Ensuring privacy when undertaking surveillance

Niklas Rosell

Surveillance and privacy are not natural bedfellows. However, as the public begin to understand how surveillance can help with their safety and security, the use of surveillance in public places is becoming more accepted. While privacy has always been a priority in the surveillance industry, public awareness over their rights has been heightened by initiatives like GDPR in Europe and FISMA in the US. As a result, organizations have had to take note and show how they are safeguarding privacy to not only protect their brand perception, but also comply with union regulations that specify privacy protections in the workplace. All of this combined is putting more pressure on organizations to secure their surveillance data.

Ensuring users understand their obligations

Surveillance cameras are a common sight in public places – in 2016 there were thought to be nearly 350 million surveillance cameras worldwide – and people are accepting that they will be caught on camera regularly. In London alone, it is estimated that citizens are recorded on camera around 300 times each day, which puts the need to understand how all this data is processed and stored into perspective.

The organizations capturing the surveillance may be doing so for a variety of reasons – from securing an area against criminal activities through to ensuring traffic is running smoothly. Manufacturers and sellers of surveillance cameras can help users stay informed on surveillance best practices. This includes how to correctly and ethically use the information collected by surveillance cameras, as well as help them take the necessary steps to comply with local and international privacy regulation.

Enabling compliance through technology

While there are regional nuances in the exact wording of how organizations should comply with data security and surveillance regulation, essentially it is there to protect people’s human rights by safeguarding their right to privacy. Therefore, it puts in place controls that must be implemented around the capturing, storing and sharing of video data. Several tools and technologies exist to protect people’s privacy during the process of viewing, recording and exporting video. The most common are dynamic anonymization, permanent masking and redaction.

Dynamic anonymization: With this technique, analytics software is used to automatically anonymize people in the video in real time as the analytics monitors the actions and movements in a scene. Should the identities of those captured in the footage be crucial to an investigation, only authorized personnel can unmask the data to access the video. Not only does this protect individuals in their right to privacy, it also covers an organization’s obligations to keep people safe – especially in open, public spaces.

Permanent masking: This approach is most commonly used in environments where the identities of passers-by are not relevant to the primary aim of the surveillance. Permanent masking provides a more basic way of protecting people’s privacy by anonymizing everyone in a video and permanently burning the masking into the video so there is no way to undo the masking in the footage. This means that while areas can be monitored for things like hazards, footfall counting or non-human surveillance like traffic monitoring, should someone need to access the footage as part of an investigation, the identities of those in the video cannot be uncovered. Permanent masking may involve static masking – where there are defined areas of a scene that are permanently masked in live and recorded video – or dynamic masking, where masking is not static but dynamically applied to moving objects in a scene in live and recorded video.

Redaction: Rather than blanket-anonymizing people caught on camera, redaction is undertaken after someone’s image has been caught on camera to protect the privacy of non-relevant individuals. This is most commonly used when an organization has to share un-anonymized footage, such as with law enforcement as part of an investigation. While this technique helps organizations protect the privacy of innocent individuals, it does not safeguard privacy for live video streams.

As well as the above approaches to surveillance privacy protection, some non-visual surveillance technologies naturally lend themselves to identity protection. For example, thermal cameras are often used in sensitive environments, for example, patient monitoring in healthcare, so people can be observed remotely without capturing personal details – something that is required by HIPAA regulation in the US.

Making privacy protection the norm

At Axis, we strive to provide customers with the guidance and tools to help people secure their video data and safeguard privacy. We encourage organizations to be aware of their responsibilities and make responsible use of data part of the norm.

Privacy in video surveillance