Are you content with assumed consent?

Toni Sekinah, research analyst and reports editor, DataIQ

Imagine you attend an event to hear a speaker from your industry, invite in hand, and expected by the hosts. The drinks are flowing as guests nibble the canapés. Throughout the schoomzing, you notice a photographer snapping away in the background. 

The speaker gets up to deliver their talk. And the photographer keeps clicking in the direction of the speaker and the audience. Then another one appears. Two photographers with huge DSLR cameras in a relatively small room of approximately 50 people. At one point, one of the cameras seems to focus on you for a while. Then they bring out their camera phones and keep on snapping. And clicking. And snapping.

What would you do? Relax your shoulders and flash your pearly whites? Or turn away and try to cover your face with your hair? Or focus on the speaker while remaining completely unfazed? The answer may depend on whether or not you had given permission for your photograph to be taken. 

Imagine you hadn’t or you don’t remember giving permission. Furthermore, there are no signs/crowd release notices advising attendees of the presence of incessant shutterbugs. But what if the organisers assumed consent? What if, according to the terms and conditions, by agreeing to attend the event you have also consented to being papped?

Privacy, permission and pictures 

According to one UK law firm, taking and retaining photographs of people could potentially be considered as personal data under the Data Protection Act 1998 and data protection principles apply. It also states that, “where the name and image of a person are linked - or a capable of being linked - then the person can be identified and the image should be regarded as personal data.”

For you, as the event attendee, it is hard to find out what your rights are. A few privacy policies with relation to the images of individuals are floating around online, though, for some, reason the vast majority have been written by universities and schools. University of Reading, University of Exeter and Heriot-Watt University are a few examples of institutions that make it clear how, when and why they would use the photographic image of an individual.

US-based lawyer Kerry Gorgone gives a good explanation of the rights and obligations of speakers, attendees and photographers at events in America. Essentially, the hosts should have put up notices around the venue explaining that photographs would be taken. If someone is not happy with that, they should just avoid the area.

If the situation described above happened a year from now, the event organiser might find themselves in a spot of bother. Under GDPR, as the data subject you would have the right to object, the right to erasure and the right to restrict processing. Providing no exemptions apply, the hosts would be forced to comply.

If you were the attendee who stared at the floor at the sound of the camera shutter, 25th May 2018 when the GDPR becomes enforceable would be a date to look forward. For now, a strongly-worded email will have to suffice. 

Related articles: Don't assume consent for user-generated content

Please note that blogs are the sole view of the author and that they are not neccesarily the view of IQ ddg Ltd and should not be interpreted as advice. Please read our full disclaimer

Research analyst and reports editor, DataIQ

You have....

to be GDPR compliant.

Register with us for all the news

Sign-up to hear about the latest DataIQ news, content and events.