Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

EU-DSGVO - high penalties of up to 20 million euros - he possibility of identifying a person is sufficient here!

Answered
Christian Haarstick

Hi,
this function is a legal requirement for all large companies and projects. IF NOT They risk high penalties of up to 20 million euros, Companies such as ALDI LIDL or McDonald have to install software that allows "anonymization" of persons, thus preventing the identification of a customer, but also the evaluation of the work performance of individual employees. On the platform Nvidia Nano ... with Deeplearning AI/KI Engine, an implementation via the Nvidia SDK Deepstream could be possible within a week (proof of concept). Other manufacturers implement the function on an INTEL processor or on an INTEL server with an Nvidia GPU, which can also execute the neural network for face recognition. So a solution for ARM, INTEL with Nvidia GPU would be realizable also for the Networkoptix solution.

 

The data protection regulation applies to:

all companies based in the EU.

However, non-European companies must also comply with the new regulations. But this only applies if they do:

have a branch in the EU or
process personal data of EU citizens
The most important link in the scope of the basic data protection regulation: personal data. This is all information relating to an identified or identifiable person. "Identifiable" means a person if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or other special characteristics. The possibility of identifying a person is sufficient here!

 

0

Comments

2 comments

Date Votes
  • Tagir Gadelshin
    • Network Optix team
    Edited

    Hi, Christian Haarstick
    Thanks for the feedback!
    can you please elaborate, what kind of person identification you need?

    As I understood, you need a solution, that will recognize who is an employee and who is not? So there should be some employees faces database and some face recognition solution that will match them, right?

    I think all those shouldn't be a part of Nx Witness, it sounds like some AI face rec plugin solution. We have several Face Recognition plugins listed in our integration store: https://nxvms.com/integrations?tags=faceRecognition

    I'm sure that there could be some ready-to-integrate or even already works-with-Nx solutions from other vendors, that can provide this functionality. But I can't come up with specific names at the moment. But maybe my colleagues know

    @...
    Norman
    can you help us here?

    0
  • Norman
    • Network Optix team

    Hi Christian Haarstick,

    If you are looking for a solution that can offer face pixelation, you could reach out to Xccelo GmbH. They offer multiple AI based solutions that work with the Nx Witness VMS and one of them is face pixelation. 

    -----

    One side-note, I'm no lawyer or legal advisor, but I assume the DSGVO is the German implementation of the GDPR law, which is the primordial law regarding privacy of people in the EU. 

    In the GDPR there is no requirement in this law that enforces face pixelation. Anyone that made such claim, wasn't able to show me the applicable text in the GDPR or any other law.

    You can still use a video surveillance system as you used to do in the pre-GDPR era. The biggest difference between the GDPR and the pre-GDPR era is documentation, proportionality and the following rights for individuals:

    1. The right to be informed
    2. The right of access
    3. The right to rectification
    4. The right to erasure
    5. The right to restrict processing
    6. The right to data portability
    7. The right to object
    8. Rights in relation to automated decision making and profiling.

    If you really want to go deep in readable text regarding the GDPR, I would recommend this LINK of the ICO UK. 

    This won't mean that any supermarket visitor can ask to see all footage that contains images with him/her on it. Such request will be considered excessive or unreasonable. 

    Also, erasure can't be demanded on the spot since such request should be fulfilled within a month. Most European countries have laws for the data retention time of max 5, 7, 28 or 30 days, so when the VMS is set up correctly, the data will be automatically deleted before the month has passed. 

    That being said; any solution that relates to the processing of personal data should be proportional and documented. 

    I have seen cases where companies weren't allowed to store video data for longer than 72 hours since any shoplifting or burglary would likely be discovered with those 72 hours and thus there is sufficient time to collect the relevant data, which can be kept for a really long time (until all court cases are finished in relation to the crime).

    Obviously the presence of a surveillance system should be announced before people enter the shop, so they can make a choice to shop somewhere else. Therefore, government surveillance systems are held to a more strict law, since you can't limit peoples free movement in the public domain. 

    Also, I know about science projects where wildlife was being monitored and data was stored for months and this was absolutely fine and people that accidentally were filmed were considered as collateral damage since it was fair to expect no person would have been filmed. 



    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post