Capturing Biometric Data
Background to GDPR
The General Data Protection Regulation (GDPR) is a piece of European-wide data protection legislation that becomes fully enforceable in May 2018, following a 2-year grace period. It was approved by the European Parliament in December 2015 and subsequently published in the EU Official Journal in May 2016. It will replace EU data protection directive 95/46/EC and country legislation such as the UKs Data Protection Act.
The act recognises that rapid technological developments and globalisation have transformed both the economy and social life. People are increasingly making personal information available publically and globally and that the free flow of personal data within the EU and globally must be facilitated whilst still ensuring a high level of protection of this data.
The shooting this week of a 40-year-old Australian woman, Justine Damond, by a Minneapolis Police Department officer has highlighted once again the shortcomings with Body Worn Cameras (BWC). In a case where everyone is searching for answers as to why a woman in her pyjamas was shot dead by a police officer, the body worn cameras, issued to both the officers in the vehicle and which should have provided the answers, were not active. Continue reading
When is a breach not a breach?
The ICO (the UK’s Information Commissioner’s Office) has ruled that virgin trains did not breach data protection laws when it published CCTV footage of Jeremy Corbyn on board one of it’s trains as it determined that in this case it had a “legitimate interest” to do so. Where it did fall foul of the law is when it failed to pixilate the faces of three passengers who were captured in the footage but whose presence was not relevant to the case. Follow the link above to read the full article by Steve Eckersley, Head of Enforcement at ICO.
With GDPR set to replace national data protection laws in May 2018 this case serves as timely reminder that anyone operating video surveillance systems within Europe, or indeed anyone, wherever they are located, processing data on behalf of European customers, will be obliged to comply with these regulations and ensure that the way they collect, store, process and publish video and related surveillance data (e.g. facial recognition) must adhere to GDPR or else they risk a hefty fine of up to 4% of global turnover or €20 million.