Share This Article
Data protection breaches of health related sensitive data might occur through a mere video scanning an individual’s face according to a recent research.ย
Face scan technology
According to a recent study,ย cardiac diseases can be identified and diagnosed using contactless video monitoring of the face through aย technology and an algorithm that scan the face and detect skin colour changes imperceptible to the naked eye. ย Colour changes detected by video monitoring corresponded with an individualโs heart rate as detected on an electrocardiogram.
Google Vividown precedent
While this is a very interesting improvement, it also raises some data protection issues relating to the potential development of such technologies. ย And indeed, this issue reminds me the so called disputeย Vividown case.
That dispute arose from the publication by a user of a video on Google Video showing an handicapped minor while he was bullied by his classmates. ย In that circunstance a privacy related crime was challenged to some Google managers because of the illegal processing of sensitive data relating to the health conditions of the minor and in particular his handicap that had been disclosed to the public through the video itself.
As part of the proceeding Google managers had been first convicted by the court of first instance and then acquitted. ย However such dispute shows that the mere recording of images through a video can lead to the unlawful processing of personal data which triggers considerable privacy related compliance obligations.
Data protection issues
I previously discussed about theย data protection issues relating to eHealth technologiesย and indeedย the processing of health related sensitive data gives rise to considerable obligations in terms of privacy information notice to be given to individuals, hand written consent to be obtained from them, security measures to be implemented in the storage of such data etc..
Yet, the breach of such obligations may lead not only to potential fines that with the new EU Data Protection Regulation will reach a value up to 5% of the global group turnover of the breaching entity, but also to criminal sanctions against the directors of the company liable for the relevant decisions which caused the breach as initially challenged to Google’s directors in the case referred above.
If the development of such technologies will allow to scan individuals’ faces and obtain health related data relating to them through a mere video taken for instance at an event, this might considerably increase on the one hand the potential unlawful processing of personal data and on the other hand the compliance obligations to which entities operating such videos will be subject. ย Likewise wearable technologies might be able to gain data about users according to modalities unpredictable up until recently.
The above will require to a higher level of data protection compliance also in the storage of collected data to avoid risks of cybercrime. ย For this purpose we are working for some clients and liasing with the regulator in order to find solutions that will ensure the compliance with data protection laws, but at the same time are consumer friendly and easily manageable by businesses.
This is a fascinating topic and feel free to contact me,ย Giulio Coraggioย to discuss. Also, if you want to receive my newsletter, please join myย LinkedIn Groupย or myย Facebook page.ย And follow me onย Twitter,ย Google+ย and become one of my friends onย LinkedIn.
