GDPR / ICO Complaint Filed Against Dahua
IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show.
In this post, we explain the reasoning behind the complaint and the difference between this one and the one we made last year, including:
- Complaint Cause
- Conference vs Exhibitors
- Most Egregious
- Previous Dahua GDPR Claims
- Reasoning
Overall, we hope our case adds clarity on how facial recognition can be used under GDPR.
**************
** ***** ****, *****'* ***** (***** we ******* ** **** **) ******** live ****** *********** ***** ****** ****** and ******** ***** *****, ********** *** results ** * ** ******:
***** ********* ****** *********** ** **** captured ****, ********** ** ***** **** or ********* **** ** * '********' as *** ******* ***** *****:
*******, ***** *** *** ****** *** consent ** ****** ********, *** *** it **** *** ************* *** *** processing **** **** ********. ********, **** saw ** ***** **** ***** ********** biometrics ********** *** ****** ***** ******.
****, ** *** *******, ** * clear ********* ** *** ****, ************ * ************* ********** ****** *** * *** situations.********* *** **** ********* **** * booth ** * ******** ********** ***** conceivably ***. *** **** ****** ********** processing ** *********** **:
*** **** ******* ***given ******** ******* to the processing of those personal data for one or more specified purposes
*********, ** **** ***** * ********* against ***** *** ********* *** **** to *** **'* **** ********** ****** -*** *********** ************'* ******(***) - *** ************* ********* ****.
IFSEC ********** ** **********
** ****,**** ***** * **** **************** *****'* ********** (***) ***** ** attended ***** *** ***** ******* ****** recognition ***** ******* ***** ******* **** attendees.
*** *********** *** *********** *** ***** **** ***** ********** were *** *********** *** *** ******' demos. ******, ** *** *** ********* doing *** ***** ********** **** **** liable. **** ** *** **** ****, we ***** *** ********* ******* ***** UK, *** *****.
Dahua **** *********
**** ***** **** ***** ****** *********** demo *** *** **** ********* ** violation ** *** ****. ***** ****** recognition ********* ** ***** *** ** disclosures ** ******* *** ******'* *****. Moreover, ***** ***** ************ ************* **** Axis, *********, *** ****** (*********) *** not ******* **** ****** *********** ** all.
Dahua **** '*********'
***** *** **** ******* **** ****** before, ************ **** **** **** *************** *** ** ******* *** **** "certified" ** **** ********* ** *** Rheinland, * ******* ****** *******:
** ** *********, ** ******** *** ** **** compliant *** *** **** ****** ****** that ************* ******* ** *** ****** responsibilities ** *** ***. ************, ***** firms **** ****** ******* **** ************** as ****, ***************************.
*********
******* ********** ********** ***** ******** ********* by *** ****, *** ** *** no ***** ****** *********** *** ** regulations - ********* *** **'* ************ camera ************,**** ******,*** ****** ***.********, ***** **** ** **** **** a **** ***, ***** *** ***, if ***, *********** ***** ******* *** facial *********** ****** ** **** ** practice.
*** *** ** **** ********* ** for *** ** ********** ** ******* when *** ***** ****** *********** ** appropriate, *** *** ** ***** **** an ************ ***** ** ******* ******'* consent ** * ***** ****** ******** case.
**********
** **** ****** **** **** ** the **** ***** *** *** ******* the ******. **** ****, *** ********* took ****** ** ***** * ********** so ** **** ****** ** *** case ********.
** *****, ** *** **, *** ICO ***** **** ** *** *** responsibility ** **** ********** *********, ****** than *** **** ******. ** *** ****** **** **** ********* Against *****, ******* **** ********* *********** ****'* ******** ***** *** **** (******* it's ***** ** *** **** ** whoever ** *** *** '**** *********' of *** ****** *********** ******* **** exhibitors ***, ** ** *** ********** themselves).
** *****, ** *** **, *** ICO ***** **** ** *** *** responsibility ** **** ********** *********, ****** than *** **** ******.
**********, ****** * ***** ***** **** a "*******" *** ***** ***** ***** exhibitors ** ** ********* *** ********** audience *** ********* ***** *******.
** ***** ** ******** *********, ** not **********, *** *** ********* ** handle **** ** ***** *** ** they **** ** *********** ****** ********* openly ** ***** *****. *** ***'* approach *** ***** *** *********** ******* without ****** ** ******** *** ******** by *** ******* ** **** *****.
*******, *** ** ********* **** **** there *** ********* ********** ****** **** could *** ****, ** *** **** organizer **** *** ******* * "***-*****" notification?
*** ****** *****, * ***** *** show ***** ** ****** **** * way ** ******* ****** *******, ** ban (*** ******/*******) ********** **** ********** anything **** ******** ****.
**** **** **** ********, ** ****** things ** ** ***** **** ****** like * ******* *********, ************ *********
* ******** **** *** ** ****. I ***** ** ** **** *********** to *** ************-******* **** ***** ****** and ******** **** ***. ** **** already **** **** ****** ** ************* of *** *** ** ****** "*********" claims, **** **** ****** ** ** evidence.
* ***** *** ******* ****-**** ** IPVM's ***** ********* *** **** *********** and *******.***** *** **** ***** *********** that *** ********* ****** ***** **** down ******* **** ** ****** ********* GDPR. ** **** *** ****, ** least ** *** ********, ******** ** the ********.
*******, *****, *** ******, **** ** know ** **** ***** **** **** is * "*****", *** **** ***** potentially ** ********* **** **** **-***** demos. ** ** *** **** **** baited **** **** ******* * ****-*** test ** *********, ** ***** **** on *********** *******.
** ** *** **** **** ****** them **** ******* * ****-*** **** on *********, ** ***** **** ** speculative *******.
******, *** ********, ***** *** ********** knew ** **** ************* **** *** that ** *** ***** **** ****. And **** ***** ****** * **** this **** ********* / ******* **** exhibitors ***** ** ****** *** ******* to ** ****** ***********:
***, *******, *** ** ****, ***** still *** ****** *********** *** ***** made ** ******* ** *** *******.
*’* ***** **** *** ** **** on *** ******* **** *** ******* in *** **** ** * ************ deployed ***********. ** **** **** **** was ** * ******** **** *’* be **** ***, *** ** * security ***** **** *** * ******!
** * ******** ***** **** *** a ******!
** ** ******** **** ******** ***** shows *** *** ******* ** ********** processing *****, **** ***** ** *********** to ***. ***'* *** **** *** *** says. **** ** *** ***** ** filing ** **** *** *** *** give **** ******** ***** *** ***** rules *** ******* ** ********.
* ** ********** ** ******** *** value ** ****** *** ************ **** to ****. ******* **** **** *** not ******** ** ** ** * member.
**** **** **** ****** - ** doing *******, ** ** *********, ** develop ******** (*.*., *** **********), ***. We ****** *** ***** *** *** of **. **'* **** * ******, our **** ** *** ** ****** everyone ***** ********** ********, ** ** to ****** ** ******* ****** ******* value ** ******* *** **** ** membership *** **** ***** ****** *** will **** ** *** ******.
#*, ** ***** *** ******** ****** we *** *** ***** **** ***** provide ***** ** ***, ****** *** us **** ****.
************* ********:
** ** * ********* **** ** your ********** *****’* ****?
***** ***** ** *** ***** ********* processing **** ** ****** ***********, * Dahua ** ******* *** ******* *** on ******** **** ***** *** **** a ***** **** ****** ****** ***** stand, ** *** ****** ***** ****:
*** *** **** ** ** *** small ****:
***********, ** **** *** **** ******* the ****** *********** **** ***, **** 'facial ******'.
**** ****. ***** ******** ********* **** to ** **** *********** ** *******. Too **** **** *** ***** ****** by ***** ************* ******* ********* **** virtually ** ************. ** * ** company **** ** ***** *** *********** Chinese *** **** ***** ********* ** held *********** *****.
** * ** ******* **** ** China *** *********** ******* *** **** would ********* ** **** *********** *****.
** ********* ******** ******* * ******.
****** ** ***** ****** **** ********** biometric ****, ********* ****** ***********.
***** *** ****** **** ***** *** been ******* *** ** **** **** staff **** (******** ** **** ****) asked ** ***** *** ***** ** that (********) ********* **** *** ** injunction ** ******* **** ***** **** going ** ***** ***** ** ******* to *****?
*** **** *** **** **** **** and **** ****** ********...
**** (********) ********* **** *** ** injunction ** ******* **** ***** **** going ** ***** ***** ** ******* to *****
#*, ****? *********, ***** ** *** get ***** '******' ****? *****, **'* completely *****. ******, ********* ****** ** us ** ***** *****. *****, ** actually********* **** ** *** ***** ******:
********* *** *** **** ************* ** the ******* ********* **** ***** **** about *** **** ******
** * ****** *** ********* ****** throwing *** ********* ***** ******, **** enough #*?
* **** ** **** ** *** comments * **** **** **** ** they **** *** **** *******... **’* a ******, ******* ****** ** **** - *** ***’* ** *** *** on *******.
***** ** **** ** *** *** case ** ****** ** **’* **** for *** ** *** ** ******** IPVM ** *****’* ** ****** ** read ;)
** *** ***** *** **** *****/*********** to ***** *** *****?
*** ***’* ** *** *** ** rumours.
** ******, *** ***. * ****** that ** ** ****** *** **** school *********, *********, ** ******** ******* like ******** ***.
*** ***** '*****' ***: ********* *** an ********** ******* **** *** ***** 2019. **** *** *** ** ** check? ****** **** *** *** ***** 2019 ********, ****** *******, **? ** says ** ***** ** *** ****** of *** ***** ****** ******** ** your '*****' **** ** *** ***** with ****.
** *** ***** *** **** *****/*********** to ***** *** *****?
*****, **'* ***** ***** **** ******, ** *****:
** *** ** ****** ********* ** were **** ****. **** ** *** identified *********, ** **** * ***** retreat *** ******* **** ** ******'* speak ** **.
**, ** **** *** ***** ** leave *** ***** *** ***** **** clear **** **** **** ******* **** facial *********** ********* ****** ** *** aisle *** **** **** **** *** requesting ******* *** ********** **** ****** recognition.
* ** ***** ** ****** *** questions ****** ** *** **** ** be ********* ** ** ******** *******, you ****** ** **** ** ***** a ****** ****** ** **** ***** it ** *** ******* *****.
*** ***’* ** *** *** ** rumours.
“** ******, *** ***.”
*** **** ****’** *** ****** ******* ;)
****, **'* **** *** ** ***** out ******** *** **** ****** ******** by ****** '*****'
** - * *** *** **** be ********** ** *** ***** **** goes, *'* ******** ***** *** ************ in ********, *** *** ******** ** otherwise ** ****** *********** ***** ** be ****** ** *** ** ** line **** ****.
*** **** ** ** **** ** keep ******* ** ************ ********* ***** application *** ************. ** ****** *** BDM's ** ****** ******* ** *** situation **** *** ******** ** ****** recognition ******. ** **** ******* ** if *** ****** ******** **, *** we *** ****** ** * ******** to ****** **** ***** ** ****** under *********** ** **** *** ****** an ******** ******.
*** ******** ** ********* ** ****** recognition ***** ** ** ****** ** the ** ** **** **** ****.
* ********** *****... ** **** ** legal ********** **** ***** ** **** design, ************** ** ******.
**** ****** *** **** ******* ** it ** *****... *** ** *** also ***** **** *** *********** ***** it ** * ****** **********, ***** implemented ***.
** ** *******, *** **** *** DPA2018 *** ************* ******* ** *** respect ** ** ******* ** **********.
** * *******, ** **** ** test **** ** * ****** ** real **** *********, ** ****** **** sensible, *************, **********. * ******* **** should ****** ******* ** * ***** challenge ** ** **** *** *********** of * **** ****** *********, ***** would ** **** ****** ** ***.
**’** **** **** *** ***** ********* of ******* ******* *** ******* **** systems, ***** ***** **** **** *** footage ******** ******* ******* ** ** admissible! **** ***** ** ** ********* because ******** ** ** ****** ** probably *** ** *** **** ********* of ********** ** *** *****.
*** **** ****** ****** ***** *** HIKVISION, **** ** *** *******?
*** **** ****** ****** ***** *** HIKVISION, **** ** *** *******?
****** ******.
******: *** *** ***** ** ** email *****, ***** ** *** ** July **, ****. ***** ******* *********, nearly * ****** *****, ******** *** usage ** ******* ** *************, ****** below:
*** ***** ** *** *** ***:
**do *** ****** *****'* ******** ** *** ***** ****:
*. ***** *** ****'* ******* *, notices *** *** * ***** ***** for ********** ** ******* ********** ** personal **** **** **********, *******'* ********* ********** ******* ** *** apply.
*.********* *** **** *** "******** ********, not *** *** ******* ** *********** a ********** ******* ******". *******, ** we ********* ** *** ******** *********: "importantly, * **** ** **** *** compared ** * ******** ** ******* as ************** ******* ** * '********' *** did *** ** ** *** ****** who **** ****** ** *** ******". The ******** **** ********** ***** *** explicitly ****** **** ******* ******'* ***** and ********* **** ** * ******** via ****** *********** ****** ** ********** processing ***** ******* * ** *** "purpose ** ** ******** ******** ******* persons".*******,*** **** **** **** ****** ** biometrics ********** ********** ** ******* *** person ****** *** ******** ** *** database ** ***. ****** ***** ** the**** ***** ************ **********, ******* **, **** **.
** **** ****** **** ****** **** we **** ******** ******** **** *** ICO.
** ***** *********** ** *** (****) future **** ******** ***** ***** *** going ** **** **** *****-**** ********** when *** ******** **** **** "* give ** ******* ** ** ****** and ************* ********".