Facial recognition technology (FRT) identifies or otherwise recognises a person from a digital facial image. Businesses can use FRT in a variety of contexts - for example, in allowing access to devices, taking payments, or allowing entry to secure areas.
Depending on the use, FRT involves processing personal data, biometric data and special category personal data. Such technologies can intrude on people's privacy, so businesses need to think carefully when deciding if they should implement them.
If you are a small business looking to begin using facial recognition technology, read the ICO's latest FAQ about using FRT for payment, entry, or other security systems.
The information highlights key issues to be aware of, such as:
- what you need to consider before using this technology;
- when you must complete a data protection impact assessment;
- how to identify and satisfy a special category condition; and
- what to include in your privacy notice if you use FRT. See: [Additional considerations for technologies other than CCTV | ICO](https://ico.org.uk/for-organisations/guide-to-data-protection/key-dp-themes/guidance-on-video-surveillance-including-cctv/additional-considerations-for-technologies-other-than-cctv/#frt)
From October 2025, businesses that fall under the UK’s Extended Producer Responsibility for packaging (pEPR) scheme will receive their first invoices, covering the period from 1 April 2025 to 31 March 2026.
The Financial Conduct Authority (FCA) has launched proposals that could see the £100 limit on contactless card payments raised - or even removed altogether. If agreed, shoppers may soon be able to pay for larger supermarket trips or restaurant bills with just a tap, without needing to enter a PIN.