Can some technologies simply not meet the GDPR requirements, no matter what you do?
GDPR provides the guidelines and framework under which companies can process personal data, allowing companies to assess their practices and apply required protective measures. But the EU’s Digital and Competition Chief said this week that automated facial recognition breaches GDPR as a whole, since the technology will always fail to meet the regulation’s requirement for consent, in connection with sensitive data.
Processing of sensitive data is restricted, unless it meets a range of exceptions and special cases, such as public security, and people’s faces fall into that category. As facial recognition is used for security purposes in the private sector, it is interesting whether this would require companies to change their practices.