Contact

Facial recognition…a necessary evil?

Back to top

Facial recognition…a necessary evil?

1 Sep 2014 3 min read Data Protection and Privacy Alert Article

An investigative report was recently released by DigBoston (a free, alternative newsweekly published in Boston, Massachusetts) in respect of a new event-monitoring facial recognition surveillance system used by the City of Boston (City) as part of a pilot project during two public music events held in May and September 2013. The City used this system to track and monitor concert goers, without their knowledge. Utilising existing security cameras together with the system, the City tracked the thousands of concert goers and filtered their appearance (with the system being capable of distinguishing people by characteristics such as glasses, skin tone and beards) into data points which could then be cross-checked against certain identifying characteristics. The data captured through the software was transmitted to a hub, where, according to the report, city representatives, Boston Police and the software service provider support staff could watch, in real time, everything and anything whilst simultaneously monitoring social media key words related to the event.

According to the report, although the purpose of using the system was to enable the City to pick up on 'suspicious activity' (for example alerting the authorities when: (a) a person loiters near a doorway (as if trying to gain entrance), or (b) a person climbs a perimeter barricade/s; or (c) an abandoned object is found or left near barricade/s), it seems that the system was able and planned to be used to capture the face of every person who approached the door. The system, and particularly the extent to which it can and was used, while useful in certain respects, raises certain privacy concerns, as was highlighted in the report.

When considering this in the South African context, regard must be had to the Protection of Personal Information Act, 4 of 2013 (POPI), a South African legislative initiative designed to give effect to the right to privacy enshrined in section 14 of the Constitution and to provide for comprehensive and robust South African data protection laws. POPI prohibits the processing of personal information, unless it is carried out in accordance with the principles set out in POPI, including, amongst others, that there must be a level of awareness among data subjects of the collection of their personal information and the reasons or purpose therefor. POPI defines both 'processing' and 'personal information' extremely widely, with 'personal information' being defined to include biometric information. It is clear from the definitions of 'personal information' and 'processing' in POPI that biometric verification will constitute 'processing' of 'personal information'. As such compliance with the conditions for lawful processing of personal information, as set out in POPI, are likely to be required when using technologies such as the system used by the City.

A responsible party using verification and monitoring technologies will need to ensure that it, amongst others, and with due regard to the exceptions under POPI (including where, for example, processing is required for the proper performance of a public law duty by a public body such as the SAPS): (i) uses personal information for the purpose of which it was collected; (ii) obtains consent from affected persons (data subjects); and (iii) secures the personal information adequately.

In addition to the protections afforded by POPI, the South African Constitution recognises the right to privacy of each individual (which includes the right to be free from intrusions and interference in one’s personal life). South African courts have, however, also recognised that this right is not absolute as the scope of personal privacy is considered to diminish when a person enters into communal relations and activities involving business and social interactions. This notwithstanding, it is imperative that any person processing personal information, be cognisant and aware of the provisions under POPI together with Constitutional considerations and protections. It is clear that, under POPI, transparency towards data subjects is key.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

26 Apr 2023

by Lara Granville and Dean Tennant

The Competition Appeal Court stays Standard Bank’s review pending discovery

The Competition Appeal Court (CAC) has ruled that the review by Standard Bank SA (SBSA) of the Competition Commission’s (Commission) decision to refer a complaint against it, must be stayed pending the completion of the discovery process in the complaint referral proceedings. The decision arguably limits the rights of respondents in complaint referrals to just administrative action.

Competition Law

3 min read

2 Nov 2023

by Nicholas Carroll

Don’t go banking on review

The ability to review our revenue service’s decisions in the High Court is a question that has plagued South Africa’s legal system since the amendment of section 105 of the Tax Administration Act 28 of 2011 (TAA). Now the highly anticipated decision of the Supreme Court of Appeal (SCA) in Commissioner, SARS v Absa Bank Ltd and Another ZASCA 125 (29 September 2023) ( Absa ), dealing with just this issue, has been handed down. However, no ground-breaking decision, as hoped, was forthcoming, and taxpayers have returned to square one.

Tax & Exchange Control

7 min read

31 Aug 2023

by Mashudu Mphafudi, Kuda Chimedza and Michael Bailey

Rooftop solar: Energy bounce back loan guarantee scheme

Professor Anton Eberhard estimates that as of June 2023, households and businesses have installed 4,412 MWs of rooftop solar. Not only is this double the capacity of Eskom under its four previous Renewable Independent Power Producer Programme (REIPPP) but nearly a 350% increase of the installed capacity by households and businesses since March 2022. Although households and businesses who have the means to install rooftop solar will continue to do so, there remains a funding gap that still requires government intervention.

Finance & Banking Law

5 min read

7 Dec 2023

by Lucinde Rhoodie and Muwanwa Ramanyimi

Vulnerability caused by compliance: Section 129(7) of the Companies Act 71 of 2008 and the risk of being wound up

A lot has been said and written about directors’ fiduciary duties and the pitfalls directors expose themselves to when making business decisions, almost daily. The circumstances which may lead a director to breaching their fiduciary duties are broad, and to determine whether a director actually breached their fiduciary duties often requires an extensive factualenquiry. 

Business Rescue, Restructuring & Insolvency

4 min read

3 Apr 2024

by Njeri Wagacha

Njeri Wagacha talks to Anne Muraya

In March we celebrated International Women's Day and to commemorate this Njeri talked to Anne Muraya – Chief Executive Officer of Deloitte East Africa.

53:37 Minutes

12 Oct 2023

by Alex Kanyi

Comments on the Draft Medium-Term Revenue Strategy (MTRS)

CDH Kenay Partner Alex Kanyi discusses the Draft Medium-Term Revenue Strategy.

Tax & Exchange Control

1:00:59 Minutes

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline