GDPR and images – What needs to be considered?
The General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Unfortunately, it has brought with it numerous uncertainties in many professions, such as photographers, drone pilots or any professional group that produces image materials. On almost no topic from the GDPR, there are more publications and opinions on the net. Unfortunately, this has done exactly the opposite of what the authors wanted.
Every production and publication of a photo or video on which persons are recognizably depicted constitutes a processing of personal data since the GDPR has been applied. According to the GDPR, personal data is such information that relates to an identified or identifiable living person, such as name, address but in particular faces. Even if the photo of the person is published without the name, that person is still identifiable because someone could recognize the person. With the often high resolution of digital images, this is increasingly to be assumed. In theory, facial recognition software could be used here. It is also independent who takes the photos: whether man or machine, commercial or private. In the case of automated recording, the responsibility of the owners of the recording system is the responsibility. The publication is the making available to a theoretically unlimited public, i.e. also publishing in online portals, blogs or social media. It is important to know that the GDPR also applies to areas where photos that have already been taken are stored, processed or distributed. The responsibility lies with the respective user of the image material or its legal representatives, e.g. management.
In principle, the GDPR applies to the recording, storage, processing or distribution of any photograph, camera or video recording. Excluded is the recording of images or video in the private sphere for exclusively private, non-public use. There are also exceptions for journalistic activities. For all other cases where publication is made, the GDPR shall be taken into account. Note: The case law of commercial companies is often interpreted consistently.
Classic application examples to which the GDPR applies:
- Photographs of any kind showing people’s faces
- Photos and videos at trade fairs and events e.g. the photos of the exhibition stand
- Photos of company areas, products, etc.
- Drone footage of any kind, for example. Departure and control of building fasades
- Automated photo or video recordings on e.g. railway systems, roads or at events
There are two ways to trade GDPR compliant:
- Inform: Since the GDPR, the obligation to provide information (Art. 13 GDPR) has been in place. This means that before each photo, the photographer must know: Who is taking pictures? What happens to the photo? To whom will the data be passed on? When will the photos be deleted? What rights does the person photographed have? Note: An oral obligation to provide information is not enough! The person photographed must expressly consent to the use of the image material. For example, a written permission could look like this: The participant hereby agrees that personal photos and/or film recordings will be taken at the event, which will be used for advertising purposes in print products or on the Internet.
- Rework pictures or videos – make faces unrecognizable: Obtaining a permit is not possible in many cases, such as drone footage, trade fairs, etc. A more efficient way is to make personal information unrecognizable and, for example, to pixelate the visible faces. There are some, even free face-seampers. However, faces often have to be marked manually here, or systems with automatic detection often only function unreliably. Own tests showed that more than 50% of faces were not recognized. In addition, faces were detected in areas where no people were depicted. Based on these tests, we have decided to develop tailor-made solutions for our customers.
DENKweit is a leading company in the field of image and object recognition. We have developed a cost-effective and simple solution to automatically and reliably hide and pixelate faces on photos and videos. We therefore make any recordings cost-effective, reliable and quickly GDPR compliant. Whether a few images or millions, integration into your service and product or stand-alone. By the way: This solution is included in our own products.
Would you like to integrate the solution on premise or into your own product? Just contact us!
Automated pixelation of faces on any image rye (photos and video)