• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Processing of personal data through video devices

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date October 27, 2020

      Guidelines 03/2019 on processing of personal data through video devices

      Paragraph  6.2.1  Right to erasure (Right to be forgotten)

      99. If the controller continues to process personal data beyond real-time monitoring (e.g. storing) the data subject may request for the personal data to be erased under Article 17 GDPR.

      100. Upon a request, the controller is obliged to erase the personal data without undue delay if one of the circumstances listed under Article 17 (1) GDPR applies (and none of the exceptions listed under Article 17 (3)GDPR does). That includes the obligation to erase personal data when they are no longer needed for the purpose for which they were initially stored, or when the processing is unlawful (see also Section 8 –Storageperiods and obligation to erasure). Furthermore, depending on the legal basis of processing, personal data should be erased:

      • for consent whenever the consent is withdrawn (and there is no other legal basis for the processing)

      • for legitimate  interest:   – whenever the data subject exercises the right to object (see Section 6.2.2) and there are no overriding compelling legitimate grounds for the processing, or                                   – in case of direct marketing (including profiling) whenever the data subject objects to the processing.

      101. If the controller has made the video footage public (e.g. broadcasting or streaming online), reasonable steps need to be taken in order to inform other controllers (that are now processing the personal data in question) of the request pursuant to Article 17 (2) GDPR. The reasonable steps should include technical measures, taking into account available technology and the cost of implementation. To the extent possible, the controller should notify – upon erasure of personal data – anyone to which the personal data previously have been disclosed, in accordance with Article 19 GDPR.

      102. Besides the controller’s obligation to erase personal data upon the data subject’s request, the controller is obliged under the general principles of the GDPR to limit the personal data stored (see Section 8).

      103. For video surveillance it is worth noticing that by for instance blurring the picture with no retroactive ability to recover the personal data that the picture previously contained, the personal data are considered erased in accordance with GDPR.

      104  Example: A convenience store is having trouble with vandalism in particular on its exterior and is therefore using video surveillance outside of their entrance in direct connection to the walls. A passer-by requests to have his personal data erased from that very moment. The controller is obliged to respond to the request without undue delay and at the latest within one month.Since the footage in question does no longer meet the purpose for which it was initially stored (no vandalism occurred during the time the data subject passed by), there is at the time of the request, no legitimate interest to store the data that would override the interests of the data subjects. The controller needs to erase the personal data. 

      • Share:
      User Avatar
      Richard V

      Previous post

      Processing of personal data through video devices
      October 27, 2020

      Next post

      Processing of personal data through video devices
      October 27, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now