Substantial Public Interest

To use facial recognition lawfully without specific subject consent, processing must comply with the Substantial Public Interest test of the Data Protection Act 2018 (DPA).

It is in the public interest to process personal data to prevent and detect crime, however in order for this processing to be in the substantial public interest there must be a much wider benefit derived from that processing beyond an individual business, site or premises. It is only Facewatch, not clients, that must meet that test as it is only Facewatch that processes facial recognition data.

Because of our unique position as a national data controller combined with our state of the art privacy safeguards we are able to satisfy this test.

Facewatch and GDPR

Queens Counsel

Facewatch has taken advice from Leading Counsel Dean Armstrong QC who has confirmed Facewatch has met the obligations of the DPA.

How Facewatch complies with the DPA

Facewatch as data controller shares and processes Personal Data, Special Category Personal Data and Criminal Offence Data with its business Subscribers. The Data Protection Act 2018 provides that such processing and sharing is justified if certain conditions are met (the relevant conditions are shown in bold below).

In Mr. Armstrong QC’s opinion, Facewatch satisfies those conditions because: (1) it is necessary to provide alerts to business subscribers to prevent or detect unlawful acts; (2) such processing cannot be carried out with consent as it relates to crime prevention; and (3) because Facewatch is processing data on a national level and is demonstrated to reduce/prevent crime in subscriber properties with the further potential to prevent and detect crime it is in the Substantial Public Interest.

cctv camera

Our Role

We have a National Watchlist of Subjects of Interest of which we are the Data Controller. We create a personalised watchlist for every one of our customer’s properties individually, so that you don’t have to worry about the responsibility of taking the sharing decision.

Above all we carefully comply with the 6 guiding Principles set out in Article 5 of the DPA which in summary are:

Personal data shall be:

  1. processed lawfully, fairly and transparently;
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. accurate and, where necessary, kept up to date;
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Over and above these Principles, because we are processing Special Category Data (Biometric Data which includes Facial Recognition algorithms), with our national footprint and expertise we are one of the very few organisations that can comply with the significant additional hurdles, including the Substantial Public Interest test, set for processing this data.

Our expertly trained staff and highly secure systems and processes back up our promise to ensure our compliance with the 6 principles so that you don’t need to worry.

Our Partners

We work with businesses across the country and have had over 10 years of experience creating the relationships and our reputation for honesty and integrity.

We only allow installation of our Real Time Alerting product through Facewatch accredited CCTV installers using equipment that we have tested and vetted for reliability and security to ensure that you, our customers, have the best experience.

Our partners
What we ask of our customers

What We Ask Of Our Customers

We will ensure that once you have input your data to our system we will secure it and look after it in accordance with all legislation. In return we ask you to ensure that:

  • your business is appropriately registered with the ICO
  • you sign and adhere to our DPA compliant legal agreement which sets out our respective responsibilities whereby you are acting as a data controller when inputting and using your data and we are acting as data controllers for the different services available in the system
  • you display our compliant signage when the Real Time Alerting product is installed
  • you ensure staff using the system on your behalf follow the common-sense rules set out in our User Terms of Use which they accept when registering.

If you have any questions relating to data protection please do not hesitate to contact our Data Protection Officer or his team by emailing:

Further Reading
Facewatch Privacy Notice
Data Protection Act 2018
ICO Guidance

facial detection

Why choose Facewatch?

Facewatch is a secure, cloud-based platform that uses Facial Recognition technology to proactively prevent, deter and protect businesses against theft.

  • Global IP

    Facewatch is trademarked globally in most major countries.

  • Secured by Design

    Secured by Design and bank grade security.

  • GDPR

    Fully GDPR compliant.

  • Proven

    Trusted by businesses for over 8 years.

Book a Demo