EDSA: Video Sur­veil­lan­ce Gui­de­lines (Draft)

English 
English  Deutsch  Français 

Content 

The Euro­pean Data Pro­tec­tion Board has issued a noti­ce, dated July 10, 2019, to the Draft gui­de­lines on video sur­veil­lan­ce (“Gui­de­lines 3/2019 on pro­ce­s­sing of per­so­nal data through video devices”). The draft was open for public con­sul­ta­ti­on until Sep­tem­ber 9, 2019.

The gui­de­lines com­ment on the fol­lo­wing topics, among others:

  • sub­stan­ti­ve appli­ca­bi­li­ty of the GDPR (but not inter­na­tio­nal appli­ca­bi­li­ty). It remains open when the recor­ding of a crowd leads to per­so­nal data. In Switz­er­land, this que­sti­on would have to be ans­we­red on the basis of the Logi­step cri­te­ria. The EDPB pro­ba­b­ly assu­mes that this is per­so­nal data.
  • Legal basis in the sen­se of Art. 6 and 9 DSGVO (detail­ed ins­truc­tions of the EDPB)
  • Dis­clo­sure of records to third par­ties, in par­ti­cu­lar also to authorities;
  • Pro­ce­s­sing of spe­cial cate­go­ries of per­so­nal data.
    • Wel­co­me is the rene­wed cla­ri­fi­ca­ti­on that a pho­to­graph of a per­son wea­ring glas­ses or even in a wheel­chair is not a spe­cial cate­go­ry of per­so­nal data per se, but only then, if the recor­dings are used to deri­ve cor­re­spon­ding fin­dings (“if the video foota­ge is pro­ce­s­sed to dedu­ce spe­cial cate­go­ries of data”). This is in line with the posi­ti­on of the FDPIC that the qua­li­fi­ca­ti­on of abstract­ly sen­si­ti­ve data as par­ti­cu­lar­ly valuable or as a per­so­na­li­ty pro­fi­le also depends on the con­text of use.
    • The same applies to bio­me­tric data. Video recor­dings are not bio­me­tric data per se.
  • Data sub­ject rights:
    • Expl­ana­ti­ons on the rights of the data sub­jects; also on the rea­sons for excep­ti­ons, e.g. if the­re are seve­ral data sub­jects on video recor­dings and the recor­ding may the­r­e­fo­re not be released;
    • The EDPD con­firms that “dele­ti­on” in the sen­se of the dele­ti­on cla­im can occur through irrever­si­ble pixel­a­ti­on. (Inci­den­tal­ly, this is also con­firm­ed by the View that anony­mizati­on is an era­su­re equi­va­lenti.e. legal­ly equi­va­lent in prin­ci­ple to a deletion).
  • Trans­pa­ren­cyHere, the EDSA repeats the recom­men­da­ti­on to work with seve­ral infor­ma­ti­on lay­ers (“laye­red approach”);
  • Reten­ti­on and dele­ti­on;
  • Safe­ty mea­su­res inclu­ding pri­va­cy by default and by design.