Data Protection News Update 26 February 2024

United Kingdom

ICO orders Serco Leisure to stop using facial recognition technology to monitor attendance of leisure centre employees

  • The Information Commissioner’s Office (ICO) has ordered public service provider Serco Leisure, Serco Jersey and seven associated community leisure trusts to stop using facial recognition technology (FRT) and fingerprint scanning to monitor employee attendance.
  • An investigation by the ICO found that Serco Leisure and the trusts have been unlawfully processing the biometric data of more than 2,000 employees at 38 leisure facilities for the purpose of attendance checks and subsequent payment for their time.
  • Serco Leisure and the trusts failed to show why it is necessary or proportionate to use FRT and fingerprint scanning for this purpose, when there are less intrusive means available such as ID cards or fobs.
  • The ICO has issued enforcement notices instructing Serco Leisure and the trusts to stop all processing of biometric data for monitoring employees’ attendance at work, as well as to destroy all biometric data that they are not legally obliged to retain.

Privacy Preserving Federated Learning: Understanding the Costs and Benefits

  • The UK Information Commissioner’s Office (ICO) and the Department for Science, Innovation and Technology collaborated on a multipart series to help entities understand the benefits of privacy-enhancing technology.
  • The first entry focused on federated learning, or training machine learning without using centrally collected training data.
  • They shared written that Privacy Enhancing Technologies (PETs) such as federated learning could enable organisations to collaboratively use sensitive data in a privacy-preserving manner and, in doing so, create new opportunities to harness the power of data for research and development of trustworthy innovation.

United States

Facial Recognition: Coming Soon to an Airport Near You

  • Satellite company Albedo Space plans to use satellites at low altitudes that would be able to take images of people but not identify them.
  • Based in Denver, Albedo Space has 50 employees and raised roughly $100 million, planning to launch its first satellite in early 2025.
  • Electronic Frontier Foundation General Council, Jennifer Lynch, said people should be concerned about that privacy implications this technology could have- “this is a giant camera in the sky for any government to use at any time without our knowledge,” says Lynch.
  • Head of Albedo Space, Topher Haddad, says they are “acutely aware of the privacy implications,” sharing that the technology will image people but not be able to identify them, and the company is taking administrative steps to address a wide range of privacy concerns.
  • Albedo Space expects civilian customers, such as city planners looking for potholes on roads, conservation groups tracking wildlife, and insurance companies surveying roof damage.

When eyes in the sky start looking right at you: new satellites that orbit the Earth at very low altitudes

  • Facial recognition technology is expanding across US airports with the goal of making it easier for travellers to go through the Transportation Security Administration (TSA) screening.
  • Facial recognition technology is currently used at more than 30 US airports and matches a picture taken at the airport “to a physical scan of a license or passport…the photo is deleted shortly afterward, according to the agency.”
  • Dr. Morgan Klaus Scheuerman, a postdoctoral researcher at the University of Colorado who studies the ethics of artificial intelligence and digital identity, said many questions have emerged about the use of biometrics at airports: how are the systems being trained/evaluated? Would opting out be considered a red flag? What if your documents don’t match your current appearance?
  • TSA executive director overseeing checkpoint technologies, Melissa Conley, said that biometric technology is better than human agents at matching faces rapidly and accurately.
  • Critics believe that they technology’s convenience fails to outweigh a high potential for abuse, from unfettered surveillance to unintended effects like perpetuating racial and gender discrimination.


Commission opens formal proceedings against TikTok under the Digital Services Act

  • The European Commission launched a formal inquiry into a possible violation of the Digital Services Act by TikTok following an analysis of its September 2023 risk assessment report and responses to requests for information.
  • The investigation will focus on issues such as TikTok’s algorithms that result in addictive engagement, if adequate default privacy settings for minors are in place, and compliance with DSA requirements to provide a searchable database of advertisements on the platform.


South Korea’s Personal Information Commission begins full-scale evaluation of personal information processing policies

  • South Korea’s Personal Information Protection Committee (PIPC) began evaluating personal information processing policies under the country’s revised privacy protection law.
  • The PIPC’s review will include how much and what kinds of personal information are processed, whether a company has the right to process that data and what penalties, if needed, will be assigned.


More Posts

Send Us A Message