GDPR / ICO Complaint Filed Against Dahua

By: IPVM Team, Published on Jun 27, 2019

ICO GDPR Dahua Complaint thumbnail

IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show.

In this post, we explain the reasoning behind the complaint and the difference between this one and the one we made last year, including:

  • Complaint Cause
  • Conference vs Exhibitors
  • Most Egregious
  • Previous Dahua GDPR Claims
  • Reasoning

Overall, we hope our case adds clarity on how facial recognition can be used under GDPR.

ICO GDPR Dahua Complaint thumbnail

**** *** ***** * GDPR ********* ******* ***** UK's ****** *********** ********* at ***** ***** ****** this ****'****** ****.

** **** ****, ** explain *** ********* ****** the ********* *** *** difference ******* **** *** and *** ***** **** **** ****, *********:

  • ********* *****
  • ********** ** **********
  • **** *********
  • ******** ***** **** ******
  • *********

*******, ** **** *** case **** ******* ** how ****** *********** *** be **** ***** ****.

[***************]

**************

** ***** ****, *****'* booth (***** ** ******* on **** **) ******** live ****** *********** ***** filmed ****** *** ******** their *****, ********** *** results ** * ** screen:

***** ********* ****** *********** on **** ******** ****, attempting ** ***** **** or ********* **** ** a '********' ** *** excerpt ***** *****:

*******, ***** *** *** obtain *** ******* ** people ********, *** *** it **** *** ************* for *** ********** **** IPVM ********. ********, **** saw ** ***** **** Dahua ********** ********** ********** was ****** ***** ******.

****, ** *** *******, is * ***** ********* of *** ****, ************ * ************* ********** ****** *** a *** **********.********* *** **** ********* that * ***** ** a ******** ********** ***** conceivably ***. *** **** states ********** ********** ** permissible **:

*** **** ******* ***given ******** ******* to the processing of those personal data for one or more specified purposes

*********, ** **** ***** a ********* ******* ***** for ********* *** **** to *** **'* **** protection ****** -*** *********** ************'* ******(***) - *** ************* ********* ****.

IFSEC ********** ** **********

** ****,**** ***** * **** complaint******* *****'* ********** (***) after ** ******** ***** and ***** ******* ****** recognition ***** ******* ***** consent **** *********.

*** *********** *** *********** *** ***** **** IFSEC ********** **** *** responsible *** *** ******' demos. ******, ** *** the ********* ***** *** demos ********** **** **** liable. **** ** *** this ****, ** ***** the ********* ******* ***** UK, *** *****.

Dahua **** *********

**** ***** **** ***** facial *********** **** *** the **** ********* ** violation ** *** ****. Other ****** *********** ********* at ***** *** ** disclosures ** ******* *** people's *****. ********, ***** video ************ ************* **** Axis, *********, *** ****** (Hisilicon) *** *** ******* live ****** *********** ** all.

Dahua **** '*********'

***** *** **** ******* GDPR ****** ******, ************ when **** **** *************** *** ** ******* had **** "*********" ** GDPR ********* ** *** Rheinland, * ******* ****** company:

Image

** ** *********, ** ******** *** be **** ********* *** the **** ****** ****** that ************* ******* ** not ****** **************** ** any ***. ************, ***** firms **** ****** ******* GDPR ************** ** ****, including******************.

*********

******* ********** ********** ***** strictly ********* ** *** GDPR, *** ** *** no ***** ****** *********** law ** *********** - something *** **'* ************ camera ************,**** ******,*** ****** ***.********, ***** **** ** just **** * **** old, ***** *** ***, if ***, *********** ***** showing *** ****** *********** should ** **** ** practice.

*** *** ** **** complaint ** *** *** UK ********** ** ******* when *** ***** ****** recognition ** ***********, *** how ** ***** **** an ************ ***** ** without ******'* ******* ** a ***** ****** ******** case.

**********

** **** ****** **** post ** *** **** makes *** *** ******* the ******. **** ****, the ********* **** ****** to ***** * ********** so ** **** ****** as *** **** ********.

Comments (26)

** ***** *********** ** the (****) ****** **** security ***** ***** *** going ** **** **** click-wrap ********** **** *** register **** **** "* give ** ******* ** be ****** *** ************* analyzed".

** *****, ** *** UK, *** *** ***** that ** *** *** responsibility ** **** ********** exhibitor, ****** **** *** show ******. ** *** ****** **** GDPR ********* ******* *****, Decides **** ********* *********** ****'* ******** ***** *** show (******* **'* ***** or *** **** ** whoever ** *** *** 'data *********' ** *** facial *********** ******* **** exhibitors ***, ** ** the ********** **********).

** *****, ** *** UK, *** *** ***** that ** *** *** responsibility ** **** ********** exhibitor, ****** **** *** show ******.

**********, ****** * ***** think **** * "*******" the ***** ***** ***** exhibitors ** ** ********* the ********** ******** *** gathering ***** *******.

** ***** ** ******** difficult, ** *** **********, for *** ********* ** handle **** ** ***** own ** **** **** to *********** ****** ********* openly ** ***** *****. You ***'* ******** *** booth *** *********** ******* without ****** ** ******** and ******** ** *** cameras ** **** *****.

*******, *** ** ********* even **** ***** *** potential ********** ****** **** could *** ****, ** the **** ********* **** not ******* * "***-*****" notification?

*** ****** *****, * think *** **** ***** to ****** **** * way ** ******* ****** consent, ** *** (*** patrol/enforce) ********** **** ********** anything **** ******** ****.

**** **** **** ********, no ****** ****** ** be ***** **** ****** like * ******* *********, subscription *********

* ******** **** *** on ****. * ***** it ** **** *********** to *** ************-******* **** cases ****** *** ******** this ***. ** **** already **** **** ****** of ************* ** *** ICO ** ****** "*********" claims, **** **** ****** up ** ********. 

* ***** *** ******* kick-back ** ****'* ***** complaint *** **** *********** and *******.***** *** **** early *********** **** *** governing ****** ***** **** down ******* **** ** anyone ********* ****. ** have *** ****, ** least ** *** ********, evidence ** *** ********.

*******, *****, *** ******, have ** **** ** this ***** **** **** is * "*****", *** they ***** *********** ** violating **** **** **-***** demos. ** ** *** like **** ****** **** into ******* * ****-*** test ** *********, ** filed **** ** *********** guesses.

** ** *** **** IPVM ****** **** **** running * ****-*** **** on *********, ** ***** this ** *********** *******.

******, *** ********, ***** and ********** **** ** were ************* **** *** that ** *** ***** last ****. *** **** IFSEC ****** * **** this **** ********* / warning **** ********** ***** be ****** *** ******* to ** ****** ***********:

***, *******, *** ** that, ***** ***** *** facial *********** *** ***** made ** ******* ** get *******.

*’* ***** **** *** in **** ** *** proviso **** *** ******* in *** **** ** a ************ ******** ***********.  If **** **** **** was ** * ******** mall *’* ** **** you, *** ** * security ***** **** *** a ******!

** * ******** ***** show *** * ******!

** ** ******** **** security ***** ***** *** not ******* ** ********** processing *****, **** ***** be *********** ** ***. ***'* see **** *** *** says. **** ** *** point ** ****** ** that *** *** *** give **** ******** ***** how ***** ***** *** applied ** ********.

* ** ********** ** question *** ***** ** paying *** ************ **** to ****. ******* **** this *** *** ******** to ** ** * member.  

**** **** **** ****** - ** ***** *******, we ** *********, ** develop ******** (*.*., *** Calculator), ***. ** ****** one ***** *** *** of **. **'* **** a ******, *** **** is *** ** ****** everyone ***** ********** ********, it ** ** ****** we ******* ****** ******* value ** ******* *** cost ** ********** *** what ***** ****** *** will **** ** *** member.

#*, ** ***** *** specific ****** ** *** not ***** **** ***** provide ***** ** ***, please *** ** **** here.

************* ********:

** ** * ********* even ** **** ********** doesn’t ****?

***** ***** ** *** cover ********* ********** **** as ****** ***********, * Dahua ** ******* *** pointed *** ** ******** that ***** *** **** a ***** **** ****** inside ***** *****, ** the ****** ***** ****:

*** *** **** ** to *** ***** ****:

***********, ** **** *** even ******* *** ****** recognition **** ***, **** 'facial ******'.

*********** ***** ** *** Galaxy

**** ****. ***** ******** companies **** ** ** held *********** ** *******. Too **** **** *** being ****** ** ***** multinational ******* ********* **** virtually ** ************. ** a ** ******* **** to ***** *** *********** Chinese *** **** ***** certainly ** **** *********** there.

** * ** ******* went ** ***** *** disregarded ******* *** **** would ********* ** **** accountable *****.

** ********* ******** ******* a ******.

****** ** ***** ****** were ********** ********* ****, including ****** ***********.

***** *** ****** **** Dahua *** **** ******* out ** **** **** staff **** (******** ** have ****) ***** ** leave *** ***** ** that (********) ********* **** out ** ********** ** prevent **** ***** **** going ** ***** ***** or ******* ** *****?

*** **** *** **** this **** *** **** poorly ********...

**** (********) ********* **** out ** ********** ** prevent **** ***** **** going ** ***** ***** or ******* ** *****

#*, ****? *********, ***** do *** *** ***** 'rumors' ****? *****, **'* completely *****. ******, ********* talked ** ** ** their *****. *****, ** actually********* **** ** *** IFSEC ******:

********* *** *** **** knowledgeable ** *** ******* companies **** ***** **** about *** **** ******

** * ****** *** diligence ****** ******** *** obviously ***** ******, **** enough #*?

* **** ** **** if *** ******** * made **** **** ** they **** *** **** rumours...  **’* * ******, clearly ****** ** **** - *** ***’* ** due *** ** *******.  

***** ** **** ** not *** **** ** course ** **’* **** for *** ** *** to ******** **** ** there’d ** ****** ** read ;) 

** *** ***** *** your *****/*********** ** ***** the *****?

*** ***’* ** *** dil ** *******.

** ******, *** ***. I ****** **** ** my ****** *** **** school *********, *********, ** industry ******* **** ******** can.

*** ***** '*****' ***: Hikvision *** ** ********** against **** *** ***** 2019. **** *** *** do ** *****? ****** IPVM *** *** ***** 2019 ********, ****** *******, no? ** **** ** right ** *** ****** of *** ***** ****** relevant ** **** '*****' that ** *** ***** with ****.

** *** ***** *** your *****/*********** ** ***** the *****?

*****, **'* ***** ***** **** ******, ** *****:

** *** ** ****** realizing ** **** **** IPVM. **** ** *** identified *********, ** **** a ***** ******* *** shouted **** ** ******'* speak ** **.

**, ** **** *** asked ** ***** *** stand *** ***** **** clear **** **** **** running **** ****** *********** including ****** ** *** aisle *** **** **** were *** ********** ******* for ********** **** ****** recognition.

* ** ***** ** answer *** ********* ****** if *** **** ** be ********* ** ** industry *******, *** ****** be **** ** ***** a ****** ****** ** fact ***** ** ** the ******* *****.

*** ***’* ** *** dil ** *******.

“** ******, *** ***.”

*** **** ****’** *** rumors ******* ;)

****, **'* **** *** to ***** *** ******** and **** ****** ******** by ****** '*****'

** - * *** one **** ** ********** to *** ***** **** goes, *'* ******** ***** the ************ ** ********, but *** ******** ** otherwise ** ****** *********** needs ** ** ****** in *** ** ** line **** ****.

*** **** ** ** role ** **** ******* of ************ ********* ***** application *** ************. ** allows *** ***'* ** inform ******* ** *** situation **** *** ******** of ****** *********** ******. We **** ******* ** if *** ****** ******** it, *** ** *** always ** * ******** to ****** **** ***** it ****** ***** *********** so **** *** ****** an ******** ******.

*** ******** ** ********* of ****** *********** ***** to ** ****** ** the ** ** **** with ****.

* ********** *****... ** have ** ***** ********** upon ***** ** **** design, ************** ** ******.

**** ****** *** **** looking ** ** ** depth... *** ** *** also ***** **** *** enforcement ***** ** ** a ****** **********, ***** implemented ***.

** ** *******, *** GDPR *** ******* *** significantly ******* ** *** respect ** ** ******* in **********.

** * *******, ** need ** **** **** in * ****** ** real **** *********, ** create **** ********, *************, guidelines. * ******* **** should ****** ******* ** a ***** ********* ** we **** *** *********** of * **** ****** precedent, ***** ***** ** less ****** ** ***.

**’** **** **** *** legal ********* ** ******* consent *** ******* **** systems, ***** ***** **** that *** ******* ******** without ******* ** ** admissible! **** ***** ** be ********* ******* ******** on ** ****** ** probably *** ** *** best ********* ** ********** or *** *****.

*** **** ****** ****** DAHUA *** *********, **** is *** *******?

*** **** ****** ****** DAHUA *** *********, **** is *** *******?

****** ******.

******: *** *** ***** us ** ***** *****, which ** *** ** July **, ****. ***** finally *********, ****** * months *****, ******** *** usage ** ******* ** justification, ****** *****:

*** ***** ** *** ICO ***:

**do *** ****** *****'* ******** ** *** basis ****:

*. ***** *** ****'* Article *, ******* *** not * ***** ***** for ********** ** ******* categories ** ******** **** like **********, *******'* ********* ********** ******* do *** *****.
*.********* *** **** *** "captured ********, *** *** the ******* ** *********** a ********** ******* ******". However, ** ** ********* in *** ******** *********: "importantly, * **** ** face *** ******** ** a ******** ** ******* as ************** ******* ** * 'stranger' *** *** *** do ** *** ****** who **** ****** ** the ******". *** ******** Data ********** ***** *** explicitly ****** **** ******* people's ***** *** ********* them ** * ******** via ****** *********** ****** as ********** ********** ***** Article * ** *** "purpose ** ** ******** identify ******* *******".*******,*** **** **** **** counts ** ********** ********** regardless ** ******* *** person ****** *** ******** in *** ******** ** not. ****** ***** ** the**** ***** ************ **********, ******* **, **** 17.

** **** ****** **** report **** ** **** material ******** **** *** ICO.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019
A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...
How China's Pay By Facial Recognition Works on Apr 02, 2019
Many social media posts have variously celebrated or warned about the growing use of facial recognition for payments in China. An example of one...
Hikvision AI Problems Criticized By Chinese Publication on Apr 09, 2019
Hikvision's facial recognition works poorly, causes delays and worsens learning, according to a new investigation by one of China's leading...
China Jaywalking Facial Recognition Guide on May 27, 2019
News reports touting the PRC's AI prowess often showcase facial recognition cameras being used to automatically catch and fine jaywalkers. In...
IFSEC 2019 Show Report on Jun 19, 2019
The UK's largest trade show, IFSEC, is underway and IPVM has been examining what is new and happening at the show. Inside, we cover: Huawei...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
Covert Elevator Face Recognition on Oct 24, 2019
Covert elevator facial recognition has the potential to solve the cost and complexity of elevator surveillance while engendering immense privacy...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
Clearview AI Alarm - NY Times Report Says "Might End Privacy" on Jan 20, 2020
Over the weekend, the NY Times released a report titled "The Secretive Company That Might End Privacy as We Know It" about a company named...

Most Recent Industry Reports

Hazardous & Explosion Proof Access Control Tutorial on Feb 27, 2020
Controlling access to hazardous environments requires equipment meeting specific ratings that certify they will not start fires or will not...
Motorola / Avigilon Drops ISC West on Feb 26, 2020
Motorola Solutions has pulled out of ISC West 2020 effective immediately, because of coronavirus concerns, IPVM has learned. This is done amidst...
Cancel or Not? Industry Split Over ISC West on Feb 26, 2020
The industry is split, polarized, over whether ISC West 2020 should run or be canceled. New IPVM survey results of 400+ respondents show heated...
Coronavirus Hits Sony, Bosch Says Switch on Feb 26, 2020
Sony's fall in video surveillance has been severe over the past decade. Now, they may be done. In this note, we examine Bosch's new...
Video Surveillance Cameras 101 on Feb 25, 2020
Cameras come in many shapes, sizes and specifications. This 101 examines the basics of cameras and features used in 2020. In this report, we...
Favorite Video Analytic Manufacturers 2020 on Feb 25, 2020
Video analytics is now as hot as ever, driven by the excitement of advancing deep learning offers. But what are actually integrator's...
Latest London Police Facial Recognition Suffers Serious Issues on Feb 24, 2020
On February 20, IPVM visited another live face rec deployment by London police, but this time the system was thwarted by technical problems and...
Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...