Abstract
This chapter provides an overview of the range of legislation associated with the regulation of data management. Of special interest here is the status of personal images as ‘data’. The issue of whether photographic or digital images are in fact data creates tensions that until recently did not exist. In other words, the technology has overtaken the legal discourse and has required either that the image data should be assimilated into existing law on a case-by-case basis, or for new laws to be drafted. Therefore, since face recognition is an imaging modality previous statutory instruments are inadequate, and this chapter provides the back-drop to the on-going legal discourse.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Manson and O’Neill (2007), pp. 97–121.
- 2.
- 3.
Wacks (1989, revised 1993), p. 26.
- 4.
To be considered below.
- 5.
The European Community Act 1972.
- 6.
The state can equally be a business corporation.
- 7.
See Chap. 3, footnote 26.
- 8.
Council of the European Union Regulation (EU) 2016/680.
- 9.
Amos (2006), p. 346.
- 10.
The antecedent to the General Data Protection Regulation.
- 11.
Regulation (EU) 2016/680 para 1 op cit.
- 12.
Wicks (2007), p. 122.
- 13.
ibid p. 123.
- 14.
See Eglot (2015).
- 15.
Mosley v News Group Newspapers Ltd.
- 16.
ibid Mosley: Eady J at [133] and [134].
- 17.
European Commission Memo, 27th January2014.
- 18.
Regulation (EU) 2016/680, op cit. See footnote 45 below.
- 19.
Nissenbaum (2010).
- 20.
ibid p. 231.
- 21.
ibid p. 237.
- 22.
Schwartz and Solove (2014).
- 23.
Nissenbaum (2010), pp. 237–238 op cit.
- 24.
US Constitution: Fourth Amendment.
- 25.
See Mallon (2003). See fn 24 above.
- 26.
Katz v. United States, 389 U.S. 347 (1967). Cited by Mallon B op cit.
- 27.
United States v Dionisio 410 U.S. 1 (1973). Cited by Mallon B ibid.
- 28.
See Sect. 6.7.
- 29.
Solove (2011), pp. 100–101.
- 30.
See Sect. 4.4.
- 31.
See Whitehead (2013), p. 21.
- 32.
See Chap. 11.
- 33.
See Jolly (n.d.), p. 2.
- 34.
Reuters (2012).
- 35.
FTC (2012). The FTC performs a similar role to that of EU Information Commissioners though unlike the US, the European data protection laws apply universally to all data in every sector.
- 36.
Shear (2013).
- 37.
Jolly I op cit p.5. The Federal Trade Commission Act (15 U.S.C. s.41-58) (FTC Act) is a federal consumer protection law that prohibits unfair or deceptive practices and applies to offline and online privacy and data security policies. The Financial Services Modernisation Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. s.6801-6827) regulates the collection, use and disclosure of financial information. GLB limits the disclosure of non-public personal information and can require financial institutions to provide notice of their privacy practices and an opportunity for data subjects to opt out of having their information shared. The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. s.1301 et seq) regulates medical information.
The Electronic Communications Privacy Act (18 U.S.C. s.2510) and the Computer Fraud and Abuse Act (18 U.S.C. s.1030) regulates the interception of electronic communications and computer tampering respectively.
- 38.
HIPPA (2003). For instance the United States Department of Health and Human Services ‘Summary of the HIPAA Privacy Rule [The HIPAA] “Privacy Rule provides exceptions to the general rule of federal pre-emption for contrary State laws that relate to the privacy of individually identifiable health information, [which] provide greater privacy protections or privacy rights with respect to such information”.
- 39.
- 40.
ibid.
- 41.
Regulation (EU) 2016/680 §2, op cit.
- 42.
DPA 2018; GDPR Article 9.
- 43.
Solove (2011) op cit.
- 44.
FTC (2014).
- 45.
Viviane Reding V (2014).
- 46.
ibid.
- 47.
See Drozdiak and Sam Schechner (2015).
- 48.
EU—US Privacy Shield Framework (European Commission 2016).
- 49.
Edgar (2017), pp. 164–167.
- 50.
Privacy Shield Framework (European Commission 2016).
- 51.
Reding V 2(014) op cit.
- 52.
Agamben (2005).
- 53.
Campbell (Appellant) v. MGN Limited (Respondents).
- 54.
ibid as per para 155.
- 55.
Chapter 5 above.
- 56.
See Sect. 6.7.
- 57.
EU Directive 95/46/EC.
- 58.
GDPR para (9).
- 59.
See Kindt (2013), p. 93 §189.
- 60.
von Hannover v. Germany.
- 61.
- 62.
This was widely reported in the press with headlines declaring the Daily Mirror’s lawyer had called her a liar. And was also contentiously considered as legislating privacy by the backdoor of medical confidentiality by Piers Morgan, editor of the Daily Mirror Newspaper at the time.
- 63.
Kindt (2013) op cit, p. 418 §241.
- 64.
Murray v Express Newspapers Plc & Anor [2007].
- 65.
ibid para 65.
- 66.
ibid para 66.
- 67.
ibid paras 18, 19,72 and 73.
- 68.
Murray v Big Pictures (UK) Ltd [2008].
- 69.
ibid paras 63 and 63.
- 70.
Kindt (2013) op cit p 149 §275.
- 71.
Directive 95/46/EC Article 30(c).
- 72.
Cited by Kindt (2013) op cit.
- 73.
GDPR Article 4(1). Cited by Kindt (2013) op cit.
- 74.
Kindt (2013) op cit.
- 75.
Directive 95/46/EC Article 29.
- 76.
ibid.
- 77.
Kindt (2013) op cit.
- 78.
i.e. scanned photographs.
- 79.
Regulation (EU) 2016/680 op cit.
- 80.
Privacy by Design: 7 Foundational Principles.
- 81.
Kindt (2013) op cit.
- 82.
ibid.
- 83.
ibid.
- 84.
Directive 95/46/EC op cit. My italics.
- 85.
Kindt (2013) op cit.
- 86.
European Commission Regulation 2016/679 (proposed GDPR vis-à-vis Regulation 2016/680).
- 87.
ibid (Article 30) and implemented in GDPR Articles 25 and 30.
- 88.
ibid and implemented in GDPR Article 26.
- 89.
ibid page 18(7).
- 90.
ibid page 18(6).
- 91.
Regulation (EU) 2016/679 and 2016/680.
- 92.
FTC Report (2012).
- 93.
ibid.
- 94.
See Cohn et al. (2013) Electronic Frontier Foundation.
- 95.
Electronic Frontier Foundation.
- 96.
ibid.
- 97.
Cited by Welinder (2012).
- 98.
Acquisti et al. (2014).
- 99.
ibid.
- 100.
Fretty (2011), p. 444.
- 101.
Fourth Amendment op cit.
- 102.
United States v. Maynard.
- 103.
ibid Maynard, 615F.3d at 559. Cited by Fretty (2011), p. 444.
- 104.
Fretty (2011) op cit.
- 105.
Nader v. General Motors Corp.
- 106.
See Solove (2008), p. 111.
- 107.
United States v. Knotts.
- 108.
Fretty (2011) op cit p. 450.
- 109.
ibid p 451; United States v. Garcia.
- 110.
United States v. Mendenhall.
- 111.
INS v. Delgado.
- 112.
Fretty D op cit p. 446.
- 113.
United States v. Mendenhall op cit.
- 114.
Human Rights Act (HRA) 1998.
- 115.
Regulation of Investigatory Powers Act 2000.
- 116.
Police and Criminal Evidence Act 1984 c. 60.
- 117.
HRA1998 op cit.
- 118.
Perry v. The United Kingdom. My italics.
- 119.
R v. Loveridge.
- 120.
Campbell v. MGN Limited.
- 121.
The Law Society Gazette (2013).
- 122.
Kinloch [2012] UKSC 62.
References
Acquisti A, Gross R, Stutzman F (2014) Face recognition and privacy in the age of augmented reality. J Privacy Confidentiality 6(2):1. https://doi.org/10.29012/jpc.v6i2.638. Accessed 24 Aug 2019
Agamben G (2005) State of exception (trans: Attell K). The University of Chicago Press, Chicago
Amos M (2006) Human rights law. Hart Publishing, Oxford, p 346, an imprint of Bloomsbury Publishing Plc
Bedat A (2013) Case law, Strasbourg: Von Hannover v Germany (No.3), Glossing over Privacy. http://inforrm.wordpress.com/2013/10/13/case-law-strasbourg-von-hannover-v-germany-no-3-glossing-over-privacy-alexia-bedat/. Accessed 24 Aug 2019
Callender Smith R (2012) From Von Hannover to Von Hannover and Axel Springer AG: do competing ECHR proportionality factors ever add up to certainty? (October 25, 2012). Queen Mary J Intellect Property 2(4):388–392. https://ssrn.com/abstract=2037811. Accessed 24 Aug 2019
Campbell (Appellant) v. MGN Limited (Respondents) [2004] UKHL 22 on appeal from: [2002] EWCA Civ 1373. http://www.publications.parliament.uk/pa/ld200304/ldjudgmt/jd040506/campbe-1.htm. Accessed 24 Aug 2019
Campbell v MGN Limited [2002] EWHC 499. http://www.bailii.org/ew/cases/EWHC/QB/2002/499.htm. Accessed 24 Aug 2019
Cohn C, Rodriguez K, Higgins P (2013) Increasing anti-surveillance momentum and the necessary and proportionate principles. Electronic Frontier Foundation, San Francisco. https://www.eff.org/deeplinks/2013/12/increasing-anti-surveillance-momentum-and-necessary-and-proportionate-principles. Accessed 24 Aug 2019
Council of the European Union Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Accessed 24 Aug 2019
Council of the European Union Regulation (EU) 2016/680 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). (1). http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. Accessed 23 Aug 2019
Council of the European Union Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1532348683434&uri=CELEX:02016R0679-20160504. Accessed 20 Sept 2019
Data Protection Act 2018, para 33. http://www.legislation.gov.uk/ukpga/2018/12/contents/enacted. Accessed 18 Sept 2019
Drozdiak N, Sam Schechner S (2015) EU court says data-transfer pact with U.S. violates privacy. The Wall Street Journal, October 6th 2015. http://www.wsj.com/articles/eu-court-strikes-down-trans-atlantic-safe-harbor-data-transfer-pact-1444121361. Accessed 24 Aug 2019
Edgar TH (2017) Beyond snowden: privacy, mass surveillance and the struggle to reform the NSA. The Brookings Institution, Washington, D.C., pp 164–167
Eglot J (2015) “British judges not bound by European court of human rights, says Leveson”. The Guardian 24th May 2015. http://www.theguardian.com/law/2015/may/24/british-courts-echr-leveson. Accessed 23 Aug 2019
Electronic Frontier Foundation (Necessary and Proportionate.org) 13 International Principles on the Application of Human Rights to Communication Surveillance. https://necessaryandproportionate.org/principles. Accessed 24 Aug 2019. https://www.eff.org/document/13-international-principles-application-human-rights- communication-surveillance. Accessed 24 Aug 2019
EU – US Privacy Shield Framework. https://www.privacyshield.gov/Program-Overview. Accessed 24 Aug 2019
European Commission (2016) EU-US privacy shield. http://europa.eu/rapid/press-release_IP-16-216_en.htm. Accessed 24 Aug 2019
European Commission Memo, 27th January 2014. Data Protection Day 2014: Full speed on EU data protection reform. http://europa.eu/rapid/press-release_MEMO-14-60_en.htm. Accessed 24 Aug 2019
Federal Trade Commission (2014) FTC settles with twelve companies falsely claiming to comply with international safe harbor privacy framework. http://www.ftc.gov/news-events/press-releases/2014/01/ftc-settles-twelve-companies-falsely-claiming-comply. Accessed 24 Aug 2019
Fretty D (2011) Face-recognition surveillance: a moment of truth for fourth amendment rights in public places. Virginia J Law Technol 16(03):444. https://heinonline.org/HOL/LandingPage?handle=hein.journals/vjolt16&div=16&id=&page=. Accessed 24 Aug 2019
FTC (2012) Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. http://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers. Accessed 23 Aug 2019
FTC Report (October 2012) Facing facts: best practices for common uses of facial recognition technologies: executive summary. http://www.ftc.gov/reports/facing-facts-best-practices-common-uses-facial-recognition-technologies. Accessed 24 Aug 2019
Human Rights Act (HRA) 1998. http://www.opsi.gov.uk/acts/acts1998/ukpga_19980042_en_1. Accessed 24 Aug 2019
INS v. Delgado, 466 U.S. 210 (1084). https://supreme.justia.com/cases/federal/us/466/210/. Accessed 24 Aug 2019
Jolly I (n.d.) Data protection in the United States: overview, p 2 http://uk.practicallaw.com/6-502-0467#null. Accessed 23 Aug 2019
Katz v. United States, 389 U.S. 347 (1967) The warrantless wiretapping of a public pay phone violates the unreasonable search and seizure protections of the Fourth Amendment. https://supreme.justia.com/cases/federal/us/389/347/case.html. Accessed 23 Aug 2019
Kindt EJ (2013) Privacy and data protection issues of biometric applications. Springer, Dordrecht, p 93 §189
Kinloch [2012] UKSC 62. https://www.supremecourt.uk/decided-cases/#addsearch=kinloch%20[2012]%20uksc%2062,f=1. Accessed 24 Aug 2019
Law Society Gazette (2013) Admissibility- criminal proceedings – evidence obtained through covert surveillance. Re: Kinloch (AP) v Her Majesty’s Advocate (Scotland) and Gilchrist v HM Advocate [2004] SSCR 595. https://www.lawgazette.co.uk/law/evidence/68897.article. Accessed 24 Aug 2019
Mallon B (2003) Every breath you take, every move you make, i’ll be watching you: the use of face recognition technology. Villanova Law Rev 48:955. https://digitalcommons.law.villanova.edu/vlr/vol48/iss3/6/. Accessed 24 Aug 2019
Manson NC, O’Neill O (2007) Rethinking informed consent in bioethics. Cambridge University Press, Cambridge
Mosley v News Group Newspapers Ltd [2008] EWHC 1777 (QB), [2008] EMLR 20. http://www.bailii.org/ew/cases/EWHC/QB/2008/1777.html. Accessed 23 Aug 2019
Murray v Big Pictures (UK) Ltd [2008] 2008] UKHRR 736, [2008] 3 FCR 661, [2009] Ch 481, [2008] ECDR 12, [2008] Fam Law 732, [2008] 2 FLR 599, [2008] EMLR 12, [2008] HRLR 33, [2008] EWCA Civ 446, [2008] 3 WLR 1360. http://www.bailii.org/ew/cases/EWCA/Civ/2008/446.html. Accessed 24 Aug 2019
Murray v Express Newspapers Plc & Anor [2007] [2007] UKHRR 1322, [2007] HRLR 44, [2008] 1 FLR 704, [2007] ECDR 20, [2007] 3 FCR 331, [2007] EWHC 1908 (Ch), [2007] EMLR 22, [2007] Fam Law 1073. http://www.bailii.org/ew/cases/EWHC/Ch/2007/1908.html. Accessed 24 Aug 2019
Nader v. General Motors Corp., 25 N.Y.2d 560 (N.Y. 1970). https://casetext.com/case/nader-v-general-motors-corp-2. Accessed 24 Aug 2019
Nissenbaum H (2010) Privacy in context: technology, policy and the integrity of social life. Stanford University Press, Stanford
Parent WA (1983) Privacy, morality and the law. Philos Public Aff 12(4):269–288
Perry v. The United Kingdom. http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-61228. Accessed 24 Aug 2019
Privacy by Design: 7 Foundational Principles. https://www.ryerson.ca/pbdce/certification/seven-foundational-principles-of-privacy-by-design/. Accessed 20 Sept 2019
R v Loveridge, EWCA Crim 1034, [2001] 2 Cr App R 29 (2002)
Regulation of Investigatory Powers Act 2000. http://www.legislation.gov.uk/ukpga/2000/23/pdfs/ukpga_20000023_en.pdf. Accessed 24 Aug 2019
Reuters (2012) January 27th ‘Lawmakers press Google on privacy policy changes’. http://www.reuters.com/article/2012/01/27/us-google-privacy- idUSTRE80P1YC20120127. Accessed 23 Aug 2019
Schwartz PM, Solove DJ (2014) Reconciling personal information in the United States and European Union. Calif Law Rev 102:877. https://scholarship.law.gwu.edu/faculty_publications/956. Accessed 23 Aug 2019
Shear B (2013) When will the FTC follow the EU’s lead in protecting digital privacy? https://www.shearlaw.com/when-will-the-ftc-follow-the-eus-lead-in-protecting-digital-privacy/. Accessed 23 Aug 2019
Solove DJ (2008) Understanding privacy. Harvard University Press, Cambridge, p 111
Solove DJ (2011) Nothing to hide: the false trade off between privacy and security. Yale University Press, New Haven, pp 100–101
The European Community Act 1972. https://www.instituteforgovernment.org.uk/explainers/1972-european-communities-act. Accessed 23 Aug 2019
United States Department of Health and Human Services. OCR privacy rule summary 2003:17. https://www.hhs.gov/sites/default/files/privacysummary.pdf. Accessed 23 Aug
United States v. Garcia, 474 F 3d 994, 998 (7th Cir. 2007). https://openjurist.org/474/f3d/994/united-states-v-garcia. Accessed 24 Aug 2019
United States v. Knotts, 460 U.S. 276 (1983). https://supreme.justia.com/cases/federal/us/460/276/case.html. Accessed 24 Aug 2019
United States v. Maynard, 651 F.3d 544, 555-56 (D.C.Cir.2010). https://casetext.com/case/united-states-v-maynard-5. Accessed 24 Aug 2019
United States v. Mendenhall, 446 U.S. 544 (1980). https://supreme.justia.com/cases/federal/us/446/544/case.html. Accessed 24 Aug
US Constitution: Fourth Amendment. http://www.law.cornell.edu/constitution/fourth_amendment. Accessed 23 Aug 2019
Viviane Reding, Vice-President of the European Commission, EU Justice Commissioner ‘Data protection compact for Europe’. http://europa.eu/rapid/press-release_SPEECH-14-62_en.htm. Accessed 24 Aug 2019
von Hannover v. Germany (2005) 40 EHRR 1, [2005] 40 EHRR 1, 40 EHRR 1, [2004] EMLR 21, 16 BHRC 545, [2004] ECHR 294. http://www.worldlii.org/eu/cases/ECHR/2005/555.html. Accessed 24 Aug 2019
Wacks R (1989) (revised 1993) Personal information: privacy and the law. Clarendon Press, Oxford
Welinder Y (2012) A face tells more than a thousand posts: developing face recognition privacy in social networks. http://jolt.law.harvard.edu/articles/pdf/v26/26HarvJLTech165.pdf. Accessed 24 Aug 2019
Westin A (1967) Privacy and freedom. Atheneum, New York
Whitehead JW (2013) A Government of wolves: the emerging American Police State. Select Books Inc, New York, p 21
Wicks E (2007) Human rights in healthcare. Hart Publishing, Oxford, an imprint of Bloomsbury Publishing Plc, p 122
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Berle, I. (2020). The Law and Data Protection. In: Face Recognition Technology. Law, Governance and Technology Series, vol 41. Springer, Cham. https://doi.org/10.1007/978-3-030-36887-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-36887-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36886-9
Online ISBN: 978-3-030-36887-6
eBook Packages: Law and CriminologyLaw and Criminology (R0)