Augmented Camera Technology and GDPR Compliance: A Comprehensive Guide for Publishers
In November 2023, the administrative courts of Nice, Lille, and Caen issued rulings that provide an opportunity to revisit the GDPR compliance requirements for augmented cameras in public spaces. This article serves as a guide for publishers in this emerging technology sector, emphasizing the legal considerations necessary for compliance.
Augmented cameras represent a significant technological advancement. They integrate video capture with additional sensors like motion detectors and infrared for enhanced capabilities. These cameras, equipped with advanced processing units (either integrated or cloud-based), run sophisticated algorithms for real-time video analysis. They support various user interfaces, including mobile apps and web platforms, facilitating easy access to video streams, alerts, and system interaction. The technology's analytical prowess enables object and individual tracking, facial recognition, and license plate identification, presenting a wide range of applications.
Understanding Augmented Cameras: Legal Considerations
Three key legal areas require attention from augmented camera publishers:
- 1. GDPR Compliance in Personal Data Processing: augmented cameras, due to their advanced capabilities, must adhere to GDPR standards when processing personal data;
- 2. Data and System Security: ensuring robust security measures is critical for protecting the data and systems involved;
- 3. Intellectual Property Protection: safeguarding the proprietary technology and software against infringement.
GDPR Compliance Framework for Augmented Cameras
Currently, no specific law governs the use of augmented cameras, except for the temporary framework under Article 10 of the 2024 Olympic and Paralympic Games Act. Generally, the implementation of these cameras in public spaces is governed by the Code de la Sécurité Intérieure (CSI), which covers all video-protection systems.
Legal Requirements:
- authorization: An authorization file for video-protection systems must be submitted to the prefectural authority or online.
- GDPR Considerations: The CSI categorizes video protection as personal data processing, necessitating GDPR compliance.
- recent ordinances: The importance of these legal frameworks was underscored by recent court rulings, with the CNIL's July 2022 position offering further guidance.
Duties of Augmented Camera Publishers: Advising Clients
Publishers must assist clients in evaluating the legitimacy, legal basis, proportionality, and necessary technical and organizational measures for deploying augmented cameras. This includes determining the necessity of a data protection impact assessment.
Modular Software vs. Separate Applications:
- facial Recognition Concerns: Legal challenges arise particularly with facial recognition features. Recent court rulings indicate that owning software does not inherently lead to individual identification unless specific features are activated.
- prudent Approach: Publishers should install only essential features for clients to minimize non-compliance risks.
Minimizing Liability:
- recent rulings, such as the Court of Caen's decision, emphasize the importance of data deletion in cases of illegal collection. This highlights the publisher's reputational risk.
- publishers should seek compliance validation from data controllers before deployment to limit liability and protect their reputation.
Our IT Contracts, Data & Compliance Department is ready to assist.
For inquiries, please feel free to reach out.