Retailers are increasingly using facial recognition technologies to track customers in-store.  This technical innovation has positive connotations for both, retailers and customers, by targeting loyal clients and higher spenders, and improving users’ store-buying experience. However, a special emphasis should be placed on privacy issues, so as not to compromise data subjects’ fundamental right to data protection.  The Spanish Data Protection Agency (AEPD) issued some guidance on this hot topic (0328/2012 and 0392/2011).  In this post, we look at the issues retailers need to factor in order to stay on the right side of data protection law. Facial recognition systems may be considered highly invasive, since images can be captured and processed from a range of viewpoints without the knowledge of the data subject. As pointed out by the Article 29 Working Party, even when a data subject is aware that a camera is operating, there may be no … Continue Reading ››
On 2 February the ICO announced that it had published a new code of practice relating to privacy notices, transparency and control, which aims to keep pace with the increasingly complex digital landscape and also take into account the broader transparency rules under the GDPR.  The ICO’s current guidance, from 2010, is here. ‘Transparency’ under the GDPR Although organisations are already required to provide certain details in relation to the identity of the data controller and the purposes for which the data is being collected, the GDPR will increase the amount of information which must be provided to individuals, including the rights available to them, information on data transfers and the source of the data.  All information must be presented in a concise, transparent, intelligible and easily accessible form, using clear and plain language and tailored to the specific audience (including children).  Organisations which fail to meet these requirements … Continue Reading ››
Safe Harbour – what’s new? Yesterday, the European Commission announced that it had agreed a new framework with the US for data flows between Europe and the US, christened “EU-US Privacy Shield”.  This would replace the former Safe Harbour agreement, which was invalidated by the ECJ on 6 October last year, and allow a mechanism for companies to legally transfer data relating to EU data subjects between Europe and the US.  Datonomy watched the Article 29 Working Party (“A29WP”) press conference given by the Chair, Isabelle Falque-Pierrotin, at midday today (following which a formal statement was released) and brings you the key points on the current status and next steps for Privacy Shield. What is the status of the new EU-US Privacy Shield? Whilst the European Commission may have reached an agreement, Privacy Shield is far from a done deal it seems.  The A29WP was not included in the negotiations relating … Continue Reading ››