Skip to content

Now You See Me?: Advancing Data Protection and Privacy for Police Use of Facial Recognition in Canada

October 2021

Facing the Realities of Facial Recognition Technology

Executive Summary

Law enforcement in Canada is increasingly turning to facial recognition in hopes of augmenting their investigative powers. Facial recognition is the process of identifying a person or verifying their identity on the basis of facial data and patterns.

There are numerous accuracy challenges associated with facial recognition technology that can exacerbate historical prejudices and stereotypes, especially when deployed at a large scale. Studies demonstrate that facial recognition algorithms discriminate against elderly people, children, women, racialized people, as well as the LGBTQ2S+ community. Overconfidence in the technology can lead to serious, and at times devastating, consequences for marginalized individuals.

The technology also threatens the right to anonymity, privacy, and substantive equality. The police can use facial recognition to arrest someone after an alleged crime has occurred by comparing images with a watchlist or general image database. They can also conduct the same comparisons in a live setting, for example, through CCTV cameras, tracking people’s locations and movement in real-time without the knowledge or consent of those being surveilled. In either case, facial recognition poses significant threats to privacy, fundamental freedoms, and other human rights.

It is in this context that the RCMP decided to use the services of data scraping and facial recognition company Clearview AI on a trial basis, ultimately leading Canada’s federal, provincial, and territorial privacy protection authorities to jointly develop guidance for police agencies across Canada on facial recognition. The guidance document outlines the current state of the law in Canada regarding police use of facial recognition and encourages best practices around privacy impact assessments, accuracy, data minimization, purpose limitation, data security, retention, openness and transparency, individual access, and accountability.