What Does GDPR Mean for Intelligent Video?

GDPR allows for increased protection of consumer privacy within the ever-evolving, contextual, technology-driven world.  Intelligent video surveillance has a bright future, thanks to increased demand for business intelligence and improved physical security.

From a safety perspective, intelligent video has the potential to turn a threat response from a reactive measure into a proactive action. Using AI, intelligent video cloud surveillance learns what a safe scene should look like and responds accordingly. Consider an office building using human detection to determine if an unauthorized individual is on the premises after hours. If the behavior seems suspicious—perhaps they’re moving quickly or not moving in one decisive direction, etc.—smart video can alert a guard to check out the area and take action. Integration with additional sensors could even proactively lock doors if suspicious behavior is detected.

Intelligent video can also play a role in improving the customer experience. Contextual-based experience is enhanced with leveraging video data. If a family passes by, they might see a trailer for the latest Pixar flick.

These examples, applied broadly, are game changers for how consumers live and interact with the world around them, especially when they receive content or assistance tailored to their needs and preferences.

GDPR in the World of Intelligent Video Surveillance

The EU’s General Data Protection Regulation (GDPR) governs the use of personally identifiable information (PII) by organizations. PII includes data such as name, address, IP address and  more.

While intelligent video surveillance is still an emerging field, its use requires responsible data practices. A person’s image itself is considered PII in the EU, but there’s also plenty more data to glean contextually.

GDPR is an EU regulation, but the regulation covers any EU citizen’s data, regardless of where they are located in the world. In fact, if an American organization is looking to do business with a company that has any offices in the EU, that company may be required to comply with GDPR regardless of whether EU citizens will be involved. So, as new intelligent video use cases arise, organizations around the world need to consider data privacy in the development of their smart video strategies—not just in the EU. Preparing for GDPR compliance outside of the EU will likely pay off soon, anyway: California recently passed a narrower version of the GDPR in an effort to make it more difficult to store and sell consumer data.

How Intelligent Video Users Can Comply with the GDPR

The vendor behind an intelligent surveillance solution certainly should be doing everything in its control to assist customers in complying with GDPR through the use of its technology. However, the user still must be aware of GDPR guidelines to ensure they’re complying in their daily use. Here are some points to keep in mind.

  • Notify those under surveillance: The GDPR mandates that consumers must be made aware immediately when their data is collected. Video data is no exception. If an area is under video surveillance, the organization must disclose that information via notifications clearly displayed throughout the area.
  • Adhere to retention periods: Per the GDPR, organizations cannot retain consumer data forever. The rule of thumb is “as long as required and as short as possible (and only to serve intended purpose).” An organization should keep all data for a uniform period of time, though certain high-risk areas may be required to be kept for longer. For example, high-risk data such as financial information stored within a bank is kept for a longer period of time than a supermarket chain maintains consumer data.
  • Ensure secure storage: Consumer data should be encrypted from end to end. It would be a disservice to consumers to collect their data and then lose it to a hacker in a data breach—not to mention a PR nightmare that could potentially bring down a company. By implementing end-to-end security for video data, the entire data flow is secure. Capabilities around general network security are always improving, so there’s no excuse to not be engaging with the most current best practices within the security realm.
  • Release when requested: Consumers have the right to ask for a record of their data at any time. With that in mind, it’s important to not only have a secure way of managing consumer data, but also a way to quickly and efficiently report it to consumers on request. In addition to this, organizations need good policy on how to verify a requester’s identity as well as anonymizing the data of others surrounding the individual in any of the video that is returned as part of the request.

The potential for intelligent video surveillance and its impact on the way we live our lives is significant. The implementation of GDPR improves on that impact, and respects consumers in the way their data is used. Make sure your organization is doing its due diligence and adhering to GDPR regulations in its use of intelligent video.

Featured eBook
The State of DevSecOps

The State of DevSecOps

For years now, IT’s mantra has been “move quickly and break things.” To increase agility, companies adopted innovative and quick development practices. Great redesigns took place in the wake of DevOps. However, in this rush to implement forward-thinking practices, many teams eschewed security. No longer can institutions disregard security requirements within their DevOps environment. The ... Read More
Security Boulevard
Andreas Pettersson

Andreas Pettersson

As Arcules CEO, Andreas Pettersson is leading the Arcules team in boldly creating the Video Cloud IoT as a Service category for enterprise companies. Prior to becoming CEO, Andreas was Chief Technology Officer from the formation of the company in 2017. Andreas is an executive leader with more than 10 years of international business development, engineering & product management leadership experience. Andreas joined Milestone Systems in 2010 and held Product Manager and VP of Professional Products positions before joining Incubation & Ventures at the end of 2012. In 2014, He relocated to Silicon Valley, CA USA. As US Director for Product Management & Marketing, he created teams within the fields of hardware & software engineering, product & marketing management, user experience (UX), and business development.

andreas-pettersson has 1 posts and counting.See all posts by andreas-pettersson