Recently Snap Inc. released its “Spectacles” for sale in the UK which allow the wearer to record short videos at the click of a button. The release highlights the areas of uncertainty in the application of data protection law to wearable technology, a couple these areas are considered below.
Is a Snap Spectacle wearer a data controller?
The definition of a data controller in s1(1) of the Data Protection Act 1998 (DPA) appears to be satisfied in relation to wearers of Snap Spectacles. A wearer determines when and if data is recorded and disseminated to their contacts, as well as deciding the purpose of the video, for example, it may be personal or commercial.
However, the application of the “domestic purposes” exemption (s36 DPA) is where the difficulty arises. In the context of social networking sites generally, the Article 29 Working Party has expressed its opinion on whether the equivalent exemption in EU law ought to apply. This Working Party is an independent advisory body, made up of a representative from the data protection authority of each member state, which issues opinions and recommendations on the protection of individuals in the context of the processing of personal data. The Working Party has expressed the opinion that in some circumstances the exemption ought to apply to users of social networking sites (Opinion 5/2009, p5-6). This is promising for wearers of Snap Spectacles because unlike many social networking sites, videos shared on Snapchat are accessible to the general public, making it more likely that the use of Snap Spectacles would be seen as “personal” and covered by the exemption. This view is supported by Andrew Paterson, Senior Technology Officer at the ICO, who considered that the exemption would apply to the wearers of a similar product: Google Glass (see the ICO blog post here).
However, the position is complicated by the CJEU decision in Ryneš (C-212/13 Ryneš, available here). In the context of CCTV surveillance which partially recorded passers-by in a public place, the CJEU adopted a narrow interpretation of the equivalent “domestic purposes” exemption under Directive 95/46/EC and held that it would not apply (Ryneš, para 33).
Are Snap Spectacles surveillance devices?
Whether Snap Spectacles amount to a surveillance device is unclear. The Spectacles contain a tiny camera embedded in the glassed which allow a wearer to record what is going on in front of them, in this sense the Spectacles could be considered to a body worn surveillance device. As Snap Spectacles can record videos of individuals, their use may constitute the processing of personal data such as where a recording captures identifiable individuals. The significance for data protection purposes is that classification of Snap Spectacles as surveillance devices would make it less likely that the domestic purposes exemption would apply where the Spectacles are used in public following Ryneš.
If Snap Spectacles are considered surveillance devices, both Snap and Snap Spectacle wearers would have to consider the ICO CCTV Code of Practice which provides guidance on complying with obligations under the DPA. For example, the Code of Practice includes a requirement to inform individuals when they are being recorded. Snap Spectacles currently provide some notice to others that they are being recorded because a flashing light appears when the wearer is recording, although it seems unlikely that this would be sufficient.
However, the use of Snap Spectacles may not be considered analogous to surveillance because they record for a maximum of 30 seconds at a time and only upon the click of a button. This would also provide a way to distinguish Ryneš.