Logo and page links

Main menu


Doorkeeper, exit report: Intelligent video monitoring with data protection as a primary focus

Legal basis for Doorkeeper’s use of intelligent video analytics

One of the goals of the sandbox project was to consider how the legal basis for the use of intelligent video analytics should be assessed, based on Doorkeeper’s solution.

The processing of personal data is only lawful if the processing has a legal basis (see Article 6 (1) (a-f) of the GDPR).

Which legal bases are relevant for the use of intelligent video analytics?

In some situations, consent (Article 6 (1) (a)) could constitute a legal basis for video monitoring. There are, however, stringent requirements for what constitutes valid consent pursuant to data protection legislation, and consent is therefore not suitable for many situations. Examples of consent-based processing include research, treatment in patient rooms, in care institutions, etc.

Another potential legal basis for the use of video monitoring is compliance with a legal obligation. This will, however, primarily be relevant for public authorities. For public authorities, Article 6 (1) (c) and (e) will be the most relevant legal basis for video monitoring. These provisions allow processing of personal data if the processing is necessary for compliance with a legal obligation, or for the performance of a task carried out in the public interest or in the exercise of official authority. Furthermore, public authorities cannot use “legitimate interests” (see Article 6 (1) (f)) in the exercise of official authority.

For private parties wanting to adopt the use of video monitoring, consent or compliance with a legal obligation are rarely relevant options as a legal basis.

More on “legitimate interest” as a legal basis

When private parties are considering video monitoring, their most relevant option for a legal basis will – in most cases – be “legitimate interest (see Article 6 (1) (f)). This provision allows processing of personal data where such processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In order to base processing on this legal basis, one must first weigh up the interests of the data controller in relation to the interests of the data subject. The data controller’s legitimate interests must be lawful, clearly defined, real and justified. The processing must furthermore be necessary for the pursuance of the legitimate interest. This entails that video monitoring must be a suitable measure for achieving the purpose, and that the purpose cannot reasonably be effectively achieved by less invasive means.

When making this assessment, the interests, rights and freedoms of the data subject – including their reasonable expectations in the context of their relationship with the data controller – must be weighed up against the data controller’s legitimate interests. In the context of video monitoring, the interests of the data subject may involve the right to a private life and privacy, and may be relevant in considering how invasive the monitoring is.

If the data controller wants the processing of personal data serve multiple purposes, the controller must consider the legal basis for each individual purpose. Whether or not Article 6 (1) (f) can be used as a legal basis for the processing of personal data will depend on a specific assessment of each type of processing.

As a rule, personal data may only be further processed for new purposes if the new purpose is compatible with the purposes behind the original processing, see Article 6 (4). This is only relevant for purposes added after the time of collection. All purposes relevant at the time of collection must be considered in the context of Article 6 (1) in the normal manner.

Technology as a factor in assessment

How does the AI technology developed by Doorkeeper affect the balance between a legitimate interest for monitoring and the infringement of privacy the monitoring entails? If we exclusively consider how personal data is used in the solution, Doorkeeper may implement measures that make the collection of data less invasive.

  • In a normal situation, the personal data is only processed by Doorkeeper’s algorithm for censoring the video feed. The data is censored in real time and only limited recordings, which are deleted after a predefined time, are made – unless a predefined event has occurred.
  • While personal data is being processed by the solution, nobody has access to the uncensored video feed until the system identifies a predefined event, or if the operator deactivates the censoring manually.
  • Operators must specify the reason, time frame and user ID if they want to manually disable the censoring. The event is logged in the system. This barrier will likely help prevent and detect snooping, provided there is responsible and regular review of the logs.

These are all relevant factors when an enterprise is considering whether their legitimate interest constitutes legal basis, and could help tip the scale in favour of the legitimate interest.

Doorkeeper’s solution could be designed to have the censoring of identifying data either taking place in the camera body or on a platform. The data controller must consider the impact of the differences in the different solutions on how invasive the processing of the personal data will be. The platform solution entails processing of personal data on a larger scale than the solution where the censoring takes place in the camera body, as the data must be transferred from the camera to the platform before being censored. Among other things, the data controller should take into account whether a solution where the censoring takes place in the camera body may in some cases be considered less invasive than platform-based censoring.

The experience of being watched as a factor of consideration

In considering how invasive the infringement on privacy is for the data subject, one must base the assessment on the actual processing of personal data. In addition, the experience of being watched is also relevant. This experience constitutes the basis for the rule concerning false video surveillance equipment in Section 31 of the Personal Data Act. The preparatory works to this provision state that “false monitoring equipment may be perceived as a significant invasion of privacy, even though no real processing of personal data is taking place, and … the feeling of being watched is in itself a violation of integrity and thus may lead to changes in behaviour”.

The data subject may therefore perceive that they are watched, regardless of how invasive the processing of personal data actually is. The technology used does not necessarily impact this experience, because in most cases, the data subject will not have sufficient knowledge of how the technology works. This is a factor that must be included in a consideration of the data subject’s interests. In this situation, however, transparency and good information may play a role.

A key aspect when considering how invasive monitoring is perceived to be, is the data subject’s expectations for the data controller. The context of the processing will be important in this regard. There are situations where the data subject has greater expectations of privacy, such as in gyms, spas and swimming pools. In other situations, such as on public transportation, or in a shop, most people will likely have lower expectations of privacy.

In some cases, the presence of video monitoring in an area may give the data subject a sense of safety. A camera may, in some cases, have a preventative effect on crime and may also lead to people feeling safer. These are also relevant aspects in a consideration of the data subject’s interests.

Veileder navigasjon

6. Legal basis for Doorkeeper’s use of intelligent video analytics