Google Glass users should ensure compliance with the Data Protection Act
Friday, 11th July 2014
Following the recent launch of Google Glass in the UK, Andrew Paterson, a Senior Technology Officer with the Information Commissioner''s Office ("ICO"), has warned users of the new technology to heed data protection regulations.
Wearable technology like Google Glass can collect and process personal information at the user''s command and as such, the ICO has warned that users must comply with the Data Protection Act ("DPA").
If you are wearing the technology for your own use it is unlikely that you will breach the DPA as the DPA includes a specific exemption for the collection of personal information for domestic purposes. However, the use of the device by organisations or individuals in connection with business or commercial ventures will not be covered by this exemption.
Any personal data collected for purposes other than domestic must therefore comply with the DPA. This means people need to be informed about how their details are being collected and used. Users must only collect information that is relevant, adequate and not excessive and ensure any information that is collected is kept securely and deleted once it is no longer required. Further, as Google Glass is able to capture video and pictures, users must also address the issues raised in the ICO''s CCTV Code of Practice; this code of practice gives specific guidance on how to comply with the DPA when using CCTV.
A particular concern for members of the public in the US, where the device was launched in May of this year, is the ability for Google Glass to record or photograph them without their knowledge. It would seem that the ICO''s warning would require UK users to inform individuals of photographs being taken and how they will be used. How this will be complied with in practice is not known, but a Google spokesperson has defended the technology and stated that the fact the screen lights up when it is activated is a clear signal the device is in use. There has been no response to Google''s statement from the ICO, so it is remains unclear whether the obvious activation of the device will be sufficient under the DPA.
Whilst the warning comes on the back of the Google Glass launch, providers of other wearable technology should also consider the DPA. A growing choice of fitness bands have entered the consumer market in recent months and although some of these devices are simple and only collect the users data for viewing on their personal computer, some devices include online functions which allow users to compare their performance to others. The collection of data through these devices must also comply with the DPA, with storage being limited to only as long as necessary and the need to ensure only relevant data is collected and stored.
The growing market for wearable technology means individuals and companies should consider the DPA and heed the ICO''s warnings.