IFSEC and GDPR

Facial Recognition and GDPR: Behind the scenes at IFSEC International

Gerry Dunphy

Strategy Director, Security & Fire, Informa Markets EMEA

May 29, 2019

Sign up to free email newsletters

Download

Want a Future-Proof Cyber Security Strategy? Look at Physical Security Now

An event on IFSEC International’s scale requires an enormous amount of preparation and organisation.

With over 27,000 security professionals in attendance, including 500+ exhibitors, the scale of work is huge, covering everything from speaker management to stand building and beyond.

And in 2018 we saw an extra level of complexity added by the introduction of GDPR, which altered the way we could interact with our guests. This is a major consideration not just for us, but for the suppliers showcasing their security solutions as well – and one area this was especially pertinent was with facial recognition technology

Facial recognition and biometric technology offers both enormous implications and huge opportunities for converged security, and as Europe’s leading integrated security event, it was essential for IFSEC to offer suppliers a platform for showcasing these new solutions. But with the advent of GDPR and an increasingly privacy-aware population concerned by data misuse, it’s easy to see why this technology – still in its infancy – can cause discomfort.

I’d like to share with you what we learned from IFSEC International 2018 when faced with this new technology.

GDPR concerns

IFSEC is a chance for the industry to see the latest technology in action, and last year this included facial recognition and biometric technology. On one stand, for example, conference attendees were filmed as they walked past, with their image then displayed on screens alongside estimations of their age, sex and emotional state, all powered through facial recognition software.

While undoubtedly impressive, it did raise the question of how that data was then being stored or used, and whether that contravened certain aspects of GDPR.

We have worked closely with our DPO to create a comprehensive privacy policy for our registration process

These questions around data security are ones IFSEC International takes very seriously. We have worked closely with our DPO to create a comprehensive privacy policy for our registration process, and we work with our exhibitors to register their technology. When we examined this particular case, we were confident we could produce evidence privacy concerns had been considered.

We were, ultimately, found not to have breached any privacy rules, but this case has highlighted the need to keep clarifying our privacy policy and improve our communication with visitors and exhibitors alike.

It has also reminded us of the need to ensure all IFSEC International exhibitors are aware of their GDPR responsibilities. For instance, they need to clearly state if facial recognition and biometric technologies are in active use at the show, and remind visitors that their data is either not recorded or immediately destroyed.

To highlight this, we will be placing GDPR awareness signage at each entrance to the show, and we encourage exhibitors to do the same at their own stands. In order for IFSEC International to remain a credible platform for security innovation, we need to ensure we – and our exhibitors – remain totally compliant.

We ask all exhibitors to register which technologies they will be demonstrating, so we can better understand whether there are any security, safety and privacy implications to them, and communicate this to visitors through the show guide. We also advise our exhibitors, and indeed the wider industry, to stay aware of privacy legislation and ensure they remain compliant throughout the event.

Advice for the industry

These are important conversations to have from all sides of the industry, from manufacturers and distributors through to integrators, installers and end-users.

The importance of guidelines and scrutiny surrounding facial recognition has come under the spotlight recently, with the legal challenge to the use of such technology in Cardiff, which according to the human rights group Liberty potentially breaches human rights. Although the case is ongoing, it has highlighted the need for the security industry to continue discussing how best to implement technology like this to ensure that people’s privacy concerns are respected without compromising security.

That discussion will continue to take place at IFSEC International 2019, particularly through the first ever National Surveillance Camera Day, which were delighted to launch in conjunction with Tony Porter, the Surveillance Camera Commissioner. This has been organised to raise public awareness about how and why surveillance cameras are used, the regulations governing their use and the data protection rights of citizens.

My main takeaway from last year’s event was the need to communicate. Privacy is a huge and valid issue, and our visitors are uniquely concerned by it, coming almost exclusively from the security sector.

By now we’re all used to visiting security events all around the world, and we take it for granted that they will be an environment alive with recognition software, recording equipment and data capture technology. That’s why it’s vital for us – and all our exhibitors – to better explain our Privacy Policy, and ensure everyone is aware that, as part of product demonstrations, they may be filmed and recorded.

Related Topics

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
John Honovich Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
John Honovich
Guest
John Honovich

The GDPR says that for biometrics “the data subject has given explicit consent to the processing of those personal data for one or more specified purposes”. How are IFSEC attendees giving ‘explicit consent’? Thank you.