Finnish SA: Police Reprimanded for Illegal Processing of Personal Data with Facial Recognition Software

The Deputy Data Protection Ombudsman has issued a statutory reprimand to the National Police Board for illegal processing of special categories of personal data during a facial recognition technology trial.

The National Police Board notified the Office of the Data Protection Ombudsman in April 2021 of a personal data breach involving the trial use of facial recognition software by the National Bureau of Investigation in early 2020. The National Bureau of Investigation unit specialising in the prevention of child sexual abuse had experimented with facial recognition technology in identifying potential victims.

The decision to try the software had been made independently by the police unit, and the processing of personal data had been performed without the approval of the controller, i.e. the National Police Board. The National Police Board had been informed of the use of the Clearview AI service by Buzzfeed News.

The controller’s responsibility was not fulfilled in these operations, and the measures taken by the controller had not prevented the unlawful processing of personal data. It would have been the duty of the National Police Board to ensure that police personnel are familiar with regulations and the required procedures.

In addition to the reprimand, the Deputy Data Protection Ombudsman ordered the National Police Board to notify the data subjects of the personal data breach insofar as their identity could be determined. The National Police Board must also request that Clearview AI erase the data transmitted by the police from its storage platforms.

You can find the full text of the decision here.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr