ALPR (Automatic License Plate Recognition) cameras produce digitally readable data and images of vehicle license plates. Many people see this as a violation of personal privacy. In this article, we’ll examine this issue from several points of view. Around the world, laws vary widely as to who can use ALPR cameras, how they can use the data gathered, how long they can keep the data, and other privacy-protection aspects of their use.
1. In Europe, the EU’s GDPR (General Data Protection Regulation) governs how private data may be collected, stored and used.
2. In the United States, each state has rules as to who may use ALPRs, and what they are allowed to do with the data gathered.
3. ASEAN (Association of SouthEast Asian Nations) is developing standards to add order to the chaos that has characterized individual countries’ rules.
4. Canada, Australia, New Zealand, China, Japan, and African/Mideastern countries all have their regulations as to the use of ALPR and other data. Since these laws and protections differ so much, we’ll look at the issue as it relates to different regions of the world. If your application uses SaaS (Software as a Service)-based software, this adds a unique dimension to data protection.
SaaS-based systems use software developed by a service provider and leased to the user on a subscription basis. If you use such a service, you may store small amounts of data on your own computers for immediate use, but the database you develop is “in the cloud”, or on the internet.
Adaptive Recognition has been at the cutting edge of developing this technology since the early 1990s and fully respects users’ and citizens’ concerns about this important consideration. This company offers both for-sale systems and SaaS availability, all with equal levels of data security.
GDPR – How and Where it Applies
The European Union implemented the GDPR (General Data Protection Regulation) in May 2018. Since it provides a level of personal data protection that is among the highest, if not the highest, in the world, we’ll focus on this regulation first and then consider personal data protection provisions in other parts of the world.
Your ALPR Data (and Any Other Personal Data) are Secure
As a prelude to this, if any data-acquisition system, including an ALPR camera, collects your personal data anywhere in Europe, GDPR spells out strict guidelines for how it must be encrypted, used, and stored. Extremely high penalties (up to € 20,000,000 or more) can be assessed against violators of GDPR. If a GDPR-compliant system of any kind collects your personal information, you can be assured it is handled with utmost security. If you request that your data be removed from any database, GDPR dictates that it will be removed, as long as your criminal record is clean.
Since your license plate data and the picture of your vehicle qualify as personal data, a GDPR-compliant system will treat it securely.
Your Assurance as a User of ALPR Cameras or ITS (Intelligent Traffic System)
As a user of ALPR cameras in Europe, your entire system must comply with GDPR. Using only hardware and software that complies is the key to ensuring overall compliance. With this assurance, you needn’t worry about GDPR-related fines.
Adaptive Recognition provides devices and software that were GDPR-ready before the regulation came into effect. They offer a completely GDPR-compliant traffic system. Their ALPR cameras encrypt data so no other device can read it. All uploaded results are handled by an encrypted channel. It can never be read outside your system. If an individual requests that their information is removed, you can search it out and remove it. No one else can.
In the Rest of the World
Most countries in the world are recognizing the need for data protection provisions, in light of the vast and increasing capability for gathering data, including personal data. In this section, we’ll provide an overview of what’s happening outside Europe.
Canada, the United States, the United Kingdom, Australia, New Zealand, Japan, and several Latin American countries, along with most European countries, are members of the OECD (Organization for Economic Co-operation and Development). Since the European Commission cooperates with the work of the OECD, much of its guidance for members’ data protection legislation is similar to GDPR requirements. The U.S. and many of the European members have passed legislation conforming with this guidance. Several other members have compliant legislation pending.
In the Middle East and North Africa (MENA), several countries have enacted data protection legislation, four before GDPR, three more later in 2018 and Egypt in 2020. In July 2020, DIFC (Dubai International Financial Center) issued the Data Protection Law 2020 for the UAE.
In August 2021 China passed the Personal Information Protection Law (PIPL), China’s first attempt to define personal information and regulate its storage, transferral, and processing.
To summarize, world governments are working hard to make personal data, which of course includes ALPR data, inaccessible to all but the parties who collect it. We leave it to you as to what level of comfort you take from that.
Adaptive Recognition is sympathetic to citizens’ and users’ concerns about access to sensitive personal data. All of their ALPR cameras and scanning devices and software are GDPR-compliant. If you have concerns about their use outside the EU, or any other questions about your situation or application, contact the company to discuss them.