Biometrics Strategy 2025–2030: Why “Public Trust” Can Still Mean Permanent Data for the Unconvicted

What this strategy really changes

Biometrics is no longer just fingerprints and DNA. The draft pulls in facial images and other biometric data from CCTV, body-worn video, VIPER identification procedures, drones, digital forensics, and evidence-sharing systems. This is a full pipeline: collect, store, search, match, share, and delete.

When legislation is silent, policy expands

The draft acknowledges a lack of primary legislation governing the acquisition, retention, sharing, use, and deletion of facial images, with reform deferred to a future review.

That distinction matters. Law is debated, constrained, and enforceable through courts. Policy can be rewritten internally, quietly, and at pace. If long-term biometric retention rests mainly on policy rather than statute, the public is being asked to trust an evolving internal rulebook with permanent consequences.

Deletion and audit are the whole ball game

Public trust depends on two unglamorous capabilities: deletion and audit. Can the system reliably delete data when it should, and can it prove who accessed data, when, and why?

The draft itself states that Police Scotland and the SPA will “seek technical solutions” for biometric systems with limited or lacking “weeding capacity”, and for systems with limited audit and logging. This wording appears in the strategy’s own description of current capability gaps. It is a quiet admission that key safeguards may not yet be consistently enforceable across all systems.

Where deletion and access trails are unreliable, retention becomes a one-way ratchet: easy to collect, hard to remove, hard to challenge.

Where a system cannot reliably delete and audit, it should not be allowed to expand collection on the promise of future fixes.

Why this hits false sexual allegations especially hard

Sexual offence allegations carry unique procedural and social weight. Even without conviction, the consequences can be severe: employment, housing, relationships, and mental health. In that context, state data practices matter more, not less.

This is why accused.scot pressed for non-conviction safeguards: clear retention limits, automatic review points, deletion following collapsed cases, and meaningful independent oversight.

“Maximising technology” can mean maximising harm

The draft commits to expanding facial matching capabilities, improving custody image quality, and widening biometric data sharing. It also references future developments such as Live Facial Recognition.

This is not an argument against modern investigative tools. It is an argument that stronger tools require stronger controls: clear legal footing, measurable performance standards, independent auditing, and enforceable deletion rules.

Sharing makes mistakes travel

The strategy outlines local, national, and international sharing routes, including cross-border arrangements and Prüm 2.

If data is shared before it is properly reviewed or weeded, it can become effectively permanent even if the original allegation collapses. Trust is being asked for on credit, but the credit is paid by the unconvicted.

What real public trust would look like

The draft promises more published statistics and a joint Biometrics Annual Report. Good. But trust requires answers to uncomfortable questions.

These are not abstract ideals. They should be treated as a standing litmus test for every Biometrics Annual Report published from this point onward.

The long game: record, resist, repeat

Biometrics policy will expand because it is framed as efficiency and safety. The only counterweight is enforceable limits: law, retention rules, deletion triggers, and independent audit.