Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.

The decision is controversial following successive bans of this technology in US cities. The technology is widely used in China.

The new application of facial biometric screening will allow Swedish police to compare facial images from closed-circuit TV footage to an existing biometric database of over 40,000 pictures. Facial recognition software can be more effective than human screening and is certainly faster. That is the same principle applied with fingerprints and DNA.

According to the Swedish authority, the processing and storage measures comply with Sweden’s Crime Data Act and the EU’s Data Protection Law Enforcement Directive (GDPR).

The point of controversy is that the GDPR usually assumes the consent of the subject in the use of personal data. However, the EU directive provides some scope for data processing on crime and criminals, limiting the collection and international transfer of personal data, as well as their use by authorities.

For the private sector, consent must be more explicit and the scope for the application of such data much more limited. But there are reasons for scepticism. In London King’s Cross and Dublin Airport, data recognition has been used indiscriminately, while no EU data protection authority fined a company for breaching GDPR.

As this technology is more widely used by the private security sector, companies will probably be required to offer alternatives to customers and employees. The European Commission has been exploring ways to limit the use of facial recognition technology by both companies and public authorities.

European citizens are likely to be given the powers to know when their facial recognition data is used with few exceptions. The incoming President of the European Commission, Ursula von der Leyen, has said she will unveil legislation within her first 100 days in office that will streamline the application of the technology so as to guarantee a single European approach on the use of artificial intelligence.