Read on Twitter
These are in my local shop, and I had questions before I read Tesco’s response, and I have even more questions afterwards.
>>>Concerns raised about cameras at self-service supermarket checkouts https://www.irishexaminer.com/news/arid-40199379.html
>>>Concerns raised about cameras at self-service supermarket checkouts https://www.irishexaminer.com/news/arid-40199379.html
Here’s What Tesco Says:
Firstly, we have a defined purpose “to provide an additional security measure for customers”.
And, we’re told, a DPIA has been done. We may leave aside the “operating in line with GDPR” which is self-evidently an incorrect assertion.
Firstly, we have a defined purpose “to provide an additional security measure for customers”.
And, we’re told, a DPIA has been done. We may leave aside the “operating in line with GDPR” which is self-evidently an incorrect assertion.
Because, here’s what Tesco Refuses To Say:
And refusing to say how data will be processed and/or retained is an automatic fail for GDPR.
We know it met the bar for a DPIA, so we know Tesco assessed these facial images met the bar for personal data.
And refusing to say how data will be processed and/or retained is an automatic fail for GDPR.
We know it met the bar for a DPIA, so we know Tesco assessed these facial images met the bar for personal data.
But don’t take my word for it.
Here’s the DPC’s comment:
Here’s the DPC’s comment:
So, we have a potential explanation-
Vista, the people who provide Tesco's tills with cameras in them have done a deal with a biometric facial scanning company. https://www.biometricupdate.com/202002/facewatch-vista-cctv-deliver-gdpr-compliant-biometric-surveillance-solution-for-retail-hospitality
Vista, the people who provide Tesco's tills with cameras in them have done a deal with a biometric facial scanning company. https://www.biometricupdate.com/202002/facewatch-vista-cctv-deliver-gdpr-compliant-biometric-surveillance-solution-for-retail-hospitality
Although this may or may not be the same GDPR I’m familiar with.
And suddenly, the Privacy policy has its first update since May 2018, and wouldn’t you know it, it’s specifically about CCTV and facial image capture in Ireland only. https://twitter.com/gmcgin/status/1345150842379362310
A pity though that the new till cameras are specifically not compliant even with this new. policy
Because I was out buying a few bits today in my local Tesco and there was precisely Zero signage on these “trial” facial imaging cameras in the tills.
And that’s not even in compliance with today’s updated policy.
And that’s not even in compliance with today’s updated policy.
Now what strikes me here is that nowhere does the “justification for processing” cite the legal basis for processing.
And there aren’t that many of them to choose from.
Look, here they all are from Article 6.1 of the GDPR: https://twitter.com/_dgoldsmith/status/1345157049261445123
And there aren’t that many of them to choose from.
Look, here they all are from Article 6.1 of the GDPR: https://twitter.com/_dgoldsmith/status/1345157049261445123
