UK ICO Denies IPVM GDPR Complaint Against IFSEC, Decides Each Exhibitor Responsible

By: John Honovich, Published on Dec 06, 2018

The UK Information Commissioner's Office (ICO) has denied IPVM's complaint against IFSEC for misuse of facial recognition.

Each Exhibitor Responsible

Importantly, the ICO has determined that, contrary to UBM's claim, each exhibitor is responsible for conforming. In a December 5, 2018 message to IPVM, the ICO explained:

Each Exhibitor could be regarded as an independent and separate data controller of their propriety equipment who would be responsible for ensuring it fulfils its fair processing obligations.

The ICO contrasted this to UBM / IFSEC, saying:

UBM does not actually process or retain any personal data captured by facial recognition technology during the IFSEC convention.

IFSEC Registration Consent Not Applicable

To the contrary, UBM told IPVM at IFSEC 2018 that the data notice on the back of attendees’ badges provided consent for their exhibitor's facial recognition. Read it here and see it below:

Given the decision of the ICO, IFSEC's consent will not cover their exhibitors for data processing such as facial recognition.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Challenge For Exhibitors

This creates a challenge for exhibitors as, according to the GDPR, which went into effect in May 2018 and to which the UK is party to, biometrics processing like facial recognition is considered a "special category of personal data" and is generally prohibited with important exceptions.

One of those exceptions is informed consent with specified purposes. Article 9, section 2(a) of the GDPR states that biometrics are allowed if:

the data subject has given explicit consent to the processing of those personal data for one or more specified purposes [emphasis addded]

Article 7 also states consent notices must be written:

in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language [emphasis added]

No Consent At 2018 IFSEC Show

No consent was requested by any IFSEC 2018 exhibitor using facial recognition that we visited.

Going Forward

The ICO decision here will help clarify the responsibilities that exhibitors and vendors have when they use facial recognition but raises questions of how exhibitors will actually conform with GDPR when using facial recognition.

2 reports cite this report:

GDPR / ICO Complaint Filed Against Dahua on Jun 27, 2019
IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show. In this post, we...
GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
Comments (3) : Members only. Login. or Join.

Related Reports

UK ICO Approves Unconsented Facial Recognition At Security Conferences on Feb 05, 2020
The UK's data protection agency has declined IPVM's GDPR complaint against Dahua for using face recognition without consent at IFSEC last year,...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
First Video Surveillance GDPR Fine In France on Jul 08, 2019
The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing...
GDPR / ICO Complaint Filed Against Dahua on Jun 27, 2019
IPVM has filed a GDPR complaint against Dahua UK's facial recognition conducted at their booth during this year's IFSEC show. In this post, we...
Nortek and SDS Fight Over Failed Settlement on Jun 05, 2019
Distributor SDS said they reached a deal with Nortek but Nortek says no settlement was reached and the suit is still on. In this post, based on...
ADT's Top Dealer "The Defenders" Sued 20+ Times on May 07, 2019
ADT's largest authorized dealer, The Defenders, has been sued more than 20 times since 2012, IPVM has verified through analyzing legal...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...

Most Recent Industry Reports

JCI / Tyco Security Products Layoffs on Jun 05, 2020
Johnson Controls / Tyco Security Products has confirmed COVID-19 related layoffs, expanding upon the April coronavirus cuts the company previously...
EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...