On 10 July 2019, the European Data Protection Board (EDPB) adopted its Draft Guidelines on the processing of personal data through video devices. CDT welcomes the opportunity to submit some comments as input for the EDPB’s final Guidelines.
CDT appreciates that the guidelines highlight the “massive” data protection implications of a free adoption of facial recognition technologies.
We agree with the EDPB that video surveillance should remain the exception and not the rule, even when talking about security purposes. The Draft Guidelines reiterate that organisations must justify their use of video monitoring, even for security-related purposes, but the EDPB should provide more guidance and clarification as to how this must be done initially and over time.
We appreciate the Draft Guidelines proposal to encourage multi-layered notices. However, we think that merely appending biometrics and profiling disclosures to existing CCTV signs is not adequate.
Furthermore, any such transparency effort should also be separated from any discussion of consent by a data subject to the use of FRTs.
Finally, we think that care should be taken that datasets built with facial analysis algorithms are developed in an ethical and transparent fashion. The EDPB is well-positioned to clarify how organisations may process video and image data for research purposes to improve FRTs and facial analysis algorithms.