United Kingdom
UK General Data Protection Regulation and Data Protection Act 2018
Following Brexit, the UK retained GDPR as the UK GDPR, supplemented by the Data Protection Act 2018. Biometric data used for identification remains special category data. The ICO has been active in enforcement, notably fining Clearview AI £7.5 million and ordering deletion of UK residents' data. The UK has debated regulation of live facial recognition by police, with the ICO issuing specific opinions on proportionality.
Key Provisions
- Biometric data for identification is special category data requiring explicit consent
- UK GDPR mirrors EU GDPR provisions on data subject rights
- ICO has specific guidance on use of facial recognition technology
- Law enforcement use governed by DPA 2018 Part 3 with necessity and proportionality tests
- Live facial recognition by police requires a Data Protection Impact Assessment
- Adequate data protection: UK has EU adequacy decision enabling data flows
Your Biometric Rights
- Right to erasure (right to be forgotten)
- Right to access personal data
- Right to rectification
- Right to restrict processing
- Right to object to processing
- Right to not be subject to automated decision-making
Penalties for Non-Compliance
Up to £17.5 million or 4% of annual worldwide turnover. ICO fined Clearview AI £7.5M in 2022 and ordered deletion of all UK residents' data.
Our Removal Process
We submit erasure requests under UK GDPR on your behalf. UK law requires responses within one month. The ICO provides a robust complaint mechanism if operators fail to comply, which we escalate to when necessary.
Get Protected