BLURR-ID is a system/product/organisation that can be set up to ensure that humans and organisations can properly exercise their right to not have biometric/behavioral characteristics stored/tagged.
They do so by means of an icon, device, statement on websites/clothing/outdoor signs etc which should result in the involved companies/technologies/users respecting their privacy and blurring human faces (not publish the image/souds/behaviour etc..) depending on the personal biometric policies of the user or the organisations that host meetings etc).
The brand or icon name would be Blurr-ID – being blur with an extra r to accentuate the extra action to be taken to blur someones identity/biometric features. ID stands for identity of course.
The statement: early examples
In essence, the blurring request can have many variations such as: Blurr me everywhere, don’t Google-glass me / don’t tag me (on Facebook er elsewhere)/ Forget-me / Ignore-me. A logo can be developed to clarify this statement, but it can also be a QR-code.
Biometric commons license
The central idea behind BLURR-ID is that it can be more than just an individual statement, but also a method, comparable to the creative commons license. This is a deviation being a biometric policy/license, which limits the rights of third parties to do anything with the biometric characteristics of specific humans or humans in a designated building/organisation.
A biometric policy license-structure can thus be developed, as in the example:
The relevant options in the license could for example be:
- Record: Don’t record / Allowed to record
- Analyze/tag: Don’t analyse/tag / Allowed to tag
- Use domain: No distribution/storage allowed / Private distribution/storage allowed / Organisational distribution/storage allowed
The core logo, as depicted here, would in my view belong to the strongest setting available: Don’t record, don’t analyse/tag and do not distribute/store anywhere.
Your ID-will always be leaked so we have to set the rules
The main reasoning behind the concept is that it will not be sufficient/realistic to assume that single individuals or organisations will be able to restrict the behaviour of other users/people in such a manner that they can protect their privacy rights. There will always be leakage via the crowd or unknown sources that may allow others to create/re-use personal and biometric data in unwanted manners. So the users have to set the rules, using means of expression that cannot be misunderstood by the data-scraping/collecting organisations.
Role of organisations
Organisations have their own role to play. They have a duty to comply with legitimate GDPR requests of users, passers-by and such. If they fail to do so, they can expect fines under the GDPR. Therefore they have a financial incentive to ensure that registered data and footage, containing the no-tag-no-storage requests of users, is being screened and blurred in order to respect the privacy of their customers.
Of course, organisation will not be eager to join the system themselves, but that is where the power of the crowd should come in. Where collective legal action is possible, groupwise demands can be brought to court to establish the legality and workings of the no-consent statement under the GDPR with this logo as well as the obligations of the organisations that hold records of customers with their faces/biometric data available for analysis.
Role of governments / data protection authorities
Under the above concept, it is up to data protection authorities to solidify this self-organised structure and empower the BLURR-ID logo users by viewing the logo as a possible and legitimate expression of no-consent under the GDPR. From there onwards, there is only a need for them to follow up the work under the existing GDPR rules and make sure organisations comply with the GDPR.
The BLURR-ID concept – scheme
The BLURR-ID is thus more than just a logo. It is an overarching system to ensure that users, privacy-safeguarding companies and providers of systems respect the wish of organisations/humans to not register/publish/use their face/voice/biometric characteristics and to eliminate or blur it when data is being used for purpose beyond the knowledge and approval of the entities registered on it.
Then BLURR-ID concept thus involves:
- maintaining the logo/concept/policy rules of the biometric policy scheme;
- building/providing products/services to achieve the right to privacy in a biometric and digital world;
- communicating and marketing the logo’s/brand/philosophy;
- convincing/influencing regulators on the necessity of proper regulations of users, governments, companies and organisations.