JISCMail - DATA-PROTECTION Archives

That’s a good point - I’m tempted to say that I can’t imagine ICO doing
anything about it, but that’s cheating. Strictly for the purposes of a
non-EU transfer which publication on the internet would represent, I can’t
see that any of the other justifications would be likely to apply.

-- 
Tim Turner
www.2040training.co.uk

From: Data Protection <[log in to unmask]>
<[log in to unmask]>
Reply: Data Protection <[log in to unmask]>
<[log in to unmask]>
Date: 28 September 2018 at 17:04:27
To: [log in to unmask] <[log in to unmask]>
<[log in to unmask]>
Subject:  [data-protection] FW: [data-protection] FW: Filming Photography
of Students during Sporting Event

As many photographs are destined to end up on a website would consent not
be necessary to the enable transferring of personal data outside the EU in
the absence of an adequacy decision or other appropriate safeguards?  This
is the basis on which I have been assuming that consent will normally be
required for photographs.



Regards

Fiona Wheater

Governance and Information Compliance Manager

University of Stirling





*From:* This list is for those interested in Data Protection issues [mailto:
[log in to unmask]] *On Behalf Of *Tim Turner
*Sent:* 27 September 2018 12:44
*To:* [log in to unmask]
*Subject:* Re: [data-protection] FW: Filming Photography of Students during
Sporting Event



I think it’s a mistake to assume that consent is required. An organisation
can adopt that as a policy, but it isn’t required. Care needs to be taken
when using personal data about young people, but equally, there is nothing
in the GDPR that says that photographing public events or publishing
identifiable data requires consent to be obtained. This kind of
misinformation is why Data Protection has historically had such a bad name.
If an organisation decides never to identify people in images without their
consent, they should explain that this is their policy, and not claim that
is a requirement of the GDPR. As Robert Scott sets out in his reply, a
legitimate interests assessment can be an appropriate alternative to
consent in many circumstances.



Tim Turner

www.2040training.co.uk


From: Steve Forecast <[log in to unmask]>
<[log in to unmask]>
Reply: Steve Forecast <[log in to unmask]>
<[log in to unmask]>
Date: 27 September 2018 at 12:38:06
To: [log in to unmask] <[log in to unmask]>
<[log in to unmask]>
Subject:  Re: [data-protection] FW: Filming Photography of Students during
Sporting Event



Should it also be stated somewhere that no one will be identified in a
photo unless their agreement has bene obtained, i.e. no names?



*From:* This list is for those interested in Data Protection issues <
[log in to unmask]> *On Behalf Of *Scott, Robert J
*Sent:* 27 September 2018 09:22
*To:* [log in to unmask]
*Subject:* Re: [data-protection] FW: Filming Photography of Students during
Sporting Event



Morning



I would not try and limit yourself. Consider a layered approach and instead
of consent, utilise legitimate interest with different measures to show a
balanced approach which will be evidenced in the LIA. Based on your initial
options:



1.       Put up notices at the location which state photographs will/are
being taken, explaining why and provide possible alternatives for
individuals to avoid having their photo taken. Also state that if a photo
is taken which they did not intend to be a part of then to speak to the
photographer and it will be deleted.

2.       Notify the competing institutions so that it can be disseminated
to their players and objections raised before the event and mitigating
actions put in place

3.       Ensure the photographer adheres to requests for deletion and is
clearly visible in cases where parents may laso be present taking photos



The only times I would use consent would be where/if the photo could be
seen as potentially having an effect on the data subject or where they
could be deemed more ‘vulnerable’ or if the setting is such that
assumptions could lead to other personal data being identified. An example
of this could be if photos were taken in a medical setting and could hint
at potential health data etc.  then consent must always be obtained though
clearly this is not the intention here



The ICO guidance has always been suitably lacking regarding photos though
whilst referring to the DPA 98 there is no mention of strict consent only
mention of a common sense approach ‘can I take a photo?’ coupled with clear
transparency.



https://ico.org.uk/media/for-organisations/documents/1136/taking_photos.pdf



Kind regards





Robert J Scott

Data Protection Officer

Central Secretariat

Imperial College London

South Kensington Campus

Level 4 Faculty Building

London, SW7 2AZ



Tel: +44(0) 20 7594 3502



Email: [log in to unmask]

www.imperial.ac.uk/data-aware







*From:* This list is for those interested in Data Protection issues [
mailto:[log in to unmask] <[log in to unmask]>] *On
Behalf Of *Jon Baines
*Sent:* 27 September 2018 09:16
*To:* [log in to unmask]
*Subject:* Re: [data-protection] FW: Filming Photography of Students during
Sporting Event



Why do you need consent?



I’m not saying you definitely don’t, but a legitimate interests assessment
might result in an alternative approach.



Jon Baines,

Chair,

NADPO


On 27 Sep 2018, at 08:07, Clayton, Debbie <[log in to unmask]> wrote:

Good Morning,



Is anyone able to advise on this please as I can find no clear guidelines.



As a Land-based and Sports College, our students compete in many league
matches and tournaments which are photographed/filmed for social media and
marketing purposes.  Many of these photographs will include one or more of
our own students but with an opponent in close proximity, on a basketball
court for example.



We have obtained the appropriate consents from our own students but are we
now unable to publish any such photographs, do we require explicit consent
from each individual against whom we are competing or is there something
that I haven’t considered.  Presumably, the Colleges against who we are
competing will be using photographs containing similar images of our
students.



Kind regards,

Debbie



------------------------------
------------------------------
The University achieved an overall 5 stars in the QS World University
Rankings 2018
The University of Stirling is a charity registered in Scotland, number SC
011159.
------------------------------

All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the
email if you are receiving emails in HTML format):

   - Leaving this list: send *leave data-protection* to
   [log in to unmask] <[log in to unmask]&BODY=LEAVE
   data-protection>
   - Suspending emails from all JISCMail lists: send *SET * NOMAIL* to
   [log in to unmask] <[log in to unmask]&BODY=SET * NOMAIL>
   - To receive emails from this list in text format: send *SET
   data-protection NOHTML* to [log in to unmask]
   <[log in to unmask]&BODY=SET data-protection NOHTML>
   - To receive emails from this list in HTML format: send *SET
   data-protection HTML* to [log in to unmask]
   <[log in to unmask]&BODY=SET data-protection HTML>

All user commands can be found at
https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are
sent in the *body* of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
<[log in to unmask]>

(Please send all commands to [log in to unmask]
<[log in to unmask]> not the list or the moderators, and all requests
for technical help to [log in to unmask], the general office helpline)
------------------------------

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^