body have to oversee law enforcement use of facial recognition and similar technologies?

Publish codes of practice detailing what law enforcement organisations would be expected to do to meet their legal and ethical obligations when developing or using technology.

Yes / No / Don't know

Investigate instances where use of a technology presents substantial risks to criminal investigations or proceedings due to non-compliance with the code of practice.

Yes / No / Don't know

Investigate instances where use of a technology has potentially unjustified interferences with the rights and protections people have under data protection, equalities and human rights law.

Yes / No / Don't know

Investigate instances where a technology has been misused, hacked or accessed without authorisation.

Yes / No / Don't know

Request information from law enforcement organisations to aid oversight of police use of the technology.

Yes / No / Don't know

Issue compliance notices requiring law enforcement organisations to take specific actions to remedy non-compliance.

Yes / No / Don't know

Seek injunctions to prevent or stop technology use that pose significant risks, in conjunction with other statutory bodies where necessary.

Yes / No / Don't know

Make public declarations about non-compliance to inform stakeholders and the public.

Yes / No / Don't know

Receive complaints and referrals from anyone, in order to inform their investigations.

Yes / No / Don't know

Publish an annual report detailing compliance with the relevant Code(s) of practice and recommendations to Parliament on revisions to the Code.

Yes / No / Don't know

Set standards that help assure the scientific validity of the technology.

Yes / No / Don't know

Decide which new technologies or new uses of existing technologies should be added to the legal framework in future.

Yes / No / Don't know

What other powers or obligations do you think there should be?

Additional powers or obligations:

1. Guidance and training for law enforcement staff: The oversight body should provide guidance, best practice materials and training support to ensure lawful and ethical deployment of technologies.
2. Monitoring of bias and equality impacts: The body should regularly assess whether technologies produce disproportionate impacts on particular demographic groups and require corrective measures.
3. Collaboration with local authorities and community stakeholders: To maintain public trust, the oversight body should have mechanisms for engaging councils, residents, and local community groups, especially where technology is deployed in shared public spaces.
4. Audit powers: Ability to conduct both routine and ad hoc audits of law enforcement systems and processes, including technical validation, to ensure compliance with codes of practice.
5. Advisory role on policy and legislative development: To ensure the legal framework remains responsive to emerging technology and public interest, the oversight body should be able to advise government and Parliament on updates to the codes, regulatory requirements or statutory powers.

These powers and obligations would ensure that the oversight body can operate effectively, independently, and transparently, supporting local government interests by promoting public confidence, accountability and proportionality in the use of intrusive technologies.

16. The government believes the new oversight body should help set specific rules for law enforcement organisations to follow, to guard against bias and discrimination when using technologies such as facial recognition, and check compliance with these rules. 

To what extent do you agree or disagree?

Agree / Neither agree nor disagree / Disagree / Don't know

17. What types of rules might the new oversight body be responsible for setting? These could include ensuring tools are of sufficient quality or determining what testing should be undertaken.

The LGA considers that the oversight body should be responsible for setting rules that ensure biometric and facial recognition technologies are deployed lawfully, ethically and reliably, including:

1. Technical accuracy and quality standards – Establishing minimum thresholds for system accuracy, reliability, and robustness, including guidance on acceptable error rates for different operational contexts.
2. Bias and equality testing requirements – Mandating independent, regular testing to identify and mitigate disproportionate impacts on demographic groups and ensuring fair and non-discriminatory outcomes.
3. Data protection and privacy standards – Rules governing the collection, storage, retention, deletion and sharing of biometric data to protect individual rights and comply with data protection law.
4. Operational testing and validation protocols – Standards for validating technology before deployment, including simulation, live trials and ongoing performance monitoring.
5. Safeguards for sensitive contexts – Specific guidance on use in high-risk or sensitive environments, such as public assemblies, schools, healthcare settings, or locations associated with vulnerable populations.
6. Staff competence and training requirements – Rules for the qualifications, training and supervision of staff operating or authorising biometric technologies.
7. Audit and compliance procedures – Clear processes for reviewing, auditing, and reporting on use of technology to ensure accountability and transparency.
8. Incident response protocols – Guidance for handling system failures, misuse, breaches, or unauthorized access, including reporting obligations and remedial actions.

By setting these types of rules, the oversight body would ensure that technologies are safe, accurate, proportionate, and equitable, providing councils and local communities with confidence that law enforcement use is responsible and respects public rights.