No GDPR Penalties For UK Swann 'Spying Hack'

By: Charles Rollet, Published on Nov 20, 2018

The UK’s data protection agency has closed its investigation into Infinova-owned Swann Security UK, the ICO confirmed to IPVM, deciding to take “no further action” after customers unintentionally received video from different users in separate incidents earlier this year.

These data breaches received substantial media attention in June/July 2018, such as:

This took place after the arrival of the GDPR - broad new European privacy regulations which include the prospect of heavy fines for such incidents.

In this note, we examine what happened, the UK’s response to IPVM, and what the GDPR implications are for manufacturers and sellers of IoT devices such as video surveillance.

*** **’* **** ********** agency *** ****** *** investigation **** ********-********** ******** **, *** *** ********* to ****, ******** ** take “** ******* ******” after ********* *************** ******** video **** ********* ***** in ******** ********* ******* this ****.

***** **** ******** ******** substantial ***** ********* ** June/July ****, **** **:

**** **** ***** ***** the ******* ** ******* - ***** *** European ******* **************** ******* *** ******** of ***** ***** *** such *********.

** **** ****, ** examine **** ********, *** UK’s ******** ** ****, and **** *** **** implications *** *** ************* and ******* ** *** devices **** ** ***** surveillance.

[***************]

What ********

** ****,*** *** ************ *** ** *** staffers *** ***** * Swann ****** ******* ********* video **** * ********’* kitchen ** *** ********** app. *** *** ***** a **** ******* ********, this **** ** ***, when * ********* ***** customer ********** ** ******* of ********* ***** **** an ******* ***.

***** ***** **** ********, blaming *** ***** ** a ************* ***** *** the ****** ** ********* login *********** ***** **** for **** *******.

** * ******** ****,** *** ******* **** PenTestPartners“************ ******** ***** ***** from *** ****** ** another” ** *****’* ***** service, ********* “********* ****** to ******’* ******.” ***** also ***** **** *****, which *** *** ****** in ******'* ******** *********** being ********.

ICO ************

** *** **, ****** the **, * ****** national ****** – ************** ************’* ****** ** ICO- ******** *** **** protection *******. ** ************ the ***** ******** ******** reported ** *** *** for ******* ******, ********* IPVM **** **** **** the **** *** **** dropped:

*** **** ********* ***** Communications (******) ******* *** been ****** **** ** further ******. *** **** of ********* ***** ****** to *********** *** ********** low *** ** **** satisfied *** ******* *** identified *** *** ************ sufficient ******** ***** ***** commencing *** *** *************

GDPR ********** *****

***** **** ******** **** place ***** *** ************** on *** ** ** the **’* *** **** privacy *****, *** ****, which ****** *** **.

*** ********* **** ***** violations ** **** ********** such ********* **’* *************** “******* ******** **** are *** **** ********** without *** **********’* ************ to ** ********** ****** of ******* *******.”

************* *** *********** ***** have ******* ***** ****** hefty **** ********* ** they *** ******** ** breaches, ***** ********** ******** ** ** ** 40 ******* ***** ** 4% ** ********* *******.

How ***** ******* **** *********

*******, *** ***’* ******** not ** ******** ***** shows ****, ** ***, fears ** ******** *** eye-watering **** ***** *** EU ***** ************ ********* are *********.

*** **** ****** ***** significant ****** ** ******** governments **** ** ***** to ******** ******* ** not ** ****** *********.******* ** **** ************** *** ****** *** “intentional,” ******* ***** *** a “******* ** **** measures ** ******** *** damage ***** ********,” *** whether ***** *** * “lack ** ************* **** authorities”.

** ****** *** ***** and *********** **** ***********, Swann *** **** ** avoid ********* **********.

GDPR ************

************* ****** *** **** this **** ** ******** that *** **** ** toothless. ***-**** ********* ****** possible, ***** * *** factor **** ****** ** Swann’s ***** *** **** the ****** **** ******** a *** ******, **** of **** ***** *** complaints *** ************ ** allowed ************ **.

************, *** ***** **** case **** ********* * precedent ********* ** ************* and *********** **** ** comes ** **** ********. It **** ***** *** importance ** ***** ********** and *********** **** *********** in **** ** * breach.

IPVM’s *** ********* ***** *** ********

*** *** ** ****************** ****’* **** ********* about ****** **************** **** ********** ** IFSEC ** ******.

*** ******-**** ************* ** Swann ******** *** ***** may ** ** ********** of ******* ******* ****** ** a ***** ** **** complaints***** ** ******** **** protection ******** – ******* factor ****** ******* **** manufacturers *** ***********’ *****.

Comments (7)

* ** ********* ** GDPR ********** *** ***** to ******* ** ********** like **** ******** *******.

*’** *** *** **** experience **** * ******* Smartcam **. 

*** ******** *** ***** the ***** ******* ****?

** **** * **** the *** * *** someone ****’* ****

****** **** * ****** app :)

** **** * **** the *** * *** someone ****’* ****

***** * ***** ******!

** ****** **** *** experience ICO, *** *** ****, **** will **** ** ** surprise *** ***** ** very **** * ******** flip-side. **** *** *** first **** ** **** in *** **'*, * plethora ** "*******" ******* setting ** ********* *** scamming ****** ** ****** into ****** *** ****** on *** ********** ***** fear ** **** ***** as *** ******* ** use ***** ********. *** they *** *** ** provide *********** **** *** ****** available ** *** ******, then ****** ******* *** myth ** ******** ***** and ************ **** ***** never **** **** ******** on ***** ******. **** were ***** ** * deterrent ** ** **** only ** *********** ***** of ****** ****** *** tangible ******.

*** **** *** *** to ****** **** ****, so ** ***** **** case **** **** **********. The ***** ******* ** GDPR *** *** ** a ******** ******** ** a **** ******. ** determines  *** *****, ****** and ****** ** ****** a ******** *** ******** to ** ****. ***** clear ****** ** **********, coupled **** ********** ******** actions *** **** ******** abuse ** *** **** harvested - **** ***** lead ** * ******** toward *** ****** *** available. *** ** *** ******** Swann *** * ******** minor ****** ***** ***** is **** ****** ** intent *** ** **** damage ** ******** **** integrity ** **********.

*** ** *** * ****** litigious ******* ** ***** matters - ** ******* it *** **** ** odd *******, *** ****** expected **** ** ********** of ********* *** *** and **** *** **** years. ******** - **** was ***** *** ** exclusively *** ****, *** the ******* ** **** is *** **** ****** interest ** **. ***** into ******* ************* **** ******** ** raw ******** **** ********* with ****** **** ***** Facebook, *****, ******* *** many ********** **** ******** ****** peoples *****, **********'* *** business ** * *********** effect *** *** *** a ****** **** ** what **** *** *** up ** **.

*** ********** ** **** Johns ********* **** ** rejected - **** ****** given *** ******* ** where *** "*****" **** place - * **** exhibition ************* *** ******** being **********. * ****** it's * **** *********, but ** ** ****** well ***** *** **** you **** ** *** appalling ******* *** ***** of **** ****** ***** elsewhere. **'* **** ********** considering **** ****** *** ICO *** **** *** be ********** ** ****, its * ***** **** better **** ******** ** place ******* ** *** EU ***** *** **** amount ** **** ********** and ***** ** *** only ***** *********** - but **** ******* ** the ** **** ****** where * ****** *********** ******** ***** **************'* **** ***** ** eyebrow ******* ** *** race ** *** *** of ********* *****.

Read this IPVM report for free.

This article is part of IPVM's 6,306 reports, 842 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

UK ICO Approves Unconsented Facial Recognition At Security Conferences on Feb 05, 2020
The UK's data protection agency has declined IPVM's GDPR complaint against Dahua for using face recognition without consent at IFSEC last year,...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
First Video Surveillance GDPR Fine In France on Jul 08, 2019
The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing...
GDPR / ICO Complaint Filed Against Dahua on Jun 27, 2019
IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show. In this post, we...
Nortek and SDS Fight Over Failed Settlement on Jun 05, 2019
Distributor SDS said they reached a deal with Nortek but Nortek says no settlement was reached and the suit is still on. In this post, based on...
ADT's Top Dealer "The Defenders" Sued 20+ Times on May 07, 2019
ADT's largest authorized dealer, The Defenders, has been sued more than 20 times since 2012, IPVM has verified through analyzing legal...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...

Most Recent Industry Reports

EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from Both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...