When is a breach not a breach?
The ICO (the UK’s Information Commissioner’s Office) has ruled that virgin trains did not breach data protection laws when it published CCTV footage of Jeremy Corbyn on board one of it’s trains as it determined that in this case it had a “legitimate interest” to do so. Where it did fall foul of the law is when it failed to pixilate the faces of three passengers who were captured in the footage but whose presence was not relevant to the case. Follow the link above to read the full article by Steve Eckersley, Head of Enforcement at ICO.
With GDPR set to replace national data protection laws in May 2018 this case serves as timely reminder that anyone operating video surveillance systems within Europe, or indeed anyone, wherever they are located, processing data on behalf of European customers, will be obliged to comply with these regulations and ensure that the way they collect, store, process and publish video and related surveillance data (e.g. facial recognition) must adhere to GDPR or else they risk a hefty fine of up to 4% of global turnover or €20 million.