What is the GDPR?
The General Data Protection Regulation (GDPR) is a European law about data privacy that sets rules for the collection and processing of personal information from individuals. It was approved by the European Parliament and came into full effect on May 25, 2018.
One of the goals of the GDPR is to protect the fundamental rights and freedoms of individuals by creating specific procedures with regards to the processing of personal data, such as name, ID, location, biometric data, ethnic and health information, etc. Under the law, companies must protect consumer data and inform them how it is used.
The GDPR rules govern any actions with personal data by both sides: data collectors, i.e., organizations that collect the data; and data processors, i.e., organizations that process and store data, such as cloud service providers. Violating the regulation can result in large fines and reputational damage.
The process of collecting and using data must be transparent. Therefore, the GDPR requires organizations to publish privacy notices stating the identity of the data controller and providing all the information about data processing. Under the GDPR, individuals have the right to obtain confirmation as to whether or not their data is being processed, where it is being processed, and for what purpose. Read the full text of the GDPR to learn more about the new rights for individuals regarding data privacy.
GDPR and video surveillance
Data controllers with their own compliant video surveillance applications need to strengthen their systems and find solutions that offer such built-in functionality as encryption, authentication, and anonymization to ensure compliance. Thus, even if an unauthorized person gains access to the data, it is not readable without the appropriate decryption key.
A video surveillance system can ensure that the identity of individuals remains anonymous in the following ways:
- Privacy masking, which blurs selected regions, faces, or bodies in recorded video to prevent unwelcome exposure and comply with local regulations.
- Dynamic anonymization, which is the process by which software that monitors actions and movements automatically anonymizes individuals in live and recorded video.
Since the GDPR came into effect, it has brought lots of regulation even to such risky technologies (in terms of data privacy) as video surveillance, which is now in widespread use. Now let's dive into Displayforce video analytics. Spoiler: It's not risky at all, and it fully complies with the law.
GDPR-compliant Displayforce software
Displayforce software is a powerful cloud-based intelligent digital signage solution that provides performance marketing for offline locations. The solution is perfect for businesses that need functionality such as deep personalization of marketing communications and audience analytics. Gender detection, age detection, and traffic detection are used as triggers to play relevant content to consumers according to predetermined scenarios.
Displayforce technology works in compliance with European data protection legislation. The software has no video recording or image capture functionality, nor does it store such data as photos, videos, audio recordings, or anything else which would make it possible to identify specific individuals.
Displayforce technology uses 2D optical sensors only. They are not used as cameras to film and store video footage. Optical information is processed in real time, and demographic metadata (estimated age and gender) as well as information on an individual’s head and body posture are fully anonymized and extracted in real time. The optical sensor is not used to create image data. People are not filmed by the device.
The demographic metadata is gathered and stored purely for analytical purposes: this is the ultimate aim of the data collection. It is technically impossible to draw conclusions about an individual or reconstruct an image based on the stored metadata. Only the following data is taken:
- Gender (male, female)
- Age
- Total time spent looking at specific content
- Total attention span
- Position and distance from installation point
- Routes taken
Our technology is not able to identify an individual, so it is not possible to link the collected data to someone’s loyalty or credit card. Our technology immediately deletes the visual information after extracting the anonymized data within 60 milliseconds.
As a result of using the software, the end user receives analytical and statistical information in the form of graphs and charts containing approximate information about visitors to the location, resulting in increased effectiveness of marketing and improved sales of products and services provided by the end user, as well as improved targeted sales of advertising content.
Learn more about the Displayforce platform’s compliance with the requirements of the GDPR in the Executive Summary provided by Domanski Zakrzewski Palinka (DZP), the largest independent Polish law firm.