Screen Data Collection and GDPR



Bidooh Screens & Personal Data

We take the matter of an individual’s personal information and privacy very seriously. The concept of the smart screens is that they can provide statistical feedback on the types of persons who have seen or engaged with the screen content. The screens do this by scanning or streaming those who pass by. Unlike Facial Recognition (FR) where data storage is required, our smart screens utilise Facial Analysis (FA), which does not store any Personally Identifiable Information (PII). The screens do not store still photos or moving video of persons who pass by it, instead they process in real-time those who pass and ultimately provide a basis for statistical analysis.

The output information that is fed back is completely anonymous, ensuring at no point can any of the data be used to identify an individual. The screens are coded to guess or make smart calculations around a persons possible; age bracket, emotion, facial hair, gender, glasses and or sunglass wearing.


So do the smart screens comply with Data Protection Act 1998 (DPA) and the new EU General Data Protection Regulation (GDPR)?

The UK DPA 1998 is replaced by the new GDPR, and under GDPR guidelines personal data is any information that relates to a living individual who can be identified from that information either by the information alone or together with any other information that may come into our possession.

As the screens do not collect, store or process any ‘personal’ data in whole or in combination with other data they are in compliance with the new GDPR guidelines.


Do you need to issue me with a Data/Privacy Notice under GDPR ?

We have a privacy policy notice for users on the platform or token purchasers as per our website https://www.bidooh.com/privacy because to use our product, service and token you must create an account, therefore we need to collect, store and process your personal data.


In contrast and in terms of those who walk past the screen, as we do not collect, store or process ‘personally identifiable’ data we are compliant with GDPR in terms of issuing a DPA & GDPR Policy notice.

Under GDPR guidelines personal data is any information that relates to a living individual who can be identified from that information either by the information alone or together with any other information that may come into our possession. As the screens do not collect, store or use any ‘personal’ information in whole or in combination with other data they are in compliance with the DPA & the new GDPR guidelines.


Under GDPR - Chapter 2 Article 5 1b "Data collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible"

http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm


Further to this Article 89 paragraph 1 states “Processing for … statistical purposes….. where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner”

http://www.privacy-regulation.eu/en/article-89-safeguards-and-derogations-relating-to-processing-for-archiving-purposes-the-public-interest-scientific-or-hi-GDPR.htm


In summary we are not required under GDPR to issue a GDPR/Privacy notice for those who walk past the screen.