GDPR Radio – Oli’Days, Scammers And Facial Recognition

During this week’s episode of the Data Protection Made Easy Podcast our hosts David Holmes, Zara Turner and Phil Brining joined our growing community of Data Protection Practitioners to discuss the news of the week sharing their views and opinions. We cover a number of different topics in this week’s session including the passing of her majesty the queen, the new elected prime minister and the pending changes set to impact DPOs across the country.

One of the areas we delve into which we found bizzar is the use of facial recognition technology being used in supermarkets, Co-op utilises facial recording technology on their self-checkouts. Phil Brining was shocked to find out there was no privacy notice to inform the public that they are being recorded. Co-op has stated that the technology is installed for age verification to speed up the checkout process. It could also be argued that the software is being used to reduce the likelihood of theft and assault, this would be perfectly fine if there was evidence of these things happening but it is our expert’s belief that a countrywide rollout is an infringement on the rights of the general population.

There is a large amount of controversy around facial recognition technology and it’s a concern that will continue to grow with the continued innovation in that field. There are pros and cons for both sides of the argument in our opinion. Of course, the data collected through facial recognition has a wide range of potential benefits but, above all else, the privacy of the general population is of the highest importance and steps need to be taken to make individuals aware of the data processing.

When personal data is collected for purposes of analytics and marketing, it is often with the intention of seeing how people are acting online or to influence people online. PECR is in place to restrict unsolicited direct marketing through electronic means such as SMS and email. Organisations can access ICO guidance and resources on the Privacy and Electronic Communications Regulations (PECR), which gives people specific privacy rights in relation to electronic marketing communications.

In recent news, Halfords has been put under the spotlight for the sending of unsolicited direct marketing information to individuals through e-mail. The Information Commissioner’s Office (ICO) has fined the retail giant Halfords for sending almost 500,000 unsolicited marketing emails to individuals without the consent of the recipients. The issue was raised with the ICO when a complaint was made by a recipient who claimed to receive emails relating to a “Fix Your Bike” scheme which was a government-funded voucher to encourage more people to use bicycles. The scheme allowed people to use a voucher of up to £50 towards the cost of repairing any bike. We feel in this scenario, Halfords may have been naive in thinking that because they were sending out information that would be of value to some, that e-mailing 500,000 individuals about this wouldn’t ruffle anyone’s feathers.

Head of Investigations at the ICO, Andy Curry said:

“It is against the law to send marketing emails or texts to people without their permission. Not only this, it is a violation of their privacy rights as well as being frustrating and downright annoying.

“Halfords are a household name and we expect companies like them to know and act better. This incident does not reflect well on the internal advice or processes and therefore a fine was warranted in this case. This also sends a message to similar organisations to review their electronic marketing operations, and that we will take necessary action if they break the law.”

We discuss all this and much more on this weeks episode of the Data Protection Made Easy Podcast. If you would like to join us on future episodes of the podcast you can reach out to any member of our team on our ‘About Us’ page as well as registering to any of our amazing future events through our events page. Next week’s episode of the Data Protection Made Easy Podcast will feature Phil Brining and Jasmine Harrison as they share insights on the newest version of the PCI DSS (Payment Card Industry Data Security Standard).

If you enjoyed this weeks episode of the podcast and want to know more about working with Data Protection People, contact us here. 

Useful Links From This Episode:

Android 13 Update: https://www.theverge.com/2022/9/7/23340628/android-13-new-business-features-work-profiles-personal-data
COOP Age Scan Technology: https://www.coop.co.uk/age-scan
Facial Recognition Technology In The U.S: https://www.amnesty.org/en/latest/news/2022/02/usa-facial-recognition-technology-reinforcing-racist-stop-and-frisk-policing-in-new-york-new-research/
Instagram GDPR Fine: https://techcrunch.com/2022/09/05/instagram-gdpr-fine-childrens-privacy/
Asset Recovery Certification: https://ico.org.uk/for-organisations/adisa-ict-asset-recovery-certification-80/
How Are Children Protection Online: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/children-are-better-protected-online-in-2022-than-they-were-in-2021
Potential TikTok Data Breach: https://www.forbes.com/sites/daveywinder/2022/09/06/has-tiktok-us-been-hacked-and-2-billion-database-records-stolen/