The Hamburg police has informed the Hamburg Commissioner for Data Protection and Freedom of Information (DPA Hamburg) that they have now deleted the biometric database created with the help of facial recognition software during the investigations into the G20 riots.The reason given by the police was that the database was no longer required under criminal law with regard to the G20 riots. The Hamburg DPA after having examined the data processing by the Hamburg Police expressed serious concerns about the logging practice of the police when accessing the biometric database. The entire complex dates back to November 2017.At that time, the police had begun criminal investigations into the events of the G20 summit, using face recognition software to automatically measure the faces of all persons identifiable in the material from uploaded private recordings, policeowned videos, video material from suburban train stations and from the media to create machinereadable templates. These face templates were stored in the now deleted database and used to automatically compare them with templates of individual suspects in the past.In July 2018, the DPA Hamburg pointed out to the police that there was no sufficient legal justification for the biometric analysis of faces that could justify such intensive encroachments on fundamental rights of the large part of bystanders and other completely uninvolved persons.In August 2018, the DPA Hamburg objected to the procedure. In December 2018, it finally ordered the Senator of Interior to delete this database. Following an objection by the Senator of Interior, the Administrative Court of Hamburg (VG Hamburg) overturned this order on the grounds that the DPA Hamburg lacked the competence to review the relevant legal basis and that the automated face recognition could be based on a general provision in the Federal Data Protection Act (Bundesdatenschutzgesetz).The DPA Hamburg has applied for permission to appeal to the Hamburg Higher Administrative Court (OVG) against the judgment of the VG Hamburg of 23 October 2019 (Case No. 17 K 203/19). Johannes Caspar, the Hamburg Commissioner for Data Protection and Freedom of Information, commented:”The recent deletion of the biometric database by the Hamburg Police is very welcome. However, it remains questionable whether it will put an end to the procedure that has been controversially discussed since 2018. According to the current state of affairs, the law enforcement authorities in Hamburg have the de facto and, according to the ruling of the Hamburg Administrative Court, the legal possibility to regularly use the technology of automated facial recognition.The police has repeatedly stated that the use of automated facial recognition technology is also being considered for other major future events in Hamburg. However, the considerable dangers of this technology for a free society and the private sphere have been critically discussed worldwide, and not only since the massive collection of facial templates by the US company Clearview.Special legal requirements for the permissibility of the use of this technology for criminal prosecution are necessary as a minimum, especially in order to effectively protect the rights and freedoms of people, most of whom are never suspected of having committed any crime. These provisions are still missing. In this respect, a more extensive judicial clarification of the central questions is to be striven for.”