Want to use wearable technology in your business? Check out new ICO guidance first

Want to use wearable technology in your business? Check out new ICO guidance first

Picture the scene: you’re paying for your flat white coffee in an achingly fashionable part of town. The lavishly-bearded hipster behind the counter asks whether you want to pay in Bitcoin.

Suddenly, you notice that his glasses have a miniature camera attached to them, recording the unrelenting tedium of the whole transaction.

As you fumble for some change—you are all out of Bitcoins—you wonder why he is recording any of this at all. In fact, is he allowed to? Did he ask whether he could?

You noticed a handful of CCTV cameras as you wandered in but didn’t see any notices saying ‘WARNING: our staff wear cameras on their glasses which may record your every—every—move.’ He’s not wearing a badge saying ‘SMILE! You’re being filmed by me (although I’m not entirely sure why)’

Is this our future?

Yes: to a degree.

Businesses have already started investigating the technology and how it might be used to enhance customer experiences.

As a result, law-makers and regulators have also been grappling with the above issues. Whilst the EU’s Data Protection Regulation is still being negotiated, the UK’s Information Commissioner’s Office (ICO) has been a bit quicker off the mark. Yesterday, it published its updated code of practice for surveillance cameras which sets out when and where it believes this technology can be used.

https://twitter.com/ICOnews/status/522480835115892739

It is clear that the use of technology, such as Google Glass, will need to be a tad more sophisticated than in the example above.

So what does the code say?

For a start, page 5 of the code makes it clear that businesses—and not just public authorities—need to comply with the code:

the private sector is required to follow this code to meet its legal obligations under the [Data Protection Act 1998]. Any organisation using cameras to process personal data should follow the recommendations of this code.

It goes on to clarify, at page 8, that just because the technology is oh-so-trendy isn’t a good enough reason to use it:

You should ... carefully consider whether or not to use a surveillance system. The fact that it is possible, affordable or has public support should not be the justification for processing personal data.

The code goes on to say, (again, at page 8):

You should also take into account the nature of the problem you are seeking to address; whether a surveillance system would be a justified and an effective solution, whether better solutions exist, what effect its use may have on individuals, and whether in the light of this, its use is a proportionate response to the problem.

So does it actually mention wearables?

Yes, a bit: the ICO calls wearables ‘BWVs’ (eg body worn videos).  A fair amount of information on them is set out on pages 26 to 29 of the code.

By way of example, here’s some of the questions it suggests that you need to ask:

  • Can the use of the wearable be justified?:
    • is it proportionate?
    • is it necessary? and
    • does it address a pressing social need?
  • If you are looking to record continuously, is there a strong justification for doing so?

This is a remarkably high set of thresholds for any business to fulfil. Recording customers and enhancing their experience is usually a ‘nice to have’ and rarely a necessity. As for addressing a pressing social need, arguably not many businesses could prove this, certainly in the context of wearables.

Then there are the practical considerations: can all this data be stored and at what cost?

So query whether this advice will, for the time being, kill the nascent use of wearables dead? After all, this advice seems to be tailored more for public authorities, such as traffic wardens, that need to record their work from time to time as opposed to businesses which will use the technology in ways that we are not (yet) aware of.

I spoke to Head of Intellectual Property and Media at Bermans LLP, Steve Kuncewisz, earlier. Steve is also a member of our Lexis®PSL Commercial Consulting Editorial Board. He told me that the ICO producing guidance was “laudable”. The problem is that the ICO all too often falls under the radar of the public: “People don’t know that the ICO is there”. A burgeoning work load and budget cuts means that it struggles to be heard in the media din. How will this advice be heeded if people aren’t aware of it?

That said, Steve believes that the ICO is at the forefront of the debate, albeit it a debate that is still at ‘Betamax’ stage. We simply don’t know how the interplay of privacy rights and the ever-increasing desire of people to have a richer experience will turn out. Steve questions whether an increasingly narcissistic public will care about foregoing their privacy. The law and ethics are struggling to keep up with the law.

So where do we go from here when everything is so fluid?

If you want to use this technology in your business, Steve recommends engaging with the ICO where possible: register for the webinar on this subject that is taking place tomorrow; keep a robust audit trail of your decisions; keep abreast of developments.

https://twitter.com/ICOnews/status/522375467543044096

We’ll certainly be keeping an eye on things. This is an area that is guaranteed not to stand still.

Watch this space.

So, do you use wearables? Do you intend to do so? Let us have your thoughts below.

Even better, why not come along to the Halsbury’s Law Exchange’s forthcoming panel discussion: Wearable technology – the impact on society and privacy on 4 November? At the time of writing this there are still places available. And if you are wondering what all the fuss is about, here's an example:

http://www.youtube.com/watch?v=Z3AIdnzZUsE

UPDATE (17 October 2014, 3.10pm): Just took part in the ICO's webinar on surveillance cameras and its new code. In it Jonathan Bamford, Head of Strategic Liaison at the ICO, noted that wearables are increasingly deployed by organisations.

What worries him is that body worn video (BWV) is often a 'shiny bit of new tech' and this fact seems to overrule everything. The use of BWV may be a 'populist thing' but it is more intrusive and therefore its use demands careful thought, particularly given that much of this technology can record video and audio (the latter being much more problematic from a privacy point of view). He encouraged the use of technology which indicates when it is in use eg a flashing light showing that the device is recording.

Bamford also mentioned that storage is typically an issue. There is often a lot of data involved which means that organisations might use the Cloud. Using the Cloud has many data protection challenges as data is sometimes stored outside of the UK.

Finally, the big question of how BWV may be useful lawfully by businesses (as opposed to the public sector) was not dealt with on this occasion. The guidance of the ICO refers to its use by the police or traffic wardens (eg bodies in the public sector); it is less clear what the ICO's approach is, in detail, to businesses in their use of wearable technology. As I mention above, can there ever be a 'pressing social need' for its use in business circles, except perhaps for security or crime-prevention purposes? I'm sure that this question, and many more, will be challenging the experts in the field in November's HLE panel discussion (see above for details). Come along if you can...

Latest Articles:
empty_kids_classroom
Coronavirus (COVID-19) —DfE publishes research on school response to pandemic
Covid-19 |
1 min read
devastated_workman
NCA says port workers may be vulnerable to OCGs exploiting coronavirus (COVID-19)
Covid-19 |
1 min read
covid_19_swab
Overview of coronavirus (COVID-19) review procedures for treatments published
Covid-19 |
1 min read
How can in-house lawyers help their organisations financially?
In-House |
3 min read