FaceCam's GDPR compliance focus on the fact that it does not store personally identifiable information, conducts only anonymised, aggregated analysis, and strictly uses data for demographic insights without individual profiling. The transparency in communicating this approach, supported by robust security and documentation, will help demonstrate its's alignment with GDPR principles and offer strong grounds for its exclusion from GDPR's direct scope. This document is outlining the key points and arguments on why FaceCam is excluded from GDPR document.
GDPR Principles and It's Applicable Use Case of FaceCam
- Purpose Limitation: The purpose of the data processing is limited strictly to aggregating demographic data and that no individual-level data is retained or processed in a way that could lead to personal identification.
- Data Minimisation: Collect only the minimum amount of data necessary, involves aggregating non-identifiable attributes (gender, age, mood) only.
- Anonymisation and Aggregation: Since the data is aggregated and anonymised, it cannot be traced back to specific individuals. This ensure that no individual's image or biometric template is stored, which supports the argument that it falls outside of GDPR's scope on PII.
- Security Measures: FootfallCam has robust security measures in place, such as real-time processing without storage, secure encryption of data in transit, and access controls. Although individual identities are not stored, security precautions reinforce responsible data management practices.
- Transparency and Signage: FootfallCam encourage retailers to place signage in the store informing customers that demographic data is being analysed for statistical purposes, but personal data is not stored. This transparency aligns with GDPR's principle of informing data subjects about data processing.
Features and Reasons for GDPR Exclusion
- No Storage of Personal Data: Since FaceCam does not store faces or identifiable information, it doesn't process or retain PII. GDPR's scope primarily applies to data that could lead to identifying an individual, and aggregated demographic data without identifiers generally falls outside this scope.
- Anonymised Data Processing: Data that has been aggregated and anonymised to prevent identification of individuals is typically considered outside the GDPR's reach. Since the captured data is instantly analysed and only non-identifiable demographic summaries are retained, FaceCam's operations focus on anonymised, non-traceable insights.
- No Profiling of Individuals: GDPR defines profiling as evaluating certain aspects of an individual to make decisions that impact them personally. Since FaceCam is not creating individualised profiles but merely aggregating demographic data, it doesn't involve profiling that could affect individuals or infringe upon their rights.
Cautions and Considerations for Risk Assessment
- Processing Boundaries: FootfallCam ensure the real-time process is strictly for non-identifiable, aggregated data purposes.
- Technology-Specific GDPR Concerns: FaceCam is not storing, nor leave any biometric "footprint" that could hypothetically be linked to identities.
- Risk of Re-Identification: FootfallCam ensures that there is no realistic way to use the aggregated demographic data to identify an individual.
Other Compliances Involved
- Legal Review and DPIA (Data Protection Impact Assessment): FootfallCam regularly conduct a DPIA to assess and document privacy risks and the measures taken to mitigate the risks.
- Data Retention Policy: Under FootfallCam' data processing network, no personally identifiable data is retained beyond real-time analysis.
- Regular Audits and Privacy-by-Design: Periodic audits and continuous adherence to privacy-by-design principles are being adopted by FootfallCam.