First GDPR Facial Recognition Fine For Sweden School

By: Charles Rollet, Published on Aug 22, 2019

A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is also the EU's first GDPR fine for facial recognition, adding some clarity to use of the technology in the GDPR era.

sweden gdpr fine school face recognition

In this post, we examine the fine and its impact, including:

  • First Sweden GDPR fine ever
  • First GPDR facial recognition
  • What happened at the school
  • How the school justified it
  • The role of a data protection impact assessment
  • How the fine was calculated
  • Warning for further use
  • GDPR compliance for facial recognition
  • Negative market impact of such precedent
  • UPDATE: school will appeal

* ****** ** ****** has **** ***** $**,*** for ***** ****** *********** to **** ********** ** what ** ******'* ***** GDPR ****. *******, *** fine ** **** *** EU's ***** **** **** for ****** ***********, ****** some ******* ** *** of *** ********** ** the **** ***.

sweden gdpr fine school face recognition

** **** ****, ** examine *** **** *** its ******, *********:

  • ***** ****** **** **** ever
  • ***** **** ****** ***********
  • **** ******** ** *** school
  • *** *** ****** ********* it
  • *** **** ** * data ********** ****** **********
  • *** *** **** *** calculated
  • ******* *** ******* ***
  • **** ********** *** ****** recognition
  • ******** ****** ****** ** such *********
  • ******: ****** **** ******

[***************]

First ****** **** **** ****

**** ** *** ***** GDPR **** ** ****** ever, ** ****** ** the****** *******:

First **** ****** *********** **** ****

********* ** ** **** review ** **** *****, including ******* *** *************** *********** *******, **** ** *** first **** * **** fine *** **** ****** for ****** ***********.

What ********

*********** * ************** ** ********** **** ********** ********* ('Datainspektionen'), ** ******** ** Anderstorp’s ***** ********* ****** in*********å *************** ***** ********** ******** via ****** *********** *** a * **** ***** period ** ****. **** was **** ****** ** a ************ ****** ***** at *** ******** ** a *********; ***** **** no ******* ***** *** camera's ***** ** **** software *** ****.

********* ** *** ********, the ****** ****** *** system *** ** **** time ******** ********, ***** takes ** **** **,*** working ***** *** ****:

** ******** ********** ********* to *** **** ******, a *********** *** ***** 10 ******* *** ****** and ** ***** **** recognition ********** *** ********** control ** *****, ********* to *** ****** *****, save **,*** ***** * year ** *** ******* school.

** ** *** **** how ******** **** **, though *** ****** ******* said ****** ********** *** each ****** ********, *******, whether ** **** ** minutes *** ***** ****** is *******.

Legal ***** *** **********: *******

*** *******' **** ***** for ********** *** *******, as *** ******** ******** had ****** ******* *****. The ****'******** ***** ********** ********** ****** for * *** **********, including "******** *******" **** data ********.

GDPR ******** ** ******* *** *****

******'* *** ***** ******* major **** **********. *******, it ********** **** *** Article * ******* ************* was *** *****, ***** there ** ** ******* balance ** ***** ******* the ****** *** *** students, **** ******* ***** not **"****** *****":

** *******, ** ** clear **** *** ******* is ** * ********* position ** *** ****** in ***** ** ******, funding, *********, *** **** future **** ** ***** opportunities.

Other **** *********: ****************

*** ****'******** ******* **** ******** **** collection ** "********, ******** and ******* ** **** is *********" *** *** purpose ** **********. *******, the *** ****** ***** facial *********** ******* ****** in * "********** ********" ** *** school *** "**************** ** relation ** *** *******" of *** **********, ******:

********** ****** *** ** done ** ***** **** that *** ******* ******* violation *** ********.

No **** ********** ****** **********

*** ***** **** ********* was **** *** **** school, ***** ** ******* out * **** **********, did *** ******* * Data ********** ****** ********** as ********** ******** ** the****'* ******* **.

***** *** ******** **** any ********** "***** *** technologies" **** ******** "********** on * ***** ***** of ******* ********** ** data" [*.*. **********]. ***** must ******* ******** ************ of ********* "***** ** the ****** *** ********" and * "********* *** proportionality" **********.

***********, *******'* ******* ********** **** *********** "******* the *********** *********" ***** to ********** ** *** DPIA ********* ** "***** result ** * **** risk" ******* ********** ********.

*** **** ****** *** not ******* * **** nor ******* **** ******'* DPA, ********* ******** ** and **.

How *** **** *** **********

*** ******* *** ********** the ************* "***********" *********** that "*** ********* *** ******** sensitive ******** **** ********** children *** ***** * ********** ******** in ******** ** *** high ******." ************, ********* Articles * *** * was ********** "**** *******" than ***** **** ********.********** ******* ******** **** only ** ******** **** involved *** *** **** period *** ******* (* weeks).

****, * **** ** 200,000 ******* *****, ** slightly **** **** $**,***, was **********. *** **** school ***** *** ****** the ****.

******* *** ******* ***

***********, *** ****** ******** says **** **** ** continue ** *** **, prompting *** ******* **** Protection ********* ** ******* a *******:

*** **** ****** ***** of *********å ************ *** stated **** **** ****** to ******** *** **** recognition *** ********' ******** control. ***** ********** **** similarly ******* *** ********** of **** ********** **********. Due ** *** **** of ****** ********** ** In ********** **** *** planned **********, * ******* is *** *****

UPDATE */*/**: ****** *********

*** **** *** ******** by *** ****** ** September *,********* ** ** *******************, * ******* ***** for ***** ***** ********, which ******** *** ******:

*** ******** *********å'* ******** to ******. ** **** be ** *********** ** deepen *** ******* *** Data ************'* ******** *** conclusions. ** ******** ******** and ******* ** *** members' ******* *** ****** development ** * ******* age, **** ***** *********, Director ** *** ********** of ************ ** ***.

**** **** ***** **** appeal *** ****** **** it ** *******.

******** ****** ******

******* *** *** ** the ******* ****** ******* for ****** *********** ****** the *****. **** ****** could **** * ******** effect ** ***** ******* that *** ** *********** using ****** *********** *** increases *** ********** *** risks ** ******* ****** to **** ****** *********** to *******.

**** ***********

**** *********** *******:

  • ** ****** *********** ****** on *******, ** **** be "********" *** "****** given" ** ********** ** the ****. ** ***** is * ***** ********** in *** ******* ** power ******* *** ********** and *** **** *******, Data ********** *********** *** not ******** ** *****.
  • ***** *** **** ********* for *** *** ** facial *********** ***** ***** result "** * **** risk ** *** ****** and ******** ** ******* persons". ***** **** ******'* DPA *** ********* **** filming ******** *** ********** constitutes **** * ****, this ***** *** *** can ** ***** ****** reached.
  • ***** ** ****** *********** must ******** ******* **'* proportionate - *** *******, is ***** * ****** way ** ** **** without **** ** ********* technology?
  • ****** *********** **** ***** are ****** ** ** higher **** ***** ****, with *** ******* *** explicitly ****** **** ** fines ******* * (*.*. biometrics) ***** **** *******.

Comments (22)

**** * ******* ****** providing **** ******* ** this ******:

** ****** * ********** upper ********* ******. ************ those **** ** ******* have ********* **** **** attendance. ****** *** ********* between **-** ***** ** age *** * *** less ********* ******** ** students ******** **** *********** and **********/******* *********** ***************. What * ** ****** to *** ** **** attendance ****** ***** ********** be * *********. ********** is **** ********* ** a ******** (********** ** federal ***** ** *** US) ***** ********* ** approx. *** ******* * month. ****’* *** ********** checks *** *********.

******* ***** *** *** class – ** * here? ***/*** ******* ***** say. “***, *** ****** now.” *** **** * doesn’t **** **. ******** that ***** *** **-** students ** * ***** - ** ******* ***** quite **********.

*** ******* ***** ******* interviewing *** ** ******* of *** ******, *** ********:

*** **** ******'* ** strategist ***** ******** ** surprised *** *** **** expecting ****** ******* ** was * ***** ******* project.

- * ** *** understand ***** ********** *****, moreover ** *** **** out ** ** ******** were **, *** ****** did *** ****** *** approval, ******** ***** ********.

*** ************ *** *** yet ******* ******* ** will ****** ******* *** authority's ********.

*** ** ** ******** were **, *** ****** did *** ****** *** approval, ******** ***** ********.

*'* ** ******... ******* ********** ** ******** * pretty ****** ***** *** appeal ***...

*** **** ************'* ******** of '********** ** ******* of *****' ** ******** undermined ** *** ***** from **. ******** *****.

#***********

*** ****** *** *** submit *** ********

****, ** *** ****** did *** ****** *** approval, **** *** **** make ** ***** ***** GDPR? ******* ******* ** required *** ********* ********** unless ***** ** ****** interest, ***** **** *** apply ****. ***/**, *******?

* **** ***** ** saying **** *** * students *** *** *** 'opt **' **** *** used ** *** *****....

* ***'* **** **** that *****, *** *'* like ** **** *** explanation *** *** *** 7 **** ********, *** if ** *** **** this ** ** *** case * ***** ** has ****** ******* *** appealing *** *********.

* ***** **** *** pursued ********* ******* ***** ignored *** *****-******** *** guidelines ********* **** ** has ** **** **** before ******** *** *** technology - ***** ** didn't **.

**** ************ ******** *******

* ***** **** **** means ** **** ** out ** ** ******** signed ******* *****, **** the **** ****** ***, i.e. ***** * **** not ******** ********** ** all. ** ***** *** IT *******'* ******** ***** is: '***, ** *** students *** *** ** this, *** **** ***, but ** ***** *** sanctioned'.

*******, **** ******* **** students ***** *** *** no **** ****** ***** the ****. *** **** issue *********** ** *** data ********** ********* ** the ***** ********* ******* students *** *** ****** ("** ** ***** **** the ******* ** ** a ********* ******** [** the ******]"), ******* ******* cannot ** "****** *****." There ** ******* ** the **** ******** **** factor **** ******* **** data ******** ****** ** opt ***. ******* ******:

** ***** ** ****** that ******* ** ****** given, ******* ****** *** provide * ***** ***** ground *** *** ********** of ******** **** ** a ******** **** ***** there ** * ***** imbalance ******* *** **** subject *** *** **********, in ********** ***** *** controller ** * ****** authority

***** * **** *** facially ********** ** ***

**, *** **** **** work ************? ** *** camera *** ** ** such * *** **** the ******** *** ***** out *** ********** ***** the **** **** *** facial *********** ****** ** covering?

***** * **** *** opted *** **** *** being ******** ********** ** the ***** **** **** did *** ******* *******/********* that ******* *** ******** to ***** **** *** record ***** **********, ** was **** **** *** other ** ****, *** the ******* *** ******:

*** *********** **** *** been ********** *********** **** ** *** form ** ****** ****** as **** ** ***** and **** *****.

** ***** * **** never ******** ***** **** to ** **** ** the ******. *** ****** was *** * **** controller ** ***** ********** information. **** **** **** not * ***** ** the ****.

*******, ***'** ******* **** if ***** * **** were ************ ***** ****** by * ************ ******, even ** **** ****'* provide ***** **** ********** and **** **** *** being *******, **'* ***** considered ********** ********** **** requires ***** *******, ** we *** **** ****** ** ************ *** *********** ***** states **** **** ******* need ******* **** ******** being ******, *** **** the ****:

*** *** ***** ****'* unclear **** *** ******* DPA's ****** ** ******* there *** * ************ camera ** *** ********* recording *** *** ********, or ** ******-******* **** system **** ********** **** student ************ (*** ******* via * ****** *********** terminal):

** ** *** ** access *******-**** ******, ***** would ** ** **** issue **** ***** * students *** *** *** consent, ** **** ***** easily ***** ***** ****** altogether. *******, ** ***** was * ************ ****** filming *** ***** *********, for ** ** ** fully **** *********, ** would **** ** ***** filming *** ***-********** ******** - ****** ** ******** them **** *** ******'* FoV ** ***** **** kind ** ******* ******.

*'** ******** ** **** the ******* *** ****** what **** ** ****** was ** *** *** will ****** **** ******* upon ********.

"** ***** ** ****** that ******* ** ****** given, ******* ****** *** provide * ***** ***** ground *** *** ********** of ******** **** ** a ******** **** ***** there ** * ***** imbalance ******* *** **** subject *** *** **********, in ********** ***** *** controller ** * ****** authority"

"*** **** ***** *********** by *** **** ********** authority ** *** ***** imbalance ******* ******** *** the ******"

*** *** *** *********** agencies ********* ****** *** EU **** ******* *** facial *********** ***** ***************** * ***** ********* of ***** ** ********?

**** ** * **** question *** *** *** correct **** ***** ** always * **** ********* of ***** ******* ** individual *** * ****** force. *******, ** *********** are **** ***** ** this, ***** ** *** they ***** ***** *** the "*******" ************* **** the ****'******** *- ******* **** *** the "*********** ****** ********" justification, ***** ** ****** separate *** *****:

*** **** **** *** cover *** *** ** personal **** *** *** enforcement ********. ***** ** a ******** ***** ********** that ****** **** ****** the *** *********** *********.

***'** ******* ******, ***** about ** ******* *********** #1. ****** *** ****'******** *('******** *****') ********** ******** law ***********:

****** *********** ************* ******* ******* ********** of ******** **** **** facial ***********, ******* ** is *********

***** ** ******* **** where ******** *********, ******* to *********** ********** *** the ****** *** ******** of *** **** *******

*** ********** **** **** meet *** ** *** three ********* **********:

****** ***, ** **** for ** ****** ** obtain ******* *** ****** recognition.

** * ***...

*** ********** *** ** used ** *** ***********, but *** ****** ****.

**** ****** ****.

***** ** ***** * need ** ** ***** about ******* (******** *****) and ************* **** *** law ***********, **** **** sure **** ****** ******. Transparency **** * **** way ** ******* **** of ***** ******. ** someone *** *** ******** this ********** (**) *** over ** ***** (********* in ******** ** ****), we ******* ***** ******* long ***.

**** **** ** ** are ********* ** ** that ********** *** ****** its ********** ** *** GDPR **** *** ********** Consumer ******* *** ** the ***** ** *** FCC’s *********** ** *** Neutrality **** *** ********* of *** **** **** Internet *****. *’* *** saying ****** ** ***** laws *** *** ‘** all’ ‘*** ***’ ******** toward ******** *** ****** privacy **********, *** ** least **** *** ** and ********** ********** ***** was ** ***** *** both *** ****** **** faith ******* ****** ********** address *** ****** ******* protection.


**** ** ********** ** more ******* ****** ********* Net ********** *** *** current ***’* ******* ** acknowledge, *** ***** *******, the ******’* ****** ********* Internet ******. *** ******* FCC, ***** *** ************ of **** ***, ****** Verizon ******, *** ******* developed * ******* **** of ******* ** ****** the **************, ******* *********, redlining, ********, **********, **** prioritization (“************** *** *** purposes ** ****** *****, not *** ****** ****** or *** *********** ********”), and **** ****-****** — “the ******** ** ********* certain ***** ** ******* from ******** ******* * data *** (***** ***** an ********* ******* *** ISP *** *** ********)” to ******** *** **** Open ******** ***** ***** the ****** *** ************ Tom *******.

***** ** ** **** Face *** ** ****** among ********** ** *** fact **** *** ********* signal, ****** *** ****, is ****** ** ******* 24/7. ** **** ** would ** ********** ** it ****'*.

** *** *** ****** about **** *******? *** iris *** ******, **** protection ***** *****. *** isn't * **** ******* taken *** ********' **********? License? ******** ** ************ all *** ****? **** is *** ***** ** penalties *** *** ************ data ** ******** ** safeguard?

****, ** *** **** place */* *** ********* of *** ********** ***** identified *** ***. **** most ***** ********** ***** is ******* * ***** interaction. **** ***** ** another *** ***** ** could ** **** */* user ******* ** *** taking *****. **** ** why ****** *** ************ about *** ****** ** surveillance *******. *** **** issues ***** ** *** use ** ******** ****, including **********, ** ** just *** **** **** the ** *** **** can **** ********* *********** realities. ** **** **** opt-in ***** **** ****** as ****'* * **** in *** ******* **** assessment.

*** ********* ** **** sure *** ****** **** in*****

******: ** *'** **** added ** *** ****, the **** *** **** appealed ** *** ****** on ********* *,********* ** ** *******************, * ******* ***** for ***** ***** ********, which ****:

*** ******** *********å'* ******** to ******. ** **** be ** *********** ** deepen *** ******* *** Data ************'* ******** *** conclusions. ** ******** ******** and ******* ** *** members' ******* *** ****** development ** * ******* age, ********* *********,******** ** *** ********** of ************ ** ***.

**** **** ***** **** and ****** **** ** is *******.

Login to read this IPVM report.

Related Reports

30 Million Criminal Face Database Tested (Captis Intelligence) on Apr 27, 2020
30 million criminal mugshots are now available for facial recognition...
The US Fight Over Facial Recognition Explained on Jul 08, 2020
The controversy around facial recognition has grown significantly in 2020,...
The Next Hot Fever Detection Trend - $100 Wall-Mounted Units on Jul 06, 2020
The first wave of the booming fever detecting market was $10,000+ cameras,...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Avigilon Open Analytics Tested on Apr 16, 2020
After years of effectively closed analytics, Avigilon decided in late 2018 to...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing...
Startup Solink $17 Million USD Fund Raise Expands To Mass Market on Jun 24, 2020
Solink has raised ~$17 million USD, a sizeable round for the company that...
ISC News Fakes Fever Screening, Falsely Quotes FDA on Jun 18, 2020
ISC News, the Reed publication behind the ISC East and West trade shows, has...
Terrible Convergint Coronavirus Thermal Camera Recommendation on Apr 01, 2020
A week after Convergint disclosed falling revenue, pay and job cuts,...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
ZeroEyes Presents Firearm Detection Video Analytics on Jul 09, 2020
ZeroEyes presented its Firearm detection Video Analytics system at the May...
Camio Presents Coronavirus Social Distancing Analytics on Apr 20, 2020
Camio presented its social distancing analytics for responding to coronavirus...
USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and...
Deep Sentinel Presents Crime Response For Business on Jun 11, 2020
Deep Sentinel presented its anti-intrusion and live response for home and...
Injes Tiny Temperature Terminal Tested on Jul 17, 2020
While temperature terminals have trended bigger, the Injes DFace801 is...

Recent Reports

Taiwan Lilin NDAA Compliant Cameras Tested on Aug 13, 2020
Taiwan-based manufacturer Lilin is taking direct aim at Dahua and Hikvision...
White House Expands Dahua Hikvision Blacklist To Federal Funding on Aug 13, 2020
The White House is expanding the NDAA to blacklist anyone who "uses" banned...
Actual Coronavirus Testing Options Examined on Aug 13, 2020
Fever cameras have emerged as an indirect and flawed way to test for...
Video Analytics Online Show September 2020 Opened - Axis, Avigilon, Bosch, BriefCam, Genetec, Milestone + 30 More on Aug 12, 2020
IPVM's sixth online show will feature 35+ Video Analytics companies...
The German Company Powering Many China Temperature Tablets (Heimann) on Aug 12, 2020
Many fever tablet suppliers market German-made Heimann thermal sensors while...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Access Control Course Fall 2020 - Register Now on Aug 12, 2020
IPVM offers the most comprehensive access control course in the industry....
Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...