The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines.
While GDPR has been in effect for more than a year, how it applies to video surveillance has often been unclear, as we explained in our original GDPR for Video Surveillance Guide.
Now, these new guidelines (though not final and subject to public comment for the next two months) provide good insight and clarifications to common questions about video surveillance GDPR compliance.
In this post, we explain and analyze the new guidelines, including:
- EDPB's Background
- Legal Impact of Guidelines
- Public Signage: Example Provided
- Signage Positioning
- DPIAs Required for Large Scale Biometrics
- Storage: Additional Justification Required for Over 3 Days
- Some Analytics Not Considered Biometrics
- VIP Recognition: Consent Required from Everyone, Not Just VIPs
- Facial Recognition: Why Notification Via Signage Likely Not Enough
- Data Requests/Anonymization
- No Clarity on Types of Encryption Required
- Certification Not Covered
- Dummy Cameras Not Covered By GDPR