New GDPR Guidelines for Video Surveillance Examined

EDPB ********** *** ***** ******

*** ****** ** *** new ********** ** *********** **** ********** *****, ** ****, ***** is **** ** ** each ** *******'* **** protection ****** *** *** EU's *** ***, *********** **** ********** **********. **************** ******* ** ****** comment ***** ********* *.

**** *** *** ******* binding, *** **** ***** weight ** ** **** protection *********** **** ***** to **** **** ******** on ***** ************ *****.

****** *** ****'* ********** for ********** **** ** Video *******

EDPB ***** ******* ** ****** *******

***** *** *********** ****** of *********** ****** ** be *********, *** **** recommends *********** * ***-***** approach. *** ***** ***** is *** **** ****, with *** ***** **** - **** ** ** example ***** ** *** EDPB:

**** ***** ***** ****** include *** *** ******, EDPB ******, **** **:

• ******* ******
• ******* ** **********
• ******** ** **********
• ****** ** **** *******
• ******* ******* ** **** protection ******* (** ***)
• ******* *** **** **** be **** ** * third *****
• ***** ** **** *** second ***** ** ***********

Sign ****** ** ************ "****** ******** *** ********* ****"

*** **** **** ***** details ***** *** *********** of *** ***** ***** sign, ******* ******* **** the **** ** ** position *** ****:

** **** * *** that *** **** ******* can ****** ********* *** circumstances ** *** ************before ******** *** ********* ****". The sign should thus be "approximately at eye-level", near the actual zone being monitored, and presented in "an easily visible, intelligible and clearly ******** ******. [emphasis added]

*** *******, ** ***** 2019, ***** *** ****** **** ********* *** ****** ****** the ***** *** *** visible ***** ** ***** monitored:

'Second *****' *********** *******

*** ****** ***** *********** can ** ** *** form ** ** "****** accessible *****" ** *** cashier/other ******* ******** ** simply * ******. **** information "**** ******* *** other *********** **** ** mandatory ************ **** *** ****" (**** can ** ******* "********* decision-making, ********* *********" ** being **** - ****** ******** ****).

Storage: **** ************* ******** ****** ** *****

*** ****, **** *** GDPR, **** *** **** specific ******* ****** *********** but **** *** **** more ******** ** ******* that:

*** ****** *** ******* period ** ***(especially **** ****** ** *****), the more argumentation for the legitimacy of the purpose and the necessity of storage has to be provided. [emphasis added]

**** ***** **** * significant ****** (** *** guidelines *** *** *******), as **** ***-***** ***** video **** **** ** hours,***** ***** ** ** to * *****. *** ****, *******, states **** ** ***** storage ** ****** "**********" for ******** ******:

**********, *** *** ***** storing ***** ****** **** 72 *****, **** ***** mean **** ***** '****** layer' ****** ****** ******* a ***** ************* *** the ****** ******* - such ** ***** ** a ****-***** ****, ******* to ****** **** ****** requests, ***.

Data ********** ****** ********** ******** *** ***** ***** ********** ***

*** **** ****** **** any "***** *****" *** of ********** ********** ******** a ****:

********, ********* ** ******* 35 (*) (*) **** a **** ********** ****** assessment ** **** ******** when *** ********** ******* to ******* ******* ********** of **** ** * large *****.

*******, *** **** **** not **** ********* ***** what ** ***** ** 'large *****', *** ******* does *** ****, ***** defines ** ********* ****:

********** ***** *** ** process * ************ ****** of ******** **** ** regional, ******** ** ************* level *** ***** ***** affect * ***** ****** of **** ******** *** which *** ****** ** result ** * **** risk [...] ** *** rights *** ******** ** data ********

*******, *** **** ******** little ********** ******** *** DPIAs.

Biometrics: ******/**********/*** ********* *** ********** **********, *** *** ******** *********** **

*** ****'* ******* * states **** "********* **** for *** ******* ** uniquely *********** * ******* person" *********** **********, **** * *** important ********** **** ** consent ** '*********** ****** interest'.

*******, *** ****** ***** of ********* ***** ******/**********/*** analytics *** *** **** to **** *** **** as ****, ** *** EDPB ********** ***** **** such ************ *** *** considered **********, ** **** as *** ********* *** not **** ** ******** unique ******:

*******, *** *** *********** by ************ ******* ** retail *******, **** ** VIPs **** ********** ********* to ***** **********, *** store **** ****** ******* or ******* ******* * justification "***************** ** *** ******":

**** **** **** **** not **** **** *** Dahua, ******* ***** * **** complaint ********** ***** ****** *********** on ******** ** ***** without ********* *******. *** Dahua **** *** **** clearly *** **** **** of *****-**, ***-***** ***********, identifying ****** ** '********':

********* ** *** **** guidelines, **** * ****** means*********** ******** ********** **** provide *******. *** *** the ***** ****** ****** stuck ** **** **********/***/****** analytics, ** ***** ****** not ** ********** ********** at ***.

Facial ***********: ************ *** ******* ****** *** ******

*** *************** ** ****'* recent **** ********* ******* Dahua ** **** ******* the **** *** ** a ***** ****** ** its *****, ** *********** obtained '*******' **** * passerby ** **** ******:

*******, *** **** ********** do *** ******* **** this *********** '*******'. **** it ***** ** *******, the ********** *** ***** strict; **** * ******* 'passageway' **** ***** ******* might *** ** ********** 'consent' ****** ******* ********** ***********, **** ******:

***********, *** ************* *********** *** ******* *** much ******* **** * simple ****** **** ******* of *** **********, ******* information, ***, ** ***** displayed ** *****. *** conditions, ** ****** ** the ****, *******:

• *** **** ******* ***** have *** ***** ** withdraw *** ** *** consent ** *** ****
• Prior ** ****** *******, the data subject shall be informed thereof. [emphasis added]
• ** ***** ** ** easy ** ******** ** to **** *******.

*******, **** ** ***** conditions *** ********** *** a ****** ****** **** the *** ***** *** in *** *****. * passerby *** ** *** to ** ******** ** the ****** *********** ***** on **********, *** *** withdrawing ******* ** ******.

******: **** **** *** apply ** ****** ***** facial *********** ***** *** enforcement *** ** ********** is *** ***** ** Article *'* ******* ************* in *** ****, *** a ******** **********, ****** *********** *********, ***** ******* ** gives ****** ******* ********.

Data ********/*************

*** **** ********** *** some ******* ** **** requests **** ** ***** to ******* ** *********** filmed ** ***** ************, stating **** ******** ***** to ** ******** (******** down ** * * hour **** ******), *** any ******* ******* ***** people ****** ** **********:

************* ** ******** ***** is * ****** ***** in ***** ************ - IPVM *** ****** *** software ********* (***** **** *****************).

No ******* ** ***** ** ********** ********

*** ********** ** *** give *** ******* ******* as ** **** **** of ********** ******** ***** to ** **** ** comply **** ****.

Certification *** *********

*********, *** **** ********** do *** ******* *** certification *******. **** ** likely ** **** ******* legally, **** ************** *** meaningless, *** *** **** itself ****** **** **** schemes ** *** "****** the **************" *** ********** in *** ***. *** more, **** *** ******** report,***** ******** *** *** GDPR *********, ** ******** Can **.

Other: ***** ******* *** ******* ** ****

**** ******** ******* **- **** *** **** even ***** ** ***** cameras? ***** *** **** regulates ******** ****, ***, by **********, ***** ******* do *** ******* ***, the ****** ** **, EDPB ******* ****** - although ***** ******** *********** may ***** ****:

Update ** ****

** **** ****** **** report **** ***** ********** are *********, ****** *** changes ** ******* ***** this ****.