UK ICO Denies IPVM GDPR Complaint Against IFSEC, Decides Each Exhibitor Responsible

Author: John Honovich, Published on Dec 06, 2018

The UK Information Commissioner's Office (ICO) has denied IPVM's complaint against IFSEC for misuse of facial recognition.

Each Exhibitor Responsible

Importantly, the ICO has determined that, contrary to UBM's claim, each exhibitor is responsible for conforming. In a December 5, 2018 message to IPVM, the ICO explained:

Each Exhibitor could be regarded as an independent and separate data controller of their propriety equipment who would be responsible for ensuring it fulfils its fair processing obligations.

The ICO contrasted this to UBM / IFSEC, saying:

UBM does not actually process or retain any personal data captured by facial recognition technology during the IFSEC convention.

IFSEC Registration Consent Not Applicable

To the contrary, UBM told IPVM at IFSEC 2018 that the data notice on the back of attendees’ badges provided consent for their exhibitor's facial recognition. Read it here and see it below:

Given the decision of the ICO, IFSEC's consent will not cover their exhibitors for data processing such as facial recognition.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Challenge For Exhibitors

This creates a challenge for exhibitors as, according to the GDPR, which went into effect in May 2018 and to which the UK is party to, biometrics processing like facial recognition is considered a "special category of personal data" and is generally prohibited with important exceptions.

One of those exceptions is informed consent with specified purposes. Article 9, section 2(a) of the GDPR states that biometrics are allowed if:

the data subject has given explicit consent to the processing of those personal data for one or more specified purposes [emphasis addded]

Article 7 also states consent notices must be written:

in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language [emphasis added]

No Consent At 2018 IFSEC Show

No consent was requested by any IFSEC 2018 exhibitor using facial recognition that we visited.

Going Forward

The ICO decision here will help clarify the responsibilities that exhibitors and vendors have when they use facial recognition but raises questions of how exhibitors will actually conform with GDPR when using facial recognition.

1 report cite this report:

GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
Comments (1) : PRO Members only. Login. or Join.

Related Reports

UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...
How China's Pay By Facial Recognition Works on Apr 02, 2019
Many social media posts have variously celebrated or warned about the growing use of facial recognition for payments in China. An example of one...
Huawei Sues US Government Over NDAA Ban on Mar 07, 2019
Chinese telecom giant Huawei is suing the US government over the NDAA ban, arguing that key provisions in it are unconstitutional.  NDAA Section...
Austria’s First GDPR Fine Is For Video Surveillance on Jan 29, 2019
Should EU businesses be concerned if police see a business' surveillance cameras filming public areas? This is what happened with Austria’s first...
UK Fines Security Firms For Illegal Direct Marketing on Jan 16, 2019
Two UK security firms have paid over $200,000 in fines for illegally making hundreds of thousands of calls to people registered on a government...
UK: Private Video Surveillance Complaints Down Since GDPR on Jan 09, 2019
The arrival of the GDPR on May 25, 2018, brought fears the law would spark a massive increase in privacy complaints about security camera use....
ASCMA / Moni Problems Deepen, Lenders Terminate Support Agreement on Dec 28, 2018
Ascent Capital Group, aka ASCMA, currently branded Brinks Home Security, formerly known as Moni and Monitronics faces a troubling end to a rocky...
Sublethal Camera Gun Examined on Dec 06, 2018
Sublethal is a South African company that manufactures a remotely-controlled, camera-enabled gun called the Boomslang, which is Afrikaans for tree...
ADT Wins Fire Death Suit But Faces Appeal on Dec 05, 2018
ADT/Protection 1 has won a wrongful death court case in which it was sued by the estate of a deceased customer. However, the attorney for the...

Most Recent Industry Reports

H.265 Usage Statistics on Apr 19, 2019
H.265 has been available in IP cameras for more than 5 years and, in the past few years, the number of manufacturers supporting this codec has...
ACRE Acquires RS2, Explains Acquisition Strategy on Apr 19, 2019
ACRE continues to buy, now acquiring RS2, just 5 months after buying Open Options. One is a small access control manufacturer from Texas, the...
Access Control Course Spring 2019 - Last Chance on Apr 19, 2019
Register for the Spring Access Control Course. IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer...
Riser vs Plenum Cabling Explained on Apr 18, 2019
You could be spending twice as much for cable as you need. The difference between 'plenum' rated cable and 'riser' rated cable is subtle, but the...
Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
Milestone Drops IFSEC on Apr 18, 2019
Milestone has dropped out of Europe's largest annual security trade show (IFSEC 2019), telling IPVM that they "have found that IFSEC in EMEA no...
The Fastest Growing Video Surveillance Sales Organization Ever - Verkada on Apr 17, 2019
Verkada has the fastest growing video surveillance sales organization ever. In less than 2 years, they already have more salespeople in the US...
Door Operators Access Control Tutorial on Apr 17, 2019
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...
Securadyne CEO: IPVM 'Entertaining For An Ignorant Few' on Apr 16, 2019
Securadyne's CEO Carey Boethel is unhappy with IPVM's report - Failed Integrator Rollup, Securadyne Sells to Guard Giant Allied. Indeed, he...
Dahua Repositionable IR Multi-Imager Camera Tested on Apr 16, 2019
Dahua has released their first repositionable multi-imager camera, the Multi-Flex 4x2MP, claiming integrated IR, true WDR, and flexible...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact