GDPR / ICO Complaint Filed Against Dahua

By: IPVM Team, Published on Jun 27, 2019

ICO GDPR Dahua Complaint thumbnail

IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show.

In this post, we explain the reasoning behind the complaint and the difference between this one and the one we made last year, including:

  • Complaint Cause
  • Conference vs Exhibitors
  • Most Egregious
  • Previous Dahua GDPR Claims
  • Reasoning

Overall, we hope our case adds clarity on how facial recognition can be used under GDPR.

ICO GDPR Dahua Complaint thumbnail

**** *** ***** * GDPR ********* ******* ***** UK's ****** *********** ********* at ***** ***** ****** this ****'****** ****.

** **** ****, ** explain *** ********* ****** the ********* *** *** difference ******* **** *** and *** ***** **** **** ****, *********:

  • ********* *****
  • ********** ** **********
  • **** *********
  • ******** ***** **** ******
  • *********

*******, ** **** *** case **** ******* ** how ****** *********** *** be **** ***** ****.

[***************]

**************

** ***** ****, *****'* booth (***** ** ******* on **** **) ******** live ****** *********** ***** filmed ****** *** ******** their *****, ********** *** results ** * ** screen:

***** ********* ****** *********** on **** ******** ****, attempting ** ***** **** or ********* **** ** a '********' ** *** excerpt ***** *****:

*******, ***** *** *** obtain *** ******* ** people ********, *** *** it **** *** ************* for *** ********** **** IPVM ********. ********, **** saw ** ***** **** Dahua ********** ********** ********** was ****** ***** ******.

****, ** *** *******, is * ***** ********* of *** ****, ************ * ************* ********** ****** *** a *** **********.********* *** **** ********* that * ***** ** a ******** ********** ***** conceivably ***. *** **** states ********** ********** ** permissible **:

*** **** ******* ***given ******** ******* to the processing of those personal data for one or more specified purposes

*********, ** **** ***** a ********* ******* ***** for ********* *** **** to *** **'* **** protection ****** -*** *********** ************'* ******(***) - *** ************* ********* ****.

IFSEC ********** ** **********

** ****,**** ***** * **** complaint******* *****'* ********** (***) after ** ******** ***** and ***** ******* ****** recognition ***** ******* ***** consent **** *********.

*** *********** *** *********** *** ***** **** IFSEC ********** **** *** responsible *** *** ******' demos. ******, ** *** the ********* ***** *** demos ********** **** **** liable. **** ** *** this ****, ** ***** the ********* ******* ***** UK, *** *****.

Dahua **** *********

**** ***** **** ***** facial *********** **** *** the **** ********* ** violation ** *** ****. Other ****** *********** ********* at ***** *** ** disclosures ** ******* *** people's *****. ********, ***** video ************ ************* **** Axis, *********, *** ****** (Hisilicon) *** *** ******* live ****** *********** ** all.

Dahua **** '*********'

***** *** **** ******* GDPR ****** ******, ************ when **** **** *************** *** ** ******* had **** "*********" ** GDPR ********* ** *** Rheinland, * ******* ****** company:

Image

** ** *********, ** ******** *** be **** ********* *** the **** ****** ****** that ************* ******* ** not ****** **************** ** any ***. ************, ***** firms **** ****** ******* GDPR ************** ** ****, including******************.

*********

******* ********** ********** ***** strictly ********* ** *** GDPR, *** ** *** no ***** ****** *********** law ** *********** - something *** **'* ************ camera ************,**** ******,*** ****** ***.********, ***** **** ** just **** * **** old, ***** *** ***, if ***, *********** ***** showing *** ****** *********** should ** **** ** practice.

*** *** ** **** complaint ** *** *** UK ********** ** ******* when *** ***** ****** recognition ** ***********, *** how ** ***** **** an ************ ***** ** without ******'* ******* ** a ***** ****** ******** case.

**********

** **** ****** **** post ** *** **** makes *** *** ******* the ******. **** ****, the ********* **** ****** to ***** * ********** so ** **** ****** as *** **** ********.

Comments (26)

** ***** *********** ** the (****) ****** **** security ***** ***** *** going ** **** **** click-wrap ********** **** *** register **** **** "* give ** ******* ** be ****** *** ************* analyzed".

** *****, ** *** UK, *** *** ***** that ** *** *** responsibility ** **** ********** exhibitor, ****** **** *** show ******. ** *** ****** **** GDPR ********* ******* *****, Decides **** ********* *********** ****'* ******** ***** *** show (******* **'* ***** or *** **** ** whoever ** *** *** 'data *********' ** *** facial *********** ******* **** exhibitors ***, ** ** the ********** **********).

** *****, ** *** UK, *** *** ***** that ** *** *** responsibility ** **** ********** exhibitor, ****** **** *** show ******.

**********, ****** * ***** think **** * "*******" the ***** ***** ***** exhibitors ** ** ********* the ********** ******** *** gathering ***** *******.

** ***** ** ******** difficult, ** *** **********, for *** ********* ** handle **** ** ***** own ** **** **** to *********** ****** ********* openly ** ***** *****. You ***'* ******** *** booth *** *********** ******* without ****** ** ******** and ******** ** *** cameras ** **** *****.

*******, *** ** ********* even **** ***** *** potential ********** ****** **** could *** ****, ** the **** ********* **** not ******* * "***-*****" notification?

*** ****** *****, * think *** **** ***** to ****** **** * way ** ******* ****** consent, ** *** (*** patrol/enforce) ********** **** ********** anything **** ******** ****.

**** **** **** ********, no ****** ****** ** be ***** **** ****** like * ******* *********, subscription *********

* ******** **** *** on ****. * ***** it ** **** *********** to *** ************-******* **** cases ****** *** ******** this ***. ** **** already **** **** ****** of ************* ** *** ICO ** ****** "*********" claims, **** **** ****** up ** ********. 

* ***** *** ******* kick-back ** ****'* ***** complaint *** **** *********** and *******.***** *** **** early *********** **** *** governing ****** ***** **** down ******* **** ** anyone ********* ****. ** have *** ****, ** least ** *** ********, evidence ** *** ********.

*******, *****, *** ******, have ** **** ** this ***** **** **** is * "*****", *** they ***** *********** ** violating **** **** **-***** demos. ** ** *** like **** ****** **** into ******* * ****-*** test ** *********, ** filed **** ** *********** guesses.

** ** *** **** IPVM ****** **** **** running * ****-*** **** on *********, ** ***** this ** *********** *******.

******, *** ********, ***** and ********** **** ** were ************* **** *** that ** *** ***** last ****. *** **** IFSEC ****** * **** this **** ********* / warning **** ********** ***** be ****** *** ******* to ** ****** ***********:

***, *******, *** ** that, ***** ***** *** facial *********** *** ***** made ** ******* ** get *******.

*’* ***** **** *** in **** ** *** proviso **** *** ******* in *** **** ** a ************ ******** ***********.  If **** **** **** was ** * ******** mall *’* ** **** you, *** ** * security ***** **** *** a ******!

** * ******** ***** show *** * ******!

** ** ******** **** security ***** ***** *** not ******* ** ********** processing *****, **** ***** be *********** ** ***. ***'* see **** *** *** says. **** ** *** point ** ****** ** that *** *** *** give **** ******** ***** how ***** ***** *** applied ** ********.

* ** ********** ** question *** ***** ** paying *** ************ **** to ****. ******* **** this *** *** ******** to ** ** * member.  

**** **** **** ****** - ** ***** *******, we ** *********, ** develop ******** (*.*., *** Calculator), ***. ** ****** one ***** *** *** of **. **'* **** a ******, *** **** is *** ** ****** everyone ***** ********** ********, it ** ** ****** we ******* ****** ******* value ** ******* *** cost ** ********** *** what ***** ****** *** will **** ** *** member.

#*, ** ***** *** specific ****** ** *** not ***** **** ***** provide ***** ** ***, please *** ** **** here.

************* ********:

** ** * ********* even ** **** ********** doesn’t ****?

***** ***** ** *** cover ********* ********** **** as ****** ***********, * Dahua ** ******* *** pointed *** ** ******** that ***** *** **** a ***** **** ****** inside ***** *****, ** the ****** ***** ****:

*** *** **** ** to *** ***** ****:

***********, ** **** *** even ******* *** ****** recognition **** ***, **** 'facial ******'.

*********** ***** ** *** Galaxy

**** ****. ***** ******** companies **** ** ** held *********** ** *******. Too **** **** *** being ****** ** ***** multinational ******* ********* **** virtually ** ************. ** a ** ******* **** to ***** *** *********** Chinese *** **** ***** certainly ** **** *********** there.

** * ** ******* went ** ***** *** disregarded ******* *** **** would ********* ** **** accountable *****.

** ********* ******** ******* a ******.

****** ** ***** ****** were ********** ********* ****, including ****** ***********.

***** *** ****** **** Dahua *** **** ******* out ** **** **** staff **** (******** ** have ****) ***** ** leave *** ***** ** that (********) ********* **** out ** ********** ** prevent **** ***** **** going ** ***** ***** or ******* ** *****?

*** **** *** **** this **** *** **** poorly ********...

**** (********) ********* **** out ** ********** ** prevent **** ***** **** going ** ***** ***** or ******* ** *****

#*, ****? *********, ***** do *** *** ***** 'rumors' ****? *****, **'* completely *****. ******, ********* talked ** ** ** their *****. *****, ** actually********* **** ** *** IFSEC ******:

********* *** *** **** knowledgeable ** *** ******* companies **** ***** **** about *** **** ******

** * ****** *** diligence ****** ******** *** obviously ***** ******, **** enough #*?

* **** ** **** if *** ******** * made **** **** ** they **** *** **** rumours...  **’* * ******, clearly ****** ** **** - *** ***’* ** due *** ** *******.  

***** ** **** ** not *** **** ** course ** **’* **** for *** ** *** to ******** **** ** there’d ** ****** ** read ;) 

** *** ***** *** your *****/*********** ** ***** the *****?

*** ***’* ** *** dil ** *******.

** ******, *** ***. I ****** **** ** my ****** *** **** school *********, *********, ** industry ******* **** ******** can.

*** ***** '*****' ***: Hikvision *** ** ********** against **** *** ***** 2019. **** *** *** do ** *****? ****** IPVM *** *** ***** 2019 ********, ****** *******, no? ** **** ** right ** *** ****** of *** ***** ****** relevant ** **** '*****' that ** *** ***** with ****.

** *** ***** *** your *****/*********** ** ***** the *****?

*****, **'* ***** ***** **** ******, ** *****:

** *** ** ****** realizing ** **** **** IPVM. **** ** *** identified *********, ** **** a ***** ******* *** shouted **** ** ******'* speak ** **.

**, ** **** *** asked ** ***** *** stand *** ***** **** clear **** **** **** running **** ****** *********** including ****** ** *** aisle *** **** **** were *** ********** ******* for ********** **** ****** recognition.

* ** ***** ** answer *** ********* ****** if *** **** ** be ********* ** ** industry *******, *** ****** be **** ** ***** a ****** ****** ** fact ***** ** ** the ******* *****.

*** ***’* ** *** dil ** *******.

“** ******, *** ***.”

*** **** ****’** *** rumors ******* ;)

****, **'* **** *** to ***** *** ******** and **** ****** ******** by ****** '*****'

** - * *** one **** ** ********** to *** ***** **** goes, *'* ******** ***** the ************ ** ********, but *** ******** ** otherwise ** ****** *********** needs ** ** ****** in *** ** ** line **** ****.

*** **** ** ** role ** **** ******* of ************ ********* ***** application *** ************. ** allows *** ***'* ** inform ******* ** *** situation **** *** ******** of ****** *********** ******. We **** ******* ** if *** ****** ******** it, *** ** *** always ** * ******** to ****** **** ***** it ****** ***** *********** so **** *** ****** an ******** ******.

*** ******** ** ********* of ****** *********** ***** to ** ****** ** the ** ** **** with ****.

* ********** *****... ** have ** ***** ********** upon ***** ** **** design, ************** ** ******.

**** ****** *** **** looking ** ** ** depth... *** ** *** also ***** **** *** enforcement ***** ** ** a ****** **********, ***** implemented ***.

** ** *******, *** GDPR *** ******* *** significantly ******* ** *** respect ** ** ******* in **********.

** * *******, ** need ** **** **** in * ****** ** real **** *********, ** create **** ********, *************, guidelines. * ******* **** should ****** ******* ** a ***** ********* ** we **** *** *********** of * **** ****** precedent, ***** ***** ** less ****** ** ***.

**’** **** **** *** legal ********* ** ******* consent *** ******* **** systems, ***** ***** **** that *** ******* ******** without ******* ** ** admissible! **** ***** ** be ********* ******* ******** on ** ****** ** probably *** ** *** best ********* ** ********** or *** *****.

*** **** ****** ****** DAHUA *** *********, **** is *** *******?

*** **** ****** ****** DAHUA *** *********, **** is *** *******?

****** ******.

******: *** *** ***** us ** ***** *****, which ** *** ** July **, ****. ***** finally *********, ****** * months *****, ******** *** usage ** ******* ** justification, ****** *****:

*** ***** ** *** ICO ***:

**do *** ****** *****'* ******** ** *** basis ****:

*. ***** *** ****'* Article *, ******* *** not * ***** ***** for ********** ** ******* categories ** ******** **** like **********, *******'* ********* ********** ******* do *** *****.
*.********* *** **** *** "captured ********, *** *** the ******* ** *********** a ********** ******* ******". However, ** ** ********* in *** ******** *********: "importantly, * **** ** face *** ******** ** a ******** ** ******* as ************** ******* ** * 'stranger' *** *** *** do ** *** ****** who **** ****** ** the ******". *** ******** Data ********** ***** *** explicitly ****** **** ******* people's ***** *** ********* them ** * ******** via ****** *********** ****** as ********** ********** ***** Article * ** *** "purpose ** ** ******** identify ******* *******".*******,*** **** **** **** counts ** ********** ********** regardless ** ******* *** person ****** *** ******** in *** ******** ** not. ****** ***** ** the**** ***** ************ **********, ******* **, **** 17.

** **** ****** **** report **** ** **** material ******** **** *** ICO.

Read this IPVM report for free.

This article is part of IPVM's 6,362 reports, 854 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

UK ICO Approves Unconsented Facial Recognition At Security Conferences on Feb 05, 2020
The UK's data protection agency has declined IPVM's GDPR complaint against Dahua for using face recognition without consent at IFSEC last year,...
Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Former Manufacturer Axcess Sues Avigilon, Genetec, Others for Patent Infringement on Oct 24, 2018
Axcess International, Inc. has sued Avigilon, Genetec and ACTi, among others for patent infringement. Who are they and what are their complaints...
JCI / Napco Integration Battle on Aug 30, 2018
JCI and Napco are firing salvos at each other over integration issues which both sides blame on the other. The bigger problem is that central...
GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Dahua Access Control Tested on Oct 10, 2017
Can Dahua become a major force in access control? We bought Dahua's ASC1202B [link no longer available] to find out. We tested Dahua access and...
‘Experts' Fail On Dumbo IP Camera ‘Hack' on Aug 24, 2017
Dumbo, revealed by Wikileaks, has become big news. Unfortunately, 'experts' in the security industry have gotten it wrong, incorrectly contending...
Canon Sues Avigilon on Jul 27, 2017
Canon, owner of Axis and Milestone, has sued Avigilon for patent infringement in US court. This is a highly atypical move for Canon, pitting 3 of...

Most Recent Industry Reports

Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...
FLIR Screen-EST Screening Software Tested on Jun 30, 2020
In our FLIR A Series Test, the cameras' biggest drawback was their lack of face detection, requiring manual adjustment when screening each...
Dahua Buenos Aires Bus Screening Violates IEC Standards and Dahua's Own Instructions on Jun 30, 2020
Dahua has promoted Buenos Aires bus deployments as "solutions that facilitate community safety". However, they violate IEC standards and,...
UK Firm Markets False Fever Screening, Hikvision Disavows on Jun 30, 2020
A UK security firm falsely claimed its Hikvision-based thermal solution could be used for "accurately detecting fever in any person", even claiming...
Industry Study: 83% of US Temperature Screening Sellers Falsely Say Not Medical Devices on Jun 29, 2020
83% of US companies selling temperature screening devices, aka 'fever' detectors, claim they are not medical devices, contrary to FDA definition,...
Manufacturers on Virtual 'ISC West' 2020 and Potential ISC West 2021 on Jun 29, 2020
With the 2020 ISC West show now officially canceled, attention turns to Reed's new "ISC West 2020 Virtual Event" planned for October and for the...