Posting photos under GDPR

On 25 May 2018, the General Data Protection Regulation (known as the GDPR) came into force in the territory of the United Kingdom, as well as in all other countries in the European Union.  This law applies to everyone who owns or processes personal information (known as data) about other people, for example, business enterprises, public organizations, individual entrepreneurs etc.

One of the points the new law refers to is the publication of images of third parties. For example, if a photo shows the faces of passers-by and the photographer publishes them on social media networks, he could be prosecuted and may be required to pay a fine. It is necessary to obtain consent from everyone on the photo before publication. The law does not specify whether the consent should be in written or oral form. If it is not possible to obtain consent, it is advised not to publish the photo/image at all or try to blur the faces.

The Office of the Commissioner for the Protection of Information and Data emphasizes that, when taking photos in public places, strangers can accidentally get into it. According to Article 5 of the GDPR, if a photographer uses such images solely for personal purposes, then the law will not be applicable to them. Any other handling of such data will be subject to the law. When checking if the GDPR law applies to an image, many factors will need to be considered, such as where the photograph was taken, whether it was done during a public event and whether the photo is publicly available. As you can see, GDPR presents holders of data with lots of challenges even just to understand if the data they hold is covered by the new law or not.