Facial recognition has become part of daily life in many public and private spaces. Knowing when a camera is collecting biometric data is the first step towards understanding how that information may be used.

A camera at a gate, shop entrance, office lobby or event venue does not always mean facial recognition is being used. Some cameras only record footage, while others compare a face with a stored image, watchlist or visitor profile.
Facial recognition is different from ordinary CCTV because it can turn a face into biometric data. South Africa’s Protection of Personal Information Act treats biometric information as personal information linked to identification.
A sign is not enough
“CCTV in use” can indicate that a camera is recording. It might not tell you whether face matching is being used, who has access, how long footage is stored, or whether your image could be checked against another database. A venue that uses facial recognition should be able to explain the reason, the storage period, the privacy contact, and whether another entry method is available.
The camera is only the starting point. What happens after your face is captured, who can search the record, and whether you were told enough before walking past it are equally important.
Why do places use facial recognition?
Facial recognition can be used by businesses, schools, estates, and venues for access control, fraud checks, attendance records or security alerts. South Africa’s Information Regulator explains that biometric information falls under special personal information, which has stricter conditions for processing under POPIA. Its guidance on special personal information sets out when extra care or authorisation may apply.
Private cameras could also raise questions
Doorbell cameras, dashcams and small security systems can record workers, neighbours, drivers and passers-by. Recording evidence after an incident is one thing, but sharing footage widely is another. The same applies to dashcam footage after an accident, where evidence can help you, but there should still be restraint on public exposure.

When software makes the call
Facial recognition can affect access before a person reviews the result. A system may approve entry, flag a visitor, reject a match or create a record linked to a person’s name.
The same concern can be found in hiring, fraud checks and digital admin, where automated decisions can affect access to work, services or accounts. The issue is not only whether the software works, but whether the person has been informed on the decision made and how they can challenge a wrong result.

What to ask before your face is scanned
A clear notice should make the basics easy before your face is scanned. You should not have to search a privacy policy after entry to work out what has been collected.
- Is the scan compulsory, or can visitors choose another entry method?
- Will the scan be used only for entry, or also for later checks?
- Will the record be shared with a security company, landlord, employer or service provider?
- What happens if the system gives the wrong result?
- Who can remove the record when access is no longer needed?
Facial recognition does not need panic or blind trust. It needs clear notice before collection, a proper reason for use, limited access to the record, and a way for a person to choose another entry method where that is possible.
A camera may help with safety, but safety should not mean people lose control of personal information without proper notice. Businesses and organisations that use facial recognition should explain what is scanned, why it is collected, how long the record is stored, and whether another option is available before a face is recorded.






Comments ()