Visual Surveillance Within the EU General Data Protection Regulation: A Technology Perspective

From an individual’s perspective, technological advancement has merits and demerits. Video captured by surveillance cameras while a person goes about their daily life may improve their personal safety but the images collected may also represent an invasion of their privacy. Because of the ease of digital information sharing, there exists a need to protect that visual information from illegal utilization by untrusted parties. The European parliament has ratified the General Data Protection Regulation (GDPR), which has been effective since May 2018 with a view to ensuring the privacy of European Union (EU) citizens’ and visitors’ personal data. The regulation has introduced data safeguards through Pseudonymisation, Encryption, and Data protection-by-design. However, the regulation does not assist with technical and implementation procedures, such as video redaction, to establish those safeguards. This paper refers to the GDPR term “personal data” as “visual personal data” and aims to discuss regulatory safeguards of visual privacy, such as reversible protection, from the technological point-of-view. In the context of GDPR, the roles of machine learning (i.e. within computer vision), image processing, cryptography, and blockchain are explored as a way of deploying Data Protection-by-Design solutions for visual surveillance data. The paper surveys the existing market-based data protection solutions and provides suggestions for the development of GDPR-compliant Data Protection-by-Design video surveillance systems. The paper is also relevant for those entities interacting with EU citizens from outside the EU and for those regions not currently covered by such regulation that may soon implement similar provisions.