The government's failure to legislate over biometric data led to the practice of police routinely uploading innocent people's photos onto their facial recognition database, a parliamentary committee has said.
The science and technology committee warned that while there are clear benefits to storing and analysing biometric data, which includes technology like DNA, palm printing, facial and iris recognition, the government has repeatedly failed to put guidelines in place, meaning the practice is a legal minefield with no oversight.
The severity of this "governance gap" came to light in February, when it was revealed that police in England and Wales had uploaded at least 18 million mugshots to its facial recognition database - despite the fact that many are of innocent people.
MP Andrew Miller said: "We are not against the police using biometric technologies like facial recognition software to combat crime and terrorism. But we were alarmed to discover that the police have begun uploading custody photographs of people to the Police National Database and using facial recognition software without any regulatory oversight - some of the people had not even been charged."
Other than the Protection of Freedoms Act 2012, which does not extend to photographs, there is no law against the police's actions.
However, it is a dubious legal area which the government, and the police, have been aware of for at least two years but have failed to act upon, the committee said.
Miller added: "In 2013, my committee was told by the government to expect the publication of a strategy by the end of the year. We were therefore dismayed to find that, in 2015, there is still no government strategy, no consensus on what it should include, and no expectation that it will be published in this Parliament."
Police were alleged to have been trialling facial recognition technology following the London riots in 2011.