Hamburg Commissioner for Data Protection and Freedom of Information (Hamburg DPA) – Court Ruling (Germany, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hamburg Police used facial recognition software to create a database of biometric data from images related to the G20 summit. This raised concerns about privacy rights, as it included data from thousands of uninvolved people. The Hamburg DPA highlighted this as a significant infringement of fundamental rights, but no legal violations were classified.
What happened
The Hamburg Police compiled a biometric database using facial recognition software from images of the G20 summit.
Who was affected
People captured in images and videos during the G20 summit, including those not involved in any criminal activity.
What the authority found
The Hamburg DPA expressed that the biometric analysis infringed on fundamental rights, but no legal violations were officially classified.
Why this matters
This case highlights the potential privacy issues with using facial recognition technology on large groups of people. It serves as a reminder for law enforcement and other entities to carefully consider privacy rights when implementing such technologies.
National Law Articles
The Hamburg Police created a reference database containing biometric data (facial recognition templates) to identify suspects in crimes related to the G20 summit in July 2017. The Hamburg police set up the "Black Block" special commission and decided to compile an extensive image file. This consists of images created by the police itself, video surveillance recordings of certain S-Bahn (train) stations, other relevant recordings available on the Internet and of privately created image files. The police came into possession of these files after calling on the public to upload relevant image files to a portal of the Federal Criminal Police Office (BKA). The resulting collection, which comprises around 32,000 image files (the "basic file"), consists of (video) recordings of people at meetings related to the G20 summit, in the run-up to and around such meetings, and during the commission of criminal offenses. The police obtained the disputed reference database from the basic file using specially acquired facial recognition software ("GAS"). It consists of digital extracts of the faces identified by the software in the images of the basic file ("templates"). Based on a measurement of the individual distances between eyes, ears, nose and mouth by the GAS, the templates are intended to enable the automated (re)recognition of individual physiognomies with a high degree of probability. In a letter dated July 5, 2018, the Hamburg DPA informed the police of their opinion that the biometric analysis of the faces of thousands of uninvolved people represented a significant infringement of fundamental rights. In a letter dated July 18, 2018, the Attorney General's Office asserted to the Hamburg DPA that the public prosecutor's office had sole authority to manage the use of the reference database. Attached to the letter was a legal opinion stating that the creation and use of the reference database was legally unobjectionable. In a letter dated July 23, 2018, the police explained
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Hamburg Commissioner for Data Protection and Freedom of Information (Hamburg DPA) in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Hamburg Commissioner for Data Protection and Freedom of Information (Hamburg DPA) - Germany (2019). Retrieved from cookiefines.eu
Last updated: