UK ICO rejects privacy complaint about Dahua’s use of facial biometrics at IFSEC
The United Kingdom’s data protection agency has made face recognition demonstrations using unsuspecting industry conferencegoers legal so long as three requirements are met.
The Information Commissioner’s Office denied a privacy complaint by Pennsylvania-based publisher IP Video Market filed last year against a Chinese surveillance camera vendor that used facial recognition systems on conferencegoers without their consent.
IP Video Market accused Zhejiang Dahua Technology Co. Ltd. of violating the European Union’s general data protection regulation, or GDPR. Employees of Dahua captured and displayed images of people attending the International Fire and Security Exhibition and Conference, or IFSEC.
At issue was whether people on a conference floor can expect not to be pulled into a public product demonstration of biometric technology without asking. Executives with the publisher felt that the EU regulation required explicit consent.
They saw some “natural persons” being identified as a “stranger,” which, according to the complaint, meant “they were comparing everyone’s face to an existing database of booth staff, as often takes place at security shows.”
IP Video Market said the Information Commissioner’s Office debated the complaint for six months. Dahua’s action was “for demonstrational purposes and not for the purpose of identifying a particular person” at the security industry conference.
Not identifying people was considered a proper step to avoid running afoul of EU privacy regulations. The UK agency also noted that all collected data was deleted and that signs were posted alerting people to the possibility that their image might be captured.