The new European Union General Data Protection Regulation (GDPR) is creating uncertainty among professional and enthusiast photographers, with some schools in Germany banning all photography of students, and serious speculation as to whether street photography is even legal any more under the new data protection rules.
This is directly relevant to Australian photographers with clients in Europe and, more broadly, because all democratic countries are likely to follow with similar – possibly even parallel – laws in response to the massive appropriation of their citizens’ personal data over the last decade by the likes of Facebook and Google.
The issue for photography is that, under the new regulations introduced in May, images of people fall into the category of personal data, so that all the rules and regulations regarding possession, storage and handling of data like email addresses, credit cards numbers, etc, also apply to a digital file of an individual.
An recent article in German publication imaging+foto contact reported that German schools were banning photography at events such as awards and sports. The German Photographic Association (PIV) has asserted that taking photos is allowed provided the distribution is for private use only. This is where things get tricky; putting an image in a family album is private use but posting an image on Facebook could breach the rules.
The new rules create an extra layer of complexity for schools photography businesses, which as ‘data processors’, have a range of onerous compliance obligations – for instance, all images must be destroyed after a nominated time span. And as data processors, they are legally liable for any breaches.
Under GDPR, consent must be explicitly given to anything that isn’t within the normal business of the school, especially if it involves a third party, such as a schools photographer, managing the data. Parents (or the pupil themselves depending on their age) must express consent for their child’s data to be used outside of the normal business of the school.
Street photography ‘non-compliant’?
Taking pictures in public – from events and sports through to candid street photography is potentially caught up in the GDPR. The GDPR covers photographs where it is possible to identify the subject, and with increasingly sophisticated facial recognition software, that’s not a hard bar to pass.
‘If you’re a professional, then you will need to fix your customer relationship management, your website, your data security, and much more,’ German photographer and journalist Hendrik Wieduwilt said in an article by Alex Mita in the London School of Photography website.
‘If you’re just a mom or pop shooting pictures of your family, you should be fine. The GDPR does not apply to data processing “in the course of a purely personal or household activity.” But beware: if you have a million Instagram followers, your kid’s birthday party is probably not a “household activity” anymore.’
Street photography becomes questionable because the GDPR requires you to obtain consent of the subject before taking a picture of them! A photographer hired to shoot an event, or a professional photojournalist, would likely pass a ‘legitimate interests’ exception, but there are still questions to be answered when it comes to the balance of ‘legitimate interests’ to take a photograph, and the interests or fundamental rights and freedoms of the subject of the photograph – particularly when the subject is a child.
Freedom of expression does not seem to fall into the category of ‘legitimate interests’, leaving non-professional photographers more exposed to prohibitions on capturing images of people who aren’t friends or family.
The GDPR is still new and there is hopefully going to be some bedding down as unintended consequences – like the end of street photography in Europe – are sorted through. Currently freedom of expression is collateral damage in the pursuit of data protection.
There hasn’t been a lot written on the GDPR and photography but perhaps the most succinct and helpful article we came across in preparing this story was, of all places, on the Skylum (software) website: ‘Photographers and videographers are affected [by the GDPR] especially wedding, sports or event photographers – because they store sensitive data like other businesses,’ it states. ‘Every recognisable image of someone is data, even if they are in the background of the image. If you are photographing a wedding, event, or doing some street photography, you’re collecting people’s personal data without knowing it.’
The article goes on to explain the measures photographers need to take to be compliant.
Indeed, this paints a picture for a scary future for professionals and amateurs alike. When even freedom of expression comes in to question. Though, you’d be forgiven for thinking that laws like that already exist in this country. Just today I was accosted on the street (footpath), for taking photographs of a car, parked on the street. The individual who accosted me knew nothing of the laws pertaining to photographing in public places.He tried to tell me that photographing the number plate was a conflict of copyright laws. Clearly he was for far off base. But still, thought he knew the law. Just image the General public’s further misunderstanding and miss interpretation of the laws if similar laws were to be introduced here.
I hope this grabs the medias use of any image they choose. Will be interesting if that happens No more news bulletins. No photos of crowds, sporting events or disasters