Anonymization & GDPR: How to comply with data protection laws in video security
Anonymizing video streams enables companies to work proactively with data privacy. It greatly reduces the chances of paying large fines for cyber security breaches by making personal data unidentifiable.
Due to ethical concerns surrounding data privacy, governmental bodies across the world have begun addressing the need to regulate the handling of personal data. The EU has been at the forefront of legislation since the introduction of the General Data Protection Regulation (GDPR) in 2018. The GDPR shifts the responsibility of ethically handling and storing personal data to the organizations that gather it. Companies operating within the EU, or handling data of EU citizens, must acquire consent from “data subjects”, be transparent about what data is being collected, provide valid reasons for the need to store the data, and must show that they are able to keep the data secure.
The GDPR defines anonymization as “personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable”. By anonymizing video streams, security providers fulfill this requirement by making sensitive data subjects captured on video completely unidentifiable. Therefore, even in the event of a cyber security attack, personal data is protected.
Protect your company from data breaches and large fines
Irisity’s anonymization technology has been developed to align with the GDPR’s “Privacy by Design” (Art. 25) directive. With anonymization, users are able to de-identify individuals and mask out unwanted sections of a camera’s field of view – thus adhering to the legal requirements of the GDPR. In use cases where a liftable mask is preferable to a fully-destructive one, the anonymization technology could also be used with the ethical perspective in mind – avoiding unnecessary exposure of personal privacy.
“I don’t operate in Europe, so why should I be interested in anonymization?”
With fines for breaching GDPR laws of up to 4% of the company’s annual turnover, operating within the legal guidelines of GDPR is in the best interest of both individual privacy and the financial well-being of the organizations that handle personal data. But the EU is not alone in its efforts to regulate personal data handling. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the UAE’s Personal Data Protection Law, and the US’s state-to-state legislation, such as California’s Privacy Rights Act (CPRA), have all laid the foundation on which their respective citizens’ personal privacy can be protected. Although each group of laws differs in severity and intent, they are all aligned with the goals set out by GDPR. The adoption of these new data protection laws points to a growing demand from the public for better control of their personal privacy.
A new era of video surveillance
Video surveillance has been integral for maintaining safety and security in both public and private spaces for decades. However, in today’s increasingly digital world, it’s clear that new solutions like the anonymization of CCTV video streams are required to facilitate compliance to ethical data handling practices and to the current and future legal guidelines in the security industry. At Irisity, we believe that enhanced AI performance, ethics, and privacy go hand in hand – creating a positive mark on the camera security industry.
Written by Christopher Jacklin
With the ever-growing power of AI, countless hours of video footage are now a wealth of actionable data. However, if put in the wrong hands, this data can also be used for a variety of purposes that extend far beyond safety, security, or efficiency.
More and more municipalities are applying for permits to install their own security cameras in public places. Skellefteå municipality applied – but did not get approval from the Privacy Protection Authority. Now they are now installing anonymized cameras instead.