Data protection in AI-powered video surveillance
Video surveillance is now an indispensable part of modern security systems. In particular, 24/7 real-time monitoring provides companies and institutions with the ability to maintain security measures around the clock. At the same time, significant data protection issues arise, affecting both the privacy of the monitored individuals and the legal requirements. Artificial intelligence (AI) offers crucial advantages for both efficiency and privacy protection. This article examines the data protection challenges and potentials of AI-supported surveillance as well as legal foundations in more detail.
Important data protection principles in video surveillance
1. Purpose limitation and data minimization
One of the central principles of data protection in video surveillance is purpose limitation. This means that the collection and processing of video data is only permitted if it serves a clear and legitimate purpose. In practice, this is usually the protection of people and property, the prevention of crimes, or ensuring the smooth operation of a business. The principle of data minimization states that the collected data must be limited to the absolute necessary minimum. This means that no more data may be collected than is necessary to achieve the surveillance purpose
2. Transparency and Information translate to Englisch
Another important data protection principle in video surveillance is transparency. Affected individuals – those who are captured by the video surveillance – must be clearly and unambiguously informed that they are being monitored. This is usually done through visible and well-placed signs indicating that the area is under video surveillance
These signs must not only indicate the presence of the cameras but also contain additional information, such as
- The person responsible for monitoring (e.g., the company or organization operating the cameras)
- The purpose of surveillance (e.g., “For the safety and protection of people and property”)
- Information on how the affected individuals can exercise their data protection rights (e.g., how they can contact to obtain information about their data)
3. Consent
In non-public or particularly sensitive areas – such as the workplace or private spaces – the explicit consent of the affected individuals is often required before surveillance can be conducted. The consent must be given voluntarily, specifically, and on an informed basis. This means that the affected individuals must know exactly what they are consenting to and what consequences the surveillance will have for them
4. Retention periods
The collected video data may only be stored for as long as necessary for the original purpose of surveillance. Typically, the retention period for video surveillance is between 48 and 72 hours, unless there is a legitimate reason for longer storage, such as clarifying an incident. In cases where the data is needed for an investigation or to secure evidence in a criminal proceeding, a longer retention period may be permissible. However, this should always be done in compliance with legal requirements and must be well documented.
5. Rights of the Data Subjects
Affected individuals have various rights under data protection laws that enable them to retain control over their personal data. These rights include
- Right to information: Data subjects have the right to request information about whether and which personal data concerning them is being processed. This also includes video recordings in which they are visible
- Right to erasure: Under certain conditions, data subjects have the right to request the deletion of their data. This may be the case, for example, if the data was collected unlawfully or if the purpose of monitoring has been fulfilled and the data is no longer needed
- Right to object: Data subjects can object to the processing of their data, especially if the monitoring is based on a legitimate interest of the controller. The objection may result in the video surveillance being stopped or the data being deleted, unless there are compelling reasons that justify the processing
These rights must be made easily accessible to the individuals concerned, and companies are obliged to process corresponding requests promptly and transparently.
Challenges of Traditional Video Surveillance: More Than Just Security Data
Traditional video surveillance systems based on passive or active monitoring often face significant data protection challenges. These systems typically record data continuously and collect far more information than is necessary for the actual surveillance purpose, which is particularly problematic with regard to privacy protection
1. Passives Monitoring: Monitoring without filtering
In passive monitoring, surveillance cameras continuously record video data, which can be manually reviewed later if an incident occurs. This process results in all movements and actions in a monitored area being captured comprehensively, regardless of whether they are security-relevant or not. This comprehensive data collection contradicts the principle of purpose limitation and data minimization, as not only security-relevant information is collected. Additionally, the data is often stored for extended periods, even if no security-relevant incident occurs, increasing the risk of data protection violations
2. Active monitoring: intrusion into privacy
In active monitoring, the video material is monitored in real-time by security personnel. This means that one or more people constantly observe all activities in a monitored area, which can lead to a feeling of constant surveillance. This creates particular problems
- Lack of focus on relevant events: Although security personnel should keep an eye on security-related incidents, they also see many private or personal interactions that have nothing to do with security
- Loss of attention: Another problem with active monitoring is the limited attention span of the monitoring personnel. With hours of observation, concentration decreases, which can lead to security-relevant incidents being overlooked
3. Comprehensive collection of data without differentiation
A major problem with both passive and active monitoring is the undifferentiated data collection. Traditional surveillance systems generally record everything that happens within their field of view. This means that not only security-relevant events like burglaries or vandalism are captured, but also completely mundane and private activities. An example from the work environment is the recording of break times. Cameras directed at the break room or entrance area capture every time an employee enters or leaves the room. This leads to detailed records of when and how often breaks are taken, which significantly impairs employee privacy. This is particularly problematic if employers could use this data for disciplinary measures, which can lead to unauthorized surveillance in the workplace.
4. Lack of flexibility in data collection
Another problem is that traditional video surveillance systems offer no flexibility in data collection. They either record everything or nothing at all. There is a lack of intelligent filtering of information, so irrelevant and non-security-related data are also collected. This comprehensive collection clearly contradicts the principle of data minimization, which requires that only the data necessary for the intended purpose may be collected
5. Risk of abuse and data protection violations
The comprehensive data collection inevitably leads to an increased risk of misuse or privacy violations The more data is collected, the greater the risk that this data will be accessed or manipulated by unauthorized persons. In many cases, there is a lack of adequate access controls, and the video data may be stored longer than necessary or legally permissible
In addition, there is a risk that this data will not only be used for the original security purpose but also for other, unauthorized purposes. For example, employers could access the surveillance data to analyze their employees’ behavior or to monitor how efficiently they use their working time
The solution is AI video analysis, but a careful selection of the provider is important
Given the significant limitations and privacy risks of traditional video surveillance systems, both in passive and active monitoring, AI-based video analysis is gaining increasing importance. These modern systems offer a variety of advantages that improve both the efficiency of surveillance and the protection of privacy. AI video analysis uses advanced algorithms and machine learning to process and analyze video data in real-time. This allows them to overcome many of the weaknesses of conventional surveillance methods
However, AI-based video surveillance systems also pose challenges, particularly regarding data protection and security. In recent years, there have been significant data protection concerns and breaches related to video surveillance technologies, especially with some Chinese providers like Hikvision and Dahua
Hikvision
The company has been repeatedly criticized for privacy and security violations. The US government has placed Hikvision on the Entity List, which means that US companies need special licenses to do business with Hikvision. This happened due to the company’s role in human rights violations against Muslim minorities in China, particularly the Uyghurs. Additionally, critical security vulnerabilities were discovered in Hikvision cameras, which allowed attackers to access the devices
Dahua
Dahua was similarly sanctioned. The US government banned the use of Dahua equipment in public facilities due to national security concerns. These concerns relate to potential backdoors in the devices that could be exploited by the Chinese government
These examples show that despite the technological advancements and benefits of AI-based video analysis, data protection and security must not be neglected. It is essential to carefully select providers and pay attention to their data protection and security practices to ensure the integrity of surveillance systems and protect the privacy of the monitored individuals
Important considerations to ensure data protection in AI-powered video surveillance
When selecting the right AI video analysis provider, several important aspects should be considered. First, data protection compliance is crucial. The provider must ensure that it complies with all relevant data protection laws and regulations, such as the General Data Protection Regulation (GDPR) in Europe. This includes transparency in data collection and processing, as well as measures to secure the data. Equally important are high security standards
Transparency and traceability also play a central role. A trustworthy provider should provide detailed audit logs and access controls to ensure that only authorized personnel have access to the data. Providers that use technologies to anonymize individuals and license plates in the video data significantly reduce the risk of data protection breaches
Finally, the ability for local data storage is another important factor. Providers that enable local data storage minimize the risk of data loss and misuse. All these considerations help to find the right AI video analysis provider that meets both security and data protection requirements
How AI-powered video surveillance with Vaido solves the problems of traditional video surveillance
An outstanding example of such a solution is AI video analysis with Vaidio, which enables efficient and secure video analysis. The AI video surveillance we offer with Vaidio addresses these weaknesses and provides a more privacy-friendly alternative.
1. Purpose limitation and data minimization through event-based capture
Unlike traditional surveillance systems that record all data indiscriminately, Vaidio enables event-based capture. This means that only security-relevant incidents are detected and recorded. Instead of continuously collecting video footage, the system activates recording only when a defined event is detected, such as unauthorized movement in a protected area or entering a restricted zone
Through this intelligent filtering of events, the amount of collected data is significantly reduced, which aligns with the principles of purpose limitation and data minimization Unimportant activities, such as employee break times or personal conversations, are ignored as they are not relevant to the monitoring purpose. This protects the privacy of those being monitored and prevents unnecessary data from being collected
2. Anonymization and privacy protection
One of the outstanding features of Vaidio is the anonymization of people and vehicle license plates. The system is capable of automatically anonymizing faces and other personal data before they are further processed or stored. This ensures that the privacy of the monitored individuals is maintained, even if recordings need to be stored for later analysis or to clarify an incident.
This anonymization feature is particularly useful in sensitive areas such as the workplace, where recording employees can lead to privacy issues. Vaidio ensures that only security-relevant information is recorded, while personal data is encrypted or redacted to comply with the General Data Protection Regulation (GDPR) requirements
3. Real-time analysis and reduction of human errors
One of the biggest advantages of AI video analysis with Vaidio is the ability for real-time analysis. Instead of having to painstakingly review video footage manually after an incident, Vaidio analyzes the data in real time and immediately detects anomalies or suspicious activities. This not only reduces the workload for security personnel but also minimizes human errors that can occur due to fatigue or inattention, which are common during active monitoring
By using pattern recognition algorithms, Vaidio detects security-related incidents faster and more accurately than a human observer. For example, the platform can automatically detect if someone is attempting to enter a building without authorization, if an object is left in an unusual place for an extended period, or if an unusual number of people gather in a specific area. This allows for an immediate response to security-related incidents while everyday, private activities remain unnoticed
4. Flexible storage options and secure data storage
Vaidio offers flexible data storage, which can be either local (edge-based) or in the cloud. This gives companies the option to store their sensitive data where it meets the highest security standards and complies with data protection requirements. In any case, Vaidio ensures that the recorded data is encrypted to prevent access by unauthorized persons
Furthermore, Vaidio allows for the limited storage of data. The system can be configured to automatically delete recordings after a certain period if they are no longer needed. This complies with legal requirements for retention periods and reduces the risk of data protection violations due to excessive storage.
5. Access control and audit logs
A central element of the GDPR is ensuring that only authorized individuals can access personal data. Vaidio enables strict access controls and detailed audit logs to ensure that access to video data is fully documented. Every access or modification of the data is logged, ensuring complete transparency
This function ensures that companies can always prove who accessed the data and for what purpose. This not only increases security but also builds trust with the individuals concerned, as they can be sure that their data is used only for legitimate and documented purposes
6. Avoidance of surveillance outside the legitimate purpose
One of the biggest problems with traditional video surveillance is the collection of data that has nothing to do with the security purpose, such as monitoring break times or personal interactions. Vaidio addresses this problem directly by ensuring that only events that match the predefined surveillance objectives are captured.
By using intelligent analysis models, surveillance cameras can be specifically restricted to certain zones or types of events. This means that only security-relevant data is collected, while other activities affecting privacy are hidden or ignored. This leads to a significant reduction in unnecessary data and protects the rights of the monitored individuals
Conclusion
Conventional video surveillance is fraught with significant privacy issues that jeopardize the privacy of the individuals involved and raise legal and ethical questions. The integration of AI and advanced technologies offers a promising solution to address these problems. Through real-time analysis, anonymization, and strict access controls, modern surveillance systems can increase efficiency while protecting privacy. Additionally, legal and organizational measures should be taken to ensure the transparency and security of surveillance systems. The careful selection of providers that meet these standards is crucial to avoid data protection breaches and ensure security.
Anne-Katrin Michelmann
Date: 23.10.2024