GDPR and street photography - any up to date guidance

myotis

myotis

Messages
3,259
Name
Graham
Edit My Images
No
Now that the new Data Protection Act has been in force since May 2018, has there been any update on what it means to street photography. Everything I have been able to find seems to be a lot of guessing as to what it might mean.

The ICO guide (https://ico.org.uk) doesn't seem to address how article 85 has been implemented, which I assume is the crucial part of the EU legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN)

Does anyone have any links to up to date good quality advice.

Thanks, Graham
 
Does GDPR affect street photography? After all, you aren't capturing any 'data', just images. GDPR is only concerned with personal data such as names, addresses etc, as far as I know, so i'd have thought there would be no problem, unless you are asking people for names and addresses once you have taken their picture (and then, you just have to ask their permission to share that data and you are covered).
 
I wouldn't think it would apply. You're not associating anything other than their likeness. If you present your photo with accompanying text that identifies the individual or information that contains their data (email, phone number etc) you'd need to worry, but generic street shots - no.
 
https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf

p14-16 talks about a random photo with someone in it that the police might want to identify. It states it's not personal data when held by the estate agent but when the police start to investigate who that person is - it becomes personal data. If you're using the data to investigate, document or uncover who they are - it's personal. If not, it's not.

Thanks for pushing back on this. It prompted me to look it up.
 
Harlequin565 said:
https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf

p14-16 talks about a random photo with someone in it that the police might want to identify. It states it's not personal data when held by the estate agent but when the police start to investigate who that person is - it becomes personal data. If you're using the data to investigate, document or uncover who they are - it's personal. If not, it's not.

.
Click to expand...

Thanks, this was an interesting document, but it confirms why I am looking for some sort official statement on street photography. There was also mention that an individual recorded in CCTV was considered personal data , because you would be able to identify that person from the CCTV.

So what happens if you photograph someone in the street, reading a newspaper, where you can easily identify the town, the person and the date on the newspaper and then post the image on your street photography web site. This could provide a fair bit of personal data, even if you don't know the name.

Now, I think this still falls under the idea that when you are in a public place, your face is public, but equally, there does seem an argument for that example photograph as a whole falling within the bounds of "personal data" , if someone could the identify the individual from the photograph and use it as evidence that they were in that particular town, that in some enquiry they had denied ever visiting.

But, its because I have waded through so many forum threads, bouncing around all sorts of ideas about this , that I posted my question, in the hope for something a bit more official.
 
Google turned up this

the GDPR does not apply to people processing personal data in the course of exclusively personal or household activity.
Click to expand...

My guess is that if they are photos for your own pleasure then you are fine, if you operate a business it might be different
 
myotis said:
here was also mention that an individual recorded in CCTV was considered personal data , because you would be able to identify that person from the CCTV.
Click to expand...

That's got to be a load of b*llocks surely?

If I send you 5 photos of people, 1 including me and ask you to identify me... you would guessing at best. It tells you nothing about me as a person.

Does that stop crime stoppers using peoples photos?
 
sirch said:
Google turned up this
My guess is that if they are photos for your own pleasure then you are fine, if you operate a business it might be different
Click to expand...

Yep, but what happens if you post an image on your street photography web page, is that then a "public" rather than a personal activity. And is a personal website different or the same as facebook or instagram, or Flikr.

I really don't know, which is why I asked if there had now been anything official published as all sorts of ideas have been bandied about.
 
keef32 said:
That's got to be a load of b*llocks surely?

If I send you 5 photos of people, 1 including me and ask you to identify me... you would guessing at best. It tells you nothing about me as a person.

Does that stop crime stoppers using peoples photos?
Click to expand...

It does tell me that you were there, which I think relates to the point harlequin was making, that in itself it may not be personal data in terms of the Act, but should you become part of a criminal investigation, and you can be identified as being present in many places associated with a crime, then it does fall within the bounds of being personal data.

But we are revisiting all the other threads and discussion on this, I am still hoping to find some official guidance from somewhere on how it affects, or does not affect street photography.
 
I doubt you are going to get a definitive answer on here or anywhere else until a specific test case has been to the ICO and/or the courts. What is the real concern here? If you are a business you need to follow GDPR, if not just carry on doing what you are doing, if a person complains just take down the photo, which is what I assume any reasonable person would do before GDPR.
 
keef32 said:
Have you tried to contact the ICO?
Click to expand...
No, I was kind of hoping that someone would have been able to point me towards some guidance that they knew about. I could try asking the ICO, but not sure of the full scope of the question, so would rather find some exsiting guidance.
 
myotis said:
It does tell me that you were there, which I think relates to the point harlequin was making, that in itself it may not be personal data in terms of the Act, but should you become part of a criminal investigation, and you can be identified as being present in many places associated with a crime, then it does fall within the bounds of being personal data.

But we are revisiting all the other threads and discussion on this, I am still hoping to find some official guidance from somewhere on how it affects, or does not affect street photography.
Click to expand...

But the police can make a request to obtain personal data anyway.. so what you're saying is that if someone breaks into my house and I post the images online to ask for someone to identify them then the person who has burgled my house is within their right to sue me?

I think you are best off asking the ICO for clarity not a load of people on a photography forum who have access to the same information as yourself who can interpret it differently.
 
sirch said:
I doubt you are going to get a definitive answer on here or anywhere else until a specific test case has been to the ICO and/or the courts. What is the real concern here? If you are a business you need to follow GDPR, if not just carry on doing what you are doing, if a person complains just take down the photo, which is what I assume any reasonable person would do before GDPR.
Click to expand...

I wasn't really asking for a definitive answer on here, only if someone knew if any guidance had been published. I don't have a specific concern, just found myself reading about it, but everything was people guessing at what it might mean, with some extreme views coming out, e.g some American sites reported that all photography in public places was now banned in Europe, and Americans were cancelling European holidays because of it. I was under the impression that nothing had really changed, and even after doing some GDPR training at work, I was still confident that nothing had really changed.

But, it does seem potentially a little more complicated than I thought (maybe it isn't), and just out of curiosity I thought I would ask if there had now been some guidance published.
 
keef32 said:
But the police can make a request to obtain personal data anyway.. so what you're saying is that if someone breaks into my house and I post the images online to ask for someone to identify them then the person who has burgled my house is within their right to sue me?

I think you are best off asking the ICO for clarity not a load of people on a photography forum who have access to the same information as yourself who can interpret it differently.
Click to expand...

There are lots of derogation on when Personal data can be used, e.g. in the public interest, so I suspect the example you cite I suspect it would be personal data, but that wouldn't stop it being used.

To be fair to my question, I didn't ask anyone their opinion about this, I asked if anyone knew of any guidance that had been published.
 
I really don't think this can apply to an image/video:

Examples - a press photographer takes a picture of a demonstration - how is he/she going to get permission from everyone in the image? TV coverage of an international football match - same applies to the c80,000 crowd at Wembley.

You are obviously very concerned about this so why don't you just ask ICO?
 
myotis said:
I am looking for some sort official statement on street photography
Click to expand...

I don't think you'll get an official statement on street photography if there's not even an official statement on what constitutes personal data.

myotis said:
e.g some American sites reported that all photography in public places was now banned in Europe, and Americans were cancelling European holidays because of it
Click to expand...

I get this and it doesn't surprise me. We had a lady at our village show this summer who told me I couldn't take photos of the exhibits "because of GDPR". I just told her she was wrong and carried on shooting. She huffed and tutted but went off to annoy her friends instead of me. Some people will want to argue so it's always nice knowing what the proper legal standpoint is so that you can present your case confidently without looking like a buffoon. The impression I got from all the research I did was that they aren't trying to prosecute every single individual who collects the smallest amount of information on the tinyest thing. They're after people who are abusing individuals' data. So in the highly unlikely case that someone pulls me up on it, I will probably tell them they're wrong and ignore them, or - if they're bigger than me, agree. Life's too short to argue when I'm out and about, and I gave up long ago trying to change other people's opinions. Most people are insane.
 
FlyPhot said:
I really don't think this can apply to an image/video:

Examples - a press photographer takes a picture of a demonstration - how is he/she going to get permission from everyone in the image? TV coverage of an international football match - same applies to the c80,000 crowd at Wembley.

You are obviously very concerned about this so why don't you just ask ICO?
Click to expand...

The example you give is covered by article 86, which are the derogations that member states are meant to build into their own legislation (to suit local requirements) when they transpose the European Regulations.

I'm not very concerned, just interested, and given how much interest there was earlier in the year, I just thought there might have been some guidance available.
 
Harlequin565 said:
I don't think you'll get an official statement on street photography if there's not even an official statement on what constitutes personal data.
Click to expand...

That's the way the law works of course and what it"personal data" means will develop as we have examples of case law, but that doesn't usually stop some guidance being produced by someone, and indeed there is lots of guidance around, just not directed at street photography.

And yes, I have met my fair share of people like you describe.:)
 
The first question is: Are you a business or organisation ?

If you are an individual using personal data for your own purposes and for no commercial gain, or for household acvtivity then GDPR does not apply to you. The clue is in the penalty for not complying with GDPR: 2-4% of revenue.

If you are a business or organisation (this can include clubs, charities, groups etc), then you are covered by GDPR.

This is an excellent document from the ICO which includes the handling of photos for a business and organisation (the more extreme case of personal vs. business use):

https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf

Page 14 onwards gives some very good examples. If you are doing street photography and not seeking to learn anything personal about the person being photographed, then the business or organisation is ok.

If you are personally taking photos of an individual and trying to learn more about them, you are not breaching GDPR but are probably a stalker...
 
Defiance said:
This is an excellent document from the ICO which includes the handling of photos for a business and organisation (the more extreme case of personal vs. business use):

https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf

Page 14 onwards gives some very good examples. If you are doing street photography and not seeking to learn anything personal about the person being photographed, then the business or organisation is ok.

If you are personally taking photos of an individual and trying to learn more about them, you are not breaching GDPR but are probably a stalker...
Click to expand...

Thanks for this, I did know the basics having completed an 8 hour online course with exam on GDPR as a required part of my work (mentioned in previous post), and had also referenced content from the document you linked to in an earlier post.

However, some how, I had read the linked doc from the "second" example on page 15, entirely missing the relevant "first" example, which addressed the grey area I was interested in, so thanks for prompting me to re-read this, because the first time round I hadn't found it very useful.

That first example does seem to make it clear that even if you sell photographs that include recognisable people in public places GDPR hasn't made any changes to the existing restrictions.

I have read a lot of conflicting things about this, for example the personal vs business distinction can be a bit grey e.g there are people who are not in the photography business, but still make a few pounds selling stock (properly declared in their tax return). I have read I more than one place that if you sell even a single photograph this will mean you fall under GDPR, because it was no longer personal use, and it would seem (though I never saw it explained, that there is an assumption if you make money from it, it can no longer be for artistic purpose !! The example from the ICO would seem to clearly demonstrate this isn't true.

Thanks again, I feel happier now that I have seen something official that seems to address the grey area I was interested in.
 
This came up the other day on a Facebook group, it seems that if the street photos are deemed as Art, then you should be OK. I think that's a huge grey area though.
 
Nostromo said:
This came up the other day on a Facebook group, it seems that if the street photos are deemed as Art, then you should be OK. I think that's a huge grey area though.
Click to expand...

It's less of grey area after reading the first example in the ICO guidance, in terms of what I was primarily interested in. The point about work of art, was that it was suggested in some places that as soon as you sold a photograph, it fell within GDPR, as it became a product and didn't fall Ito being a work of art. I do think however that ICO example of a photojournalist selling stock covers the question well.
 
I recently joined Ipernity. I am based in he United States. Ipernity is based in France. I posted two street portraits of strangers on my Ipernity account. I got a message stating that I can post these images only in a private album, but not for public display. I haven't been able to figure out why this is so. But, now I understand. It has to do with the new GDPR. We've nothing like that here in the U.S.A. So, it is all new to me.

Take a look at this article if you'd like to know how the GDPR impacts street photographers in the EU;

https://petapixel.com/2018/05/30/how-bad-is-gdpr-for-photographers/
 
Last edited:
[QUOTE="sands, post: 8268009, member: 43611"

Take a look at this article if you'd like to know how the GDPR impacts street photographers in the EU;

https://petapixel.com/2018/05/30/how-bad-is-gdpr-for-photographers/[/QUOTE]

This was one of the articles that helped confuse me, some European countries (France and Germany) have had laws affecting street photography long before GDPR, and this article is misleading (wrong) about the effects of GDPR.

The other thing worth being aware of that you cannot blanket the effects on "photographers in the EU" as each member state has the opportunity to ada legislation to suit their own country as long as it still complies with the core demands of the EU Directive or Regulation. The amount of flexibility depends on whether its an EU Directive or an EU Regulation, but it means that once the EU legislation is translated into a member states law, there are likely to be differences between different EU countries. And each country still has it's own independent legislation, its only where it is considered important (mainly in terms of trade, to avoid unfair competition between member states) where the EU have tried to have common legal standards across countries.

For the UK, the best source is the one linked to earlier https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf where the example at the top pf page 15 makes it clear that the sort of image you are referring to, would not be considered as "personal data" and therefore falls outside the scope of GDPR. In terms of street photography in the UK, nothing seems to have changed as a result of GDPR.

The text is copied below:

"At New Year celebrations in Trafalgar Square two almost identical photographs of the revellers are taken by two separate photographers and stored in electronic form on computer. The first photographer, a photo journalist, takes a picture of the crowd scene to add to his photo library. The second photographer is a police officer taking photos of the crowd scene to identify potential troublemakers. The data in the electronic image taken by the journalist is unlikely to contain personal data about individuals in the crowd as it is not being processed to learn anything about an identifiable individual. However, the photo taken by the police officer may well contain personal data about individuals as the photo is taken for the purpose of recording the actions of individuals who the police would seek to identify, if there is any trouble, so they can take action against them.
 
What I have read is that pre-existing laws that were place on the books of a country before the GDPR are null and void, and are subordinated to the GDPR. Since what I have read contradicts what you have read it remains obscure exactly how the law shall be enforced and upon whom. Thank you for your interesting reply, though. One of us is wrong or both or neither. But, how can that be? That can be because there seems to be no clear authority to explain it at the moment. Until it gets cleared up I am not posting any street to Ipermity. But, rather will continue to do so on Flickr as it is U.S. based. However, there is one more thing. According to the sources that I have read the GDPR can be enforced in countries outside the EU if the person or subject of a photo is a citizen of a EU member country. That reading suggests that if I photograph a European citizen who is a tourist in the United States at the time, my photo is still regulated by the GDPR rather than by American law and custom. So as you can see there are some that think this regulation has considerable over-reach. Seems the EU believes that it can rule the world. Phooey!
 
sands said:
What I have read is that pre-existing laws that were place on the books of a country before the GDPR are null and void, and are subordinated to the GDPR. Since what I have read contradicts what you have read it remains obscure exactly how the law shall be enforced and upon whom.
Click to expand...

The reason I posted was because I could not find any official/clear guidance on how GDPR would affect street photography, only articles like the one in PetaPixel that made guesses. The ICO link I posted is the only official guidance I "eventually" found for the UK, where it makes it clear "to me" at least that nothing has changed, as regards street photography.

Where are you getting the information that disagrees with the only official UK govenrment guidance I could find, I would be interested to read it and see the source. Or do you not feel that the ICO guidance is as clear as I think it is.

Actually, I have just realised this ICO document refers to the Data Protection Act 1998, so maybe my confidence I misplaced, but this still agrees with the less hysterical interpretations of the new Act that I have read. Obviously I still need to look into this
 
Last edited:
I am sorry but, I can't refer you to my sources. What I wrote is a summary of my understanding from reading across several sites and articles about the matter. For myself, I am taking the GDPR seriously because of Ipernity's stance on the matter of my street postings there. So, I guess I can use their practices as a guide as to the seriousness of the matter. Should I run across any more or any of the sources I've seen I will refer them to you. Thank you for raising this topic. I think it was very wise to do so. Good shooting.
 
sands said:
I am sorry but, I can't refer you to my sources. What I wrote is a summary of my understanding from reading across several sites and articles about the matter. For myself, I am taking the GDPR seriously because of Ipernity's stance on the matter of my street postings there. So, I guess I can use their practices as a guide as to the seriousness of the matter. Should I run across any more or any of the sources I've seen I will refer them to you. Thank you for raising this topic. I think it was very wise to do so. Good shooting.
Click to expand...

That's fine, I often do the same and just gather information in my head as I go, only later realising that it would have been useful to have kept track of where I had read it. But see my other post, now that I have discussed this with the ICO.
 
You must log in or register to reply here.
Back
Top