You cross a finish line.
-
You cross a finish line.
Someone enters your bib number into a publicly accessible gallery. Within two minutes they have 72 high-resolution photographs of your face and body, your full name, age category, finishing time (which suggests your health status), and running club affiliation.
No login. No identity verification. No data protection mechanism triggered. They have no relationship with you whatsoever.
This is not a hypothetical. I tested it.
———
I've been reviewing privacy policies of major UK sporting event organisers.
Medical data collected without legal basis, international transfers undisclosed, no separate consent for facial recognition, no documented data processing agreements with photography providers.
Nobody has looked at this properly yet. The full data chain — registration, results, photography, facial recognition — creates a biometric identification pipeline that any member of the public can access.
The ICO hasn't issued sector-specific guidance. I've written up the analysis and invited them to take a look.
https://raffkarva.com/blog/posts/privacy/beyond-the-finish-line/
@openrightsgroup @privacyint @eff @pluralistic
#privacy #photography #FacialRecognition #blog #RaffsReflections
-
You cross a finish line.
Someone enters your bib number into a publicly accessible gallery. Within two minutes they have 72 high-resolution photographs of your face and body, your full name, age category, finishing time (which suggests your health status), and running club affiliation.
No login. No identity verification. No data protection mechanism triggered. They have no relationship with you whatsoever.
This is not a hypothetical. I tested it.
———
I've been reviewing privacy policies of major UK sporting event organisers.
Medical data collected without legal basis, international transfers undisclosed, no separate consent for facial recognition, no documented data processing agreements with photography providers.
Nobody has looked at this properly yet. The full data chain — registration, results, photography, facial recognition — creates a biometric identification pipeline that any member of the public can access.
The ICO hasn't issued sector-specific guidance. I've written up the analysis and invited them to take a look.
https://raffkarva.com/blog/posts/privacy/beyond-the-finish-line/
@openrightsgroup @privacyint @eff @pluralistic
#privacy #photography #FacialRecognition #blog #RaffsReflections
@RaffKarva @openrightsgroup @privacyint @eff
very interesting for a project I am doing at at work right now, gotta remember this
-
You cross a finish line.
Someone enters your bib number into a publicly accessible gallery. Within two minutes they have 72 high-resolution photographs of your face and body, your full name, age category, finishing time (which suggests your health status), and running club affiliation.
No login. No identity verification. No data protection mechanism triggered. They have no relationship with you whatsoever.
This is not a hypothetical. I tested it.
———
I've been reviewing privacy policies of major UK sporting event organisers.
Medical data collected without legal basis, international transfers undisclosed, no separate consent for facial recognition, no documented data processing agreements with photography providers.
Nobody has looked at this properly yet. The full data chain — registration, results, photography, facial recognition — creates a biometric identification pipeline that any member of the public can access.
The ICO hasn't issued sector-specific guidance. I've written up the analysis and invited them to take a look.
https://raffkarva.com/blog/posts/privacy/beyond-the-finish-line/
@openrightsgroup @privacyint @eff @pluralistic
#privacy #photography #FacialRecognition #blog #RaffsReflections
@RaffKarva @openrightsgroup @privacyint @eff It's casey neistat, change my mind (but yeah, it's an horror story, I've already experienced it myself with other public event)
-
@RaffKarva @openrightsgroup @privacyint @eff It's casey neistat, change my mind (but yeah, it's an horror story, I've already experienced it myself with other public event)
-
R relay@relay.mycrowd.ca shared this topic
-
You cross a finish line.
Someone enters your bib number into a publicly accessible gallery. Within two minutes they have 72 high-resolution photographs of your face and body, your full name, age category, finishing time (which suggests your health status), and running club affiliation.
No login. No identity verification. No data protection mechanism triggered. They have no relationship with you whatsoever.
This is not a hypothetical. I tested it.
———
I've been reviewing privacy policies of major UK sporting event organisers.
Medical data collected without legal basis, international transfers undisclosed, no separate consent for facial recognition, no documented data processing agreements with photography providers.
Nobody has looked at this properly yet. The full data chain — registration, results, photography, facial recognition — creates a biometric identification pipeline that any member of the public can access.
The ICO hasn't issued sector-specific guidance. I've written up the analysis and invited them to take a look.
https://raffkarva.com/blog/posts/privacy/beyond-the-finish-line/
@openrightsgroup @privacyint @eff @pluralistic
#privacy #photography #FacialRecognition #blog #RaffsReflections
@RaffKarva wow. I had never even thought of this. Go you!
-
R relay@relay.infosec.exchange shared this topicR relay@relay.publicsquare.global shared this topicR relay@relay.mycrowd.ca shared this topicR relay@relay.infosec.exchange shared this topic
