Summary
Facial recognition technology has rapidly expanded in recent years, gaining importance in both public security and business environments. Its main appeal is speed, convenience, and stronger protection. The ability to identify individuals without physical contact supports crime prevention, reinforces access control, and improves efficiency in areas such as financial services, retail, and corporate facilities. For citizens and companies, these features mean safer transactions, more reliable authentication, and streamlined operations.
At the same time, the qualities that make technology valuable also generate risks. Mass surveillance, wrongful identifications, and exposure of sensitive biometric data raise serious concerns about privacy and accountability. Unlike passwords, biometric information cannot be reset after a breach, which makes misuse especially harmful. These problems have already appeared in Brazil, with cases of data leaks and challenges in police use, highlighting the urgency of well-defined limits and safeguards.
The General Data Protection Law (LGPD) addresses these challenges by classifying biometric data as sensitive and requiring strict protections. Yet the fast pace of adoption often moves ahead of regulation, creating gaps in compliance and oversight.
Understanding how facial recognition works, its main applications, and the vulnerabilities linked to misuse provides essential context for businesses and individuals. It also opens a discussion on its role in public security, private sector use, and the legal and ethical measures needed for proper deployment.
This Content Is Only For Subscribers
To unlock this content, subscribe to INTERLIRA Reports.
Facial Recognition: An Overview
Facial recognition is a biometric technology that identifies or verifies individuals by analyzing facial features from digital images or video frames. It operates by detecting key facial landmarks—such as the distance between the eyes, nose width, and jawline shape—and converting these measurements into a unique digital template, often referred to as a “faceprint”.
This technology has gained prominence due to its contactless nature and the increasing demand for seamless security solutions. Unlike traditional methods like passwords or PINs, facial recognition offers a non-intrusive and efficient means of authentication, making it particularly appealing for applications in smartphones, access control systems, and digital onboarding processes.
In the context of public security, facial recognition systems can be deployed in real-time (Live Facial Recognition) or retrospectively (Retrospective Facial Recognition). Live systems compare individuals’ faces against a watchlist in real-time, alerting authorities to potential matches, while retrospective systems analyze recorded images after an incident, for example to help solve crime.
Despite its advantages, the deployment of facial recognition technology raises significant ethical and privacy concerns. Issues such as data security, potential for misuse, and the need for robust legal frameworks to govern its use are central to ongoing debates. These concerns underscore the importance of establishing clear regulations to ensure that the benefits of facial recognition are realized without compromising individual rights.
Understanding these aspects sets the stage for examining the specific applications of facial recognition in public security, where its impact is most pronounced.
Applications for Public Security
Facial recognition has rapidly become a central tool in public security strategies across Brazil, with major cities such as São Paulo and Rio de Janeiro investing heavily in AI-driven surveillance networks. Technology is applied in several ways: real-time monitoring of public spaces, identification of suspects during major events through integration with police databases for rapid response. A recent case in São Paulo demonstrated its effectiveness when a homicide fugitive was captured in the Brás district only four hours after a warrant was issued, thanks to alerts generated by a facial recognition system, reinforcing both public security and citizens’ confidence in faster police responses.
In Rio de Janeiro, the government has expanded its AI surveillance network, combining fixed cameras and mobile units to monitor high-crime areas and critical infrastructure. Furthermore, facial recognition drones were deployed during Carnival 2025 to monitor crowds, preventing incidents in one of the largest mass gatherings in the world. The Smart Sampa system in São Paulo follows a similar approach, sparking debates about transparency but showing clear operational value for law enforcement. These examples illustrate how technology supports both preventive and reactive policing, from tracking individuals with outstanding warrants to enhancing situational awareness during large-scale events.
Despite these successes, vulnerabilities remain. In 2024, cameras equipped with facial recognition were stolen in Rio’s Complexo da Maré, raising concerns about accountability and data protection, and reminding businesses that physical security and governance are as critical as the technology itself. These challenges emphasize that while technology has the potential to revolutionize policing, it must be accompanied by robust governance and cybersecurity practices.
While these experiences underline the value of facial recognition for public security, they also anticipate its growing role in the private sector, where corporations and residential complexes pursue similar advantages but encounter equally significant risks. This shift leads directly to the discussion of private security applications.
Private Security: Benefits and Risks
Facial recognition has been increasingly adopted in corporate and residential environments as a tool for access control, fraud prevention, and monitoring of critical environments such as condominiums, office buildings, and places attending to the public. Technology offers several advantages as it eliminates the reliance on physical credentials such as badges or keys, reduces the risk of impersonation, and enhances operational efficiency by automating identification processes. In environments where security is a priority, such as residential complexes or logistics hubs, facial recognition can provide a stronger sense of protection to residents, employees, and customers.
However, the risks associated with this technology are far from negligible. A recent incident in the city of Jundiaí, São Paulo, illustrates the vulnerabilities of such systems. Hundreds of residents from condominiums managed by a third-party security company had their personal data—including identification documents, photographs, addresses, and phone numbers—leaked on the dark web and in Telegram groups. For residents, the exposure resulted in direct threats such as false kidnapping calls, while the company responsible was affected by reputational damage and loss of client trust. According to information security experts, the data may have been obtained through system intrusions or by exploiting employee credentials, revealing risks that affect both individuals and businesses alike.
This case exemplifies how the benefits of facial recognition, when not paired with strong governance and cybersecurity practices, can quickly turn into liabilities. Biometric data, unlike passwords, cannot be simply reset after exposure, making the consequences of a breach particularly severe. Therefore, while corporations may view facial recognition as a way to modernize and strengthen security, the potential for misuse and data leaks must be addressed through stringent legal and protection frameworks. This naturally opens the discussion of how existing regulations—particularly Brazil’s General Data Protection Law (LGPD)—govern the collection, storage, and protection of biometric information.
LGPD and Biometric Data Protection
Facial recognition systems process biometric data, which is classified as “sensitive personal data” under Brazil’s General Data Protection Law (LGPD). This categorization requires companies and public entities to apply strict safeguards, ensuring collection and processing are justified, proportionate, and transparent. However, the rapid adoption of facial recognition in both public and private spaces has revealed gaps in compliance and enforcement.
Recent cases illustrate the challenges. Condominium residents have resisted mandatory enrollment in facial recognition systems, questioning whether such practices respect their right to consent and whether less intrusive alternatives were considered. In other contexts, fraudulent use of biometric data in government platforms has exposed vulnerabilities in identity verification processes, raising concerns about the adequacy of security controls. These incidents demonstrate that, while the LGPD provides a legal framework, its practical application in biometric systems remains uneven.
For businesses, compliance means more than avoiding penalties: it requires investing in cybersecurity, conducting regular system reviews, and maintaining transparent communication with clients. For individuals, it is essential to understand how data is collected, exercise the right to consent or refuse, and know how to report misuse. Protecting biometric data is therefore both a legal duty and a matter of trust, which in turn leads to a broader debate on governance and future perspectives.
Governance and Future Perspectives
The growing use of facial recognition technologies in Brazil demonstrates the urgent need for stronger governance and long-term strategies. While the LGPD provides a legal foundation, the pace of technological deployment often outstrips regulatory adaptation. This imbalance creates uncertainty for companies, public institutions, and citizens, exposing gaps in accountability and oversight.
Effective governance requires coordinated action between regulators, the private sector, and civil society. Practical measures include limiting the storage time of biometric data, commissioning independent audits, and preparing clear response plans for security incidents. These steps reduce risks while building trust with users and clients. At the same time, transparency reports and consistent oversight help citizens understand how their data is used and protected.
Looking ahead, organizations must recognize that the debate around facial recognition is not solely legal or technological but deeply connected to ethics and human rights. Embedding privacy and security principles into the design of systems, rather than treating them as afterthoughts, is essential for responsible innovation.
Ultimately, the future of facial recognition will depend on striking a balance between innovation and the protection of fundamental rights. The adoption of solid governance practices is not just a regulatory necessity but a strategic imperative for sustainable adoption. Achieving this balance will determine whether facial recognition becomes a tool for progress or a threat to fundamental rights and individual freedoms.
