ICO guidance on video surveillance
Developments from the Irish data protection regulator on Facebook’s ability to transfer data the US, new guidance from the UK’s Information Commissioner’s Office relating to video surveillance and a request from the European Data Protection Board for a support pool of experts to assist the body in their activities are this week’s key stories from Samad Miah, Data Protection Consultant at Xcina Consulting.
Stay informed of other key emerging themes as events unfold. Follow our round-up of latest stories and find out what the latest developments mean for you. Our weekly review below helps you decide.
Facebook’s Meta may be required to suspend data transfers to the US
What happened
- A report from the Irish Times suggests that Ireland’s data regulator, the Data Protection Commission, is seeking to suspend Facebook’s ability to transfer personal data from Europe to the US.
- This case has its origins in a complaint by privacy activist Max Schrems, who argues that the protection of personal data is at risk when data is transferred to the US and inappropriately accessed by government authorities.
- Facebook’s parent company, Meta, has 28 days to make submissions on the preliminary decision issued by the Data Protection Commission.
Why it matters
- The decision by the Data Protection Commission can have wide-ranging implications for millions of people, charities and businesses in the EU who rely on data transfers to the US.
Currently, the ‘easiest’ way to transfer personal data to the US is by incorporating Standard Contractual Clauses prepared by the European Commission. - However, incorporating these provisions requires the completion of a Transfer Impact Assessment and an examination of the laws and practices of the recipient country in order to determine the likelihood that personal data may be accessed by foreign government authorities.
- Negotiators for the EU and US have failed so far to agree on a replacement agreement to allow transfers to continue in a more seamless way.
ICO updates its guidance on video surveillance
What happened
- The growth in the use of video surveillance systems across public and private sectors has led to the use of such cameras becoming more accepted in society.
- Video surveillance technology has become more mainstream and affordable, and it is now more common to see technologies such as smart doorbells and wireless cameras.
- The public must have confidence that the use of surveillance systems is lawful and meets the principles of data protection law.
- In light of this, the UK’s Information Commissioner’s Office has developed guidance to help organisations in the public and private sector, who use video surveillance systems to collect and process personal data, to stay within the legal requirements.
Why it matters
- The accountability principle requires organisations to take responsibility for what it does with personal data.
- This guidance states that organisations that use surveillance systems must take a data protection by design and default approach and perform a Data Protection Impact Assessment (DPIA) for any processing that is likely to result in a high risk to individuals.
- This includes monitoring publicly accessible places on a large scale or monitoring individuals at a workplace.
- Additionally, under Article 30 of the UK GDPR, organisations are required to maintain a record of the processing activities taking place – this applies to organisations that use surveillance systems.
EDPB calls for experts to provide support
What happened
- The European Data Protection Board (EDPB) is looking for experts to cooperate with data protection authorities in the European Economic Area on various stages of their investigation and enforcement activities.
- The EDPB ‘Support Pool of Experts’ is a key strategic initiative of the EDPB, that helps data protection authorities increase their capacity to supervise and enforce the safeguarding of personal data.
Why it matters
- The EDPB is an independent EU body established by the EU GDPR, which contributes to the consistent application of data protection rules throughout the EEA.
- The EDPB is seeking to establish a support pool of experts with qualified experts in areas such as behavioural advertising, cryptology and digital law.
- Applications can be submitted here.