Site navigation

Scottish Government to Delete Biometric Data After Retention Periods

Theo Priestley


Scottish Government biometric data

The Scottish government is consulting on proposals to improve oversight of the use and retention of biometric data, which would see the nation appoint its first biometrics commissioner.

The Scottish government has published proposals which describe the legal framework concerning the acquisition, retention, use and disposal of biometric data for justice and community safety purposes in Scotland.

Under the proposals, which have been met with approval by the Open Rights Group, any biometric data held by and public bodies will be deleted after the defined retention period ends in accordance with data protection and privacy regulations. Currently the UK government have no plans to adhere to this as they claim this is almost impossible to achieve with the systems they have put in place.

The Scottish government will take forward dialogue with COSLA, the Scottish Safety Camera Programme, Transport Scotland, Traffic Scotland and the health and education sectors with a view to enhancing public confidence and trust in the use of biometric data in other public sector contexts through the wider adoption of the general principles contained in the consultation paper.

Human Rights Protected Under New Proposals

The Human Rights Act 1998, which incorporates the European Convention on Human Rights (ECHR) into UK law, sets out the fundamental rights and freedoms that everyone in the UK is entitled to. Because retaining biometric data is deemed in opposition with a citizen’s right to privacy, the Scottish government is taking the approach that following the end of a prescribed retention period all records will be deleted, including those held as backup or copied and stored elsewhere.

The consultation paper discusses at length where the retention of biometric data may be legal after the retention period, for example, in criminal investigations where the duty of care to public safety is paramount and covered not just DNA, fingerprints and custody images – but also biometric data generated by second-generation tech, like facial recognition software, remote iris recognition and voice pattern analysis.

This approach by the Scottish government is unique in the UK because establishing this practice would be in direct contrast to the position in England and Wales, where currently 21 million records containing biometric information and images are retained indefinitely.

“Open Rights Group called for rules establishing an automatic deletion procedure,” said the organisation’s Scotland director, Matthew Rice.

“It is welcome to see them included in the Code of Practice for Scotland and we encourage the rest of the UK to follow Scotland’s lead.”


Theo Priestley

Latest News

%d bloggers like this: