While ANPR may just seem like another tech acronym, chances are you come into contact with this software more often than you realize in your daily life. ANPR, or automated number plate recognition, is technology that’s used in a variety of cases like highway monitoring, parking management, and vehicle fraud identification. In fact, its utilization has become so widespread that both private businesses and government agencies have uses for it.
The EU’s General Data Protection Regulation, also known as GDPR, has added another element to how ANPR can be utilized. Here’s how GDPR and ANPR coexist and collaborate in this sphere.
Net net: We STRONGLY recommend customers to use Stream or Snapshot SDK if they are concerned about GDPR. Why? Because both Stream and Snapshot SDK process camera/video/images in your environment and we do NOT have any visibility into the data.
What is GDPR?
GDPR is a data protection and privacy law that applies to all individuals within the European Union. It was instituted on May 25, 2018 to allow EU citizens the ability to control their personal data in ways they didn’t have the opportunity to previously. The establishment of this protection now requires anyone using ANPR (public or private entities) to inform individuals that the system exists, to put a risk assessment in place, to comply with requests for personal data, to assist law enforcement when asked, and to monitor compliance for any subcontractors working underneath of them.
While some think that GDPR is “mainly a European thing”, it affects nearly all technology companies, since high-tech, particularly software-as-a-service firms, can serve a global audience. ANPR vendors definitely fall into this category.
Can ANPR and GDPR Coexist?
With all of these details, you may be asking yourself, can ANPR and GDPR actually coexist? Can there be a neat collaboration between the two of them, or is it just too complicated?
ANPR is all about obtaining data… license plate data that is. So, if you’re aiming to acquire this data, you just need to do it lawfully, and there are steps that you can take to do that. Here are some of the protections that you must now keep in mind.
Can ANPR and GDPR Coexist?
With all of these details, you may be asking yourself, can ANPR and GDPR actually coexist? Can there be a neat collaboration between the two of them, or is it just too complicated?
ANPR is all about obtaining data… license plate data that is. So, if you’re aiming to acquire this data, you just need to do it lawfully, and there are steps that you can take to do that. Here are some of the protections that you must now keep in mind.
- Informing. Have you ever driven through a stoplight with an automatic speed gun camera? Whether or not you notice it, there’s a sign before the intersection notifying you that there’s technology in use that will capture this information if you are indeed going over the speed limit. In situations like this, the government is complying with GDPR laws that state signage must be visible to all persons on sign if ANPR cameras are in place. For speed cameras, the purpose is attributed to safety. If you intend to use ANPR cameras, GDPR requires that you provide signage to all persons notifying that the cameras are present, state their purposes, and also provide details for follow-up if desired.
- Assisting. GDPR laws also require that you provide any information from your ANPR system (whether this is camera footage, data, etc.) to law enforcement should they request it. Always be prepared to fulfill with this request even if it may only occur occasionally.
- Requesting. Just as law enforcement has the right to request ANPR data, anyone who has had their license plate captured on your system also has the right to their personal information. You are required to provide a copy of their personal data and how it is being used after it is gathered should the person ask for it. However, to protect the information of any other individual who has been captured on your footage, you should redact images of other vehicles if they are shown.
- Complying Complying with GDPR should be taken seriously by both companies and their subcontractors. Even if ANPR companies are merely monitoring systems, they are still acting as data processors under GDPR which means they must have details in place about what will be done with the data and how security will be handled. This also applies to subcontractors working on a company’s behalf.
So, why does all this matter? ANPR is license plate data, and with this information organizations can find out where you’ve been, when you visited those locations, how long you’ve been there, and even the route you took to get there. This means that ANPR data is roughly akin to having a GPS tracker on your vehicle! Not something to take lightly.
Is ANPR Like a Big Brother?
Big brother surveillance is a constant worry when the ability to monitor citizens’ every action through technology is available. However, because ANPR is run by various organizations, it’s unlikely that it will be akin to a “big brother” experience. These entities have their own purposes for the data they collect. For example, while a shopping mall may use ANPR to track how long consumers shop at their retail stores in the mall, a business parking lot may use ANPR to open the parking access gate for vehicle entry, and a stretch of highway may use it for toll collection.
These widely different purposes show not only the wide variety of ANPR initiatives that are run by different organizations but also imply that it’s unlikely that ANPR will be shared across these entities any time soon. Thus, a mass surveillance network, or an act of big brother, doesn’t seem to be in the works as some people claim. Unless, of course, a centralized government is managing the ANPR solution across these different deployments.
Should ANPR Abide to the Rules of GDPR?
ANPR is, fundamentally, the collection of consumer data. Specifically speaking, it is consumer vehicle data. While some may believe that having an organization know how long you spent at a parking lot is no big deal, others may view this to be an outright invasion of their privacy. Why does the government or another private entity need this information? With this in mind, GDPR rules should apply to ANPR as it provides basic protections to consumers and gives them the right to privacy.
How Can Plate Recognizer ANPR Support GDPR?
At Plate Recognizer, we’re mindful of the potential abuse and invasion that GDPR number plate recognition can pose to consumer privacy.
To that end, we comply with GDPR with the following capabilities:
- On-Premise SDK for ANPR. For customers utilizing our On-Premise SDK for ANPR, you are in full control. Vehicle license plate data will be collected and stored in your location. This means you do not need to send vehicle images over the Internet. With our ANPR SDK, you get to determine how long you want to store the decode license plates and what you want to do with that data. You also get to protect the license plate data under the same security framework you use to safeguard your other corporate data assets.
- Cloud License Plate Data. For customers sending their license plate data to our cloud, we allow users to shut off this feature so that license plate info are not shown in our Plate Recognizer Dashboard.
- ANPR Data Export. In addition, ANPR customers can request for all their data to be exported and handed over. This way, they can serve and respond to any data requests from their local law enforcement agencies.
- Remove Customer Number Plate Data. We even permit customers, upon request, to fully delete their account from our system. As a matter of fact, just last week, we had a customer who made this request and we quickly accommodated.
- Export User Number Plate Data. Lastly, for full GDPR compliance, we permit individuals, with sufficient identify of vehicle ownership, to request an export of their personal data.
Please note that by default, we keep license plate data in our cloud for a period of 30 days. We cannot NOT retain the data.
ANPR that’s Ready for GDPR
At Plate Recognizer, we acknowledge the need for consumer privacy. That’s why we’ve built our ANPR engine from the ground up with GDPR in mind.
Moreover, for full clarity, we are in the business of automatic number plate recognition, not user profiling or advertising. In other words, we do not currently and have no intentions to analyze or data mine the movement or presence of a particular license plate across our different customers. We provide analytics for our customers based only and solely within that customer’s data and do not mix or merge license plate data across customers.
We encourage all of our clients and technology partners to take the decoded license plates and images from ANPR seriously. This way, ANPR can continue to grow and thrive with GDPR, not in spite of it.