Walk into one of more than fifty-five Sainsbury's stores now, and before you have picked up a basket, a camera has taken your face, turned it into a biometric template, and checked it against a watchlist. You did nothing to invite this. You do not have to be suspected of anything. Being a person who wanted some shopping is enough.

Sainsbury's is tripling this, using a system called Facewatch, with a reported plan to add up to 150 more stores before Christmas. I want to be clear from the top that this is not, to my mind, a close call or an interesting trade-off to be balanced. It is a disproportionate, legally shaky, and quietly corrosive piece of surveillance, and the fact that it is being rolled out by a household name rather than a government makes it worse, not better.

Let me also be fair before I am hard, because the fair part matters. Violence and abuse against shop workers is real and serious. The British Retail Consortium's latest figures record around 43,000 physically violent incidents against retail staff in a year — roughly 118 a day — with weapons involved in dozens of them. Nobody stacking shelves should be spat at, threatened, or knifed for a living. The problem is genuine, and Sainsbury's is right to want to do something about it. This piece is an argument about the means, not a denial of the problem. Notably, those same figures show violence and abuse actually fell by around a fifth year on year — before this rollout — which rather undercuts the idea that biometric surveillance of the entire public was the only option left.

What they are actually doing

Facewatch is live facial recognition. It scans the face of every person who walks in, converts each to a numerical faceprint, and compares it against a database of people the retailer — or any other shop in the shared Facewatch network — has flagged as a suspected thief, or as violent or antisocial. If it thinks it has a match, it alerts a member of staff, who is meant to review it before acting.

The trial began in September 2025 in two stores. It is now in over fifty-five. By the company's own account it is highly effective: Sainsbury's and Facewatch cite a 46 per cent drop in theft and aggression in trials, 92 per cent of flagged offenders not returning, an estimated £64 million of theft prevented, and a "99.98 per cent accuracy rate." Facewatch says it sent a record 55,462 real-time alerts across its network in a single month. Sainsbury's stresses that unmatched images are "deleted instantly" and that the system is "not used to monitor everyday customers."

Hold on to that last sentence, because it is the whole trick.

"We don't monitor everyday customers" is not true

To find the few faces on a watchlist, the system must scan every face in the shop. There is no version of this technology that inspects only the guilty. Your face — an innocent shopper's face — is captured, measured, converted to biometric data, and compared against the list. That comparison is the monitoring. It happened to you the moment you crossed the threshold, and it happens to every child, pensioner, and passer-by who does the same.

"We delete the non-matches instantly" does not fix this; it describes it. The intrusion is not the storage, it is the processing — the taking and analysing of your biometrics without your consent — and that intrusion is applied to everyone. Deleting the evidence a second later does not mean it did not happen. A supermarket saying it does not monitor everyday customers while biometrically scanning every one of them is not a reassurance. It is a contradiction.

And this is not ordinary data. A faceprint used to identify you is biometric special-category data — the most protected class there is under UK data-protection law, sitting alongside your health records and your political opinions.

The law is not on their side, and it is not close

Here is the part that should give any board pause, because it is not my opinion, it is the regulator's own guidance.

Under Article 9 of the UK GDPR, processing biometric data to identify people is prohibited unless you can satisfy both a lawful basis under Article 6 and a separate special-category condition under Article 9. One does not substitute for the other. For a shopper walking in off the street, consent is impossible — you cannot meaningfully consent to something that has already scanned you — so the retailer has to reach for the "substantial public interest" condition. The ICO says that condition must be "real and of substance," backed by "specific arguments about the concrete wider benefits," genuinely necessary, data-minimising, and supported by an appropriate policy document in place at the time.

Then read what the ICO says specifically about this kind of deployment. In its facial-recognition guidance, the regulator warns that "it may be more difficult for you to justify processing images of large numbers of individuals to only identify a few." That is not a general caution. That is a precise description of a supermarket scanning thousands of innocent shoppers to catch a handful — written by the body that enforces the law, as a warning against doing exactly this.

It is not a hypothetical, either. In March 2023 the ICO investigated Facewatch and found it had breached data-protection law — including the first principle, lawfulness, fairness and transparency — concluding the company had failed to balance its commercial interest against the rights of the people it was scanning. It was allowed to keep operating only after making changes. The regulator has since restated, plainly, that facial recognition "does not operate in a legal vacuum" and must be lawful, fair and proportionate.

And the leading court authority points the same way. In R (Bridges) v South Wales Police, the Court of Appeal ruled police live facial recognition unlawful, partly because there was "too broad a discretion" over who ended up on the watchlist. Sit with that. If a police force — with statutory powers, published policies, and public accountability — could not lawfully run this because the watchlist rules were too loose, how does a supermarket chain, enrolling people on a shared commercial blacklist on a shop worker's hunch, with none of that oversight, end up on firmer ground? It does not. It ends up on weaker.

The watchlist is the real scandal

Strip away the cameras and the cleverness and you are left with a private blacklist, and that is the part that should trouble people most.

By Facewatch's own admission, "no criminal conviction is required" to be added. You do not have to be charged. You do not have to be tried. A member of staff forming a "reasonable" suspicion is the threshold, subject to an internal company review — not a court, not a magistrate, not anything you would recognise as due process. Historically the net was cast alarmingly wide: Facewatch's former policy allowed people to be added for non-criminal behaviour such as begging and street drinking, and campaigners documented people listed over accusations of theft worth as little as a pound. That policy was tightened after the ICO's 2023 findings — but the fact it was ever the design tells you what the system is comfortable with.

Once you are on it, campaigners at Privacy International report there is no notification and no real appeal. You may be flagged, followed, and refused entry across a network of shops, in effect blacklisted from ordinary commercial life, and never be told why or given a route to clear your name. We would not accept that from the state. We are being asked to accept it from a grocer.

"But there is a human in the loop"

The retailer's answer to all this is that a person reviews every alert. It is not the safeguard it sounds like, and there is evidence.

In May 2024 a nineteen-year-old — reported as "Sara" — was wrongly flagged in a Home Bargains store and accused of shoplifting she had not done. Facewatch admitted that both its technology and its human "super-recogniser" had produced the error. The human reviewer is not a backstop that catches the machine's mistakes; the human reviewer is part of the same failure. The shopper Warren Rajah, wrongly flagged in a Sainsbury's-linked incident and told it was "human error," is the same story.

And treat the "99.98 per cent accuracy" claim with the scepticism any unaudited vendor number deserves. Even taken entirely at face value, at supermarket footfall you are scanning millions of faces, and 0.02 per cent of millions is thousands of wrongly flagged, entirely innocent people — each one a person accused in front of other shoppers of being a thief. Worse, the errors are not evenly spread. Repeated large-scale testing by the US National Institute of Standards and Technology has found facial recognition is measurably less accurate for women, for older people, and for people with darker skin. The mistakes fall hardest on the people already most likely to be wrongly suspected. A system that is 99.98 per cent accurate for me and much less so for someone else is not a neutral machine.

Effectiveness is not the same as lawfulness

Here is the move the retailer keeps making, and it should not be allowed to land. Every defence of this system is a claim about whether it works — the 46 per cent, the £64 million, the 92 per cent. None of it addresses whether it is lawful and proportionate, which is a separate question the law answers on its own terms.

Plenty of intrusive things work. Reading everyone's post would cut crime. Fingerprinting every visitor would help too. We do not do these things — not because they would be ineffective, but because our law has decided that some tools cost the rest of us more than they are worth, no matter how well they perform. Proportionality is the whole point. A company that keeps answering "but it works" is answering the only question it can win, and hoping you do not notice it is the wrong one.

The problem is real. This is the wrong answer to it.

None of this leaves shop workers unprotected, and it is not an argument for doing nothing. It is an argument for doing the lawful, unglamorous things that actually target the harm: staff on the floor, decent security presence, better store design, a police response that turns up, sharing intelligence on actual convicted prolific offenders through proper channels, and prosecuting the people who assault staff. Those are targeted measures aimed at the guilty. Blanket facial recognition is the opposite — an untargeted measure aimed at everyone, most of whom have done nothing.

For any other business watching this and wondering whether to follow: the lesson is simple and it is mostly a warning. If you are tempted by biometric monitoring of any kind — facial recognition, fingerprint clock-ins, the lot — understand that you are handling special-category data, that consent is usually unavailable, that a data-protection impact assessment is mandatory and has to actually conclude the thing is proportionate rather than rubber-stamp it, and that "it is effective" and "we delete the non-matches" are not defences. If you cannot clear the bar the ICO has already set out, the correct answer is not to find a cleverer justification. It is not to deploy it. Restraint is the control.

The bit that should worry you most

A supermarket has decided that the price of a pint of milk now includes surrendering your face to a private biometric database, on the off-chance you are one of the guilty few. That is not crime prevention. It is the normalisation of suspicion as the default condition of walking into a shop.

The law already says this is disproportionate. The regulator has already found this company wanting once. The only real question is whether "but it works" is allowed to bulldoze all of that — because if we decide a shop may scan every face at the door, the door is the least of what comes next.