Human rights group Liberty has said the UK government’s proposed Crime and Policing Bill will transform the country’s driving licence database into a de-facto facial recognition database, enabling police to access the biometric information of millions of people who have never committed a crime.
Introduced to Parliament on 25 February 2025, the Home Office-sponsored bill will introduce a range of measures to extend police powers in the UK, including bans on wearing face coverings or using pyrotechnics during protests, and the introduction of “respect orders” to address so-called “anti-social behaviour”.
The Crime and Policing Bill will also enable police to access driving licence information from the Driver and Vehicle Licensing Agency (DVLA), which holds more than 52 million driver records. Access to driving licence information will be controlled by as-yet unspecified regulations to be created by the secretary of state, who will also draft a code of practice about how the information can be made available and used.
The secretary of state will also be obliged to publish an annual report on how driving licence information is being used by police.
While the bill makes no explicit reference to facial recognition technology in the text or supporting documents, the measures are substantively similar to those contained in the previous Conservative government’s Criminal Justice Bill, which then-policing minister Chris Philp said could “allow police and law enforcement, including the NCA [National Crime Agency], to access driving licence records to do a facial recognition search”.
Human rights group Liberty said that although the current Labour government has denied the regulation-making powers contained in the bill’s driving licence information provisions would be used for facial recognition purposes, the proposals – which closely mirror those put forward by the last government – could still enable this invasive use of the technology.
“This would represent a huge step in broadening the use of facial recognition technology away from police databases to everyone with a driving licence,” it said. “Every photo on the DVLA database could be accessed by the police and essentially form a digital police line-up. If this is the intention, then the government should be transparent and invite proper scrutiny rather than sneaking through rights-restricting legislation.”
A Home Office spokesperson told Computer Weekly it was “categorically untrue” that the DVLA database would be accessed by police for facial recognition purposes, stating: “These provisions will have no impact on facial recognition.”
In a written submission to Parliament about the previous government’s attempts to link the DVLA database to facial recognition systems, privacy group Big Brother Watch said it represented “a huge, disproportionate expansion of police surveillance powers that would place the majority of Britons in a digital police line-up, without their consent”.
It added that setting a precedent where police are able to access a non-police database to sift through millions of people’s biometric data “would be deeply concerning” for privacy rights. “In a rights-respecting country, the public would no less expect police forces to access their facial biometrics from the DVLA database than they would expect them to access their DNA biometric from NHS databases,” it said.
Commenting on the proposal in the Crime and Policing Bill, Liberty added that police should never be allowed access to a database containing millions of biometric records of people who are not on a wanted list, have never committed a crime, and did otherwise not consent to the use of their information in this way.
Liberty further added that the proposed code of practice should not be accepted as a safeguard. “There should be primary legislation governing the overall police use of facial recognition. It should not be piecemeal in this way,” it said.
As it stands, the UK has no legislation explicitly covering the police use of facial recognition technologies, although successive governments have repeatedly affirmed it is covered a by “comprehensive legal framework”, which consists of a patchwork of existing legislation.
While there has been limited Parliamentary scrutiny of facial recognition in the form of written questions and answers over the years, there has only been one formal debate on how police are using the technology in Parliament, which was held in November 2024.
This marked the first time MPs openly discussed police use of the tech in the eight years since live facial recognition (LFR) was first deployed by the Metropolitan Police at Notting Hill Carnival in August 2016.
Since that initial deployment, there have been repeated calls from Parliament and civil society for new legal frameworks to govern law enforcement’s use of LFR technology. These include three separate inquiries by the Lords Justice and Home Affairs Committee (JHAC) into shoplifting, police algorithms and police facial recognition; two of the UK’s former biometrics commissioners, Paul Wiles and Fraser Sampson; an independent legal review by Matthew Ryder QC; the UK’s Equalities and Human Rights Commission; and the House of Commons Science and Technology Committee, which called for a moratorium on LFR as far back as July 2019.
Attempts to link facial recognition systems with UK databases created for other purposes have been ongoing for a number of years.
In October 2023, Philp outlined his intention to give police forces access to the UK’s passport database, claiming it would enhance their facial recognition capabilities to help catch shoplifters and other criminals.
While Philp’s proposals were blasted by human rights and privacy groups, UK regulators also took issue. For example, the then-biometrics and surveillance commissioner of England and Wales, Fraser Sampson, told the BBC it was important for police to avoid giving people the impression they’re on a “digital line-up”.
“The state has large collections of good-quality photographs of a significant proportion of the population – drivers and passport holders being good examples – which were originally required and given as a condition of, say, driving and international travel,” he said.
“If the state routinely runs every photograph against every picture of every suspected incident of crime simply because it can, there is a significant risk of disproportionality and of damaging public trust,” added Sampson.
Scottish biometrics commissioner Brian Plastow also said it would be “egregious” to link the UK’s passport database with facial recognition systems, arguing it would be “unethical and potentially unlawful”.
“The suggestion that images given voluntarily to UK government agencies for a specific purpose by law-abiding citizens to obtain a UK passport or UK driving licence should then be capable of being routinely accessed by the police and ‘bulk washed’ against images from low-level crime scenes is neither proportionate nor strictly necessary and would significantly damage public trust,” he said at the time.
