GDPR-Compliant Video Anonymisation in Occupational Health and Safety: Protecting People and Their Data

Occupational Health and Safety (OHS) teams use video extensively—monitoring production environments to ensure adherence to safety protocols, reviewing camera footage for accident and incident investigation, and preventing future incidents with training and instructional videos.

But although videos are an essential part of the OHS toolkit, they often include images of people and property. Such images are personal data regulated by the General Data Protection Regulation (GDPR) and other privacy and security laws.

In this article, we’ll explain how OHS departments can ensure GDPR compliance while leveraging videos through video anonymization, face blurring, and license plate blurring.

Why Occupational Health and Safety Departments Use Video

Accident and incident investigation

Video footage is invaluable for investigating accidents and incidents in the workplace. For example:

• Manufacturing: CCTV monitoring of assembly lines to record potential worker injuries.
• Logistics: Dashcam footage of delivery vehicles to capture road traffic incidents.
• Transport: Video footage of train and bus journeys to help spot obstructions.

Training and instructional videos

Using real-life video footage helps create relatable, relevant and engaging training sessions.

• Footage of actual accidents and near-misses reinforces the importance of workplace safety by making safety incidents seem more “real”.
• Participants engage more actively with real-life video footage over dramatizations.
• Training sessions are much more relevant and relatable if they use videos of incidents within the trainees’ own organizations (where possible).
  

Employee monitoring

Video monitoring is an essential way to prevent accidents and incidents, particularly in high-risk industries and environments.

• CCTV can help capture footage of employees acting in a reckless, illegal, or otherwise unsafe manner in high-risk environments, such as hazardous material manufacturing or transport.
• As well as assisting in disciplinary or legal cases, video footage can help prevent future incidents through planning and evaluation.
• Video monitoring can be a measure to comply with health and safety laws and regulations, such as:
  1. Occupational Health and Safety (OHS) Framework Directive laws across the EU,
  2. The UK Health and Safety at Work etc Act (HSWA) and Health and Safety Executive (HSE) guidelines, and
  3. The US Occupational Safety and Health Act (OSHA), plus Occupational Safety and Health Administration (OSHA) and state-level regulations.
     

Legal Risks: How the GDPR Affects Workplace Video Recording

OHS law requires businesses to identify, assess, and mitigate workplace risks to ensure the safety and well-being of employees and the public. We’ve looked at some of the many ways in which video helps fulfill this requirement.

The GDPR requires respect for the fundamental rights of personal data and privacy. This requirement means personal data—which includes recordings of faces, license plates, and other identifiers—should generally not be used unless there is a specific and lawful reason for doing so.

Here’s how some aspects of the GDPR create a challenge for OHS departments when using video recordings. 

Data minimization

The GDPR’s principle of “data minimization” requires that personal data must only be processed (collected, stored, shared, or otherwise used) to the extent necessary for a specific purpose.

In other words, you must not use more personal data than necessary for a given purpose. Data minimization means only recording people with a valid legal basis and taking reasonable steps to remove unnecessary personal data from recordings.

For example, a training video shows a person falling off poorly constructed scaffolding. Using real video footage can be legitimate and useful, but there’s likely no need to show the person’s face. Doing so could violate the “data minimization” principle.

Gallio Pro’s video anonymization software solves this problem through automated face blurring, allowing organizations to keep and use the important elements of videos while erasing unnecessary personal data.

Purpose limitation

The “purpose limitation” principle means that personal data must generally not be used for purposes other than that for which it was originally collected (or other closely related and compatible purposes).

So, if a company records a video of identifiable workers disposing of hazardous materials to ensure they are meeting their occupational health and safety obligations, the footage should not be repurposed for training videos if it includes personal data.

As we’ve seen, using real-life video recordings can greatly enhance employee training materials. However, creating training material is not the original reason the company collected the employees’ personal data. Using the footage risks violating the “purpose limitation” principle—unless it has been anonymized.

Storage limitation

The principle of “storage limitation” states that personal data must not be stored for longer than necessary in relation to a specific purpose.

As such, companies recording videos of their employees or the public must determine the shortest period to keep that video footage, and then delete it once that period expires.

Storage limitation is a problem for organizations wishing to retain video footage that identifies individuals for a long period—for example, to defend against potential legal claims or for use as training and instructional materials.

However, organizations can solve the storage limitation challenge by blurring faces and other identifiers in videos, as we’ll explore below.

Data security

The GDPR requires that personal data is kept secure against unauthorized access, loss, and accidental damage.

This requirement means any video footage including personal data must be stored in a secure environment and protected via appropriate technical measures, such as access control and encryption.

Applying an appropriate level of security can be challenging even when videos are centrally stored and managed for a single purpose, such as analyzing incidents in industrial and warehouse environments. It’s even harder to ensure security if non-anonymized videos are reused for other purposes.

Data subject rights

Under the GDPR, people have a powerful set of rights over their personal data, including the right to access a copy of CCTV and other video recordings from which they can be identified.

This right extends to employees and anyone else identifiable in a video. Locating and providing this footage can be time and resource-intensive, particularly for companies that record and use a lot of video.

When responding to a “subject access request”, organizations should avoid revealing personal data about people other than the individual making the request. When providing access to videos showing more than one person, only the person who made the request should be identifiable.

Learn more about how Gallio Pro video anonymization software helps protect personal data about third parties when responding to subject access requests.

The Importance of Video Anonymization in OHS Compliance

The GDPR only applies when processing personal data—information about an identifiable individual (a “data subject”). The GDPR does not cover anonymized information. 

As such, video anonymization software can solve the GDPR challenges identified above.

What does ‘anonymization’ mean under the GDPR?

“Anonymous data” means any data other than “personal data”. In the context of videos, an anonymous video is a video where no individual can be reasonably identified by watching or manipulating it.

In most cases, you can anonymize a video by blurring identifiers such as faces and vehicle license plates.

Here’s a quote about face blurring in videos from the European Data Protection Board (EDPB), a body comprising representatives from every data protection regulator in the European Economic Area (EEA):

“For video surveillance, it is worth noticing that by for instance blurring the picture with no retroactive ability to recover the personal data that the picture previously contained, the personal data are considered erased in accordance with GDPR.”

Permanently blurring identifiers in video footage means “the personal data are considered erased” under the GDPR. Once personal data is erased, the GDPR no longer applies.

What are the benefits of blurring faces in videos?

By using face-blurring software to remove personal data from videos, you have much more freedom to use the video as you wish.

• You can re-use anonymized videos of safety incidents for training or operational purposes
• You can store anonymized videos for as long as you want
• You do not have to keep anonymized videos secure (unless you have other reasons to do so)
• You do not have to provide copies of anonymized videos to people exercising their GDPR rights

Use Cases: How Video Redaction Helps in Workplace Safety

A hazardous waste tanker’s ‘near miss’ incident

A hazardous waste tanker carrying corrosive ADR Class 8 industrial by-products is involved in a near-miss incident on the motorway. The onboard dashcam and side-mounted cameras capture the incident, showing the driver’s actions, the other vehicles involved, and bystander pedestrians.

The company operating the vehicle uses the videos in a post-incident review to determine:

• Whether the driver was meeting ADR safety protocols (such as obeying speed limits and changing lanes safely)
• Which vehicle was at fault
• Whether the tanker’s hazardous material containment systems were working correctly

The company must share the footage with its national competent authority for ADR compliance (for investigation purposes). The company also wishes to share the footage with its insurer and adapt it for training purposes.

However, the video includes recognizable images of the driver, four other people, and license plates of 10 cars—20 people are identifiable from the footage. Sharing the video could violate those people’s rights and breach the GDPR’s “data minimization” and “purpose limitation” principles.

Drone-based railway inspection

A railway company uses drones equipped with high-resolution and thermal imaging cameras to check train routes for hazards, such as:

• Obstructions, like fallen trees, trespassers, and debris
• Damage to tracks, such as cracks, misalignments, and floor risks
• Hazards involving overhead lines, such as encroaching trees and electrical failures

The drones fly frequently, and the company has accumulated many hours of footage showing personal data about hundreds of people, including faces and car license plates.

The railway company’s data protection department recognizes the importance of scouting routes for hazards—but expresses concern that capturing so much footage is disproportionate given the vast amount of personal data being stored, potentially violating the “data minimization” principle.

Warehouse safety monitoring

A large distribution center uses CCTV, body-worn cameras, and cameras on forklifts to monitor its warehouse operations.

The company has determined a valid legal basis to monitor its warehouses to:

• Analyse safety conditions to prevent incidents, such as collisions between forklifts and workers
• Detecting unsafe practices, such as improper lifting or a failure to wear personal protective equipment (PPE)
• Ensure the security of the warehouse

The cameras capture the personal data of warehouse employees and visitors who attend the distribution center, such as safety inspectors, contractors, and delivery drivers from other companies.

Although the company recorded the footage for safety purposes, the Operations and Logistics team wishes to upload the videos to an AI software platform for analysis to improve operational efficiency.

The company’s legal and HR teams are concerned that re-using the footage for this purpose could breach workers’ rights. The software provider is based in California, so using the software could be problematic under the GDPR’s “international data transfer” rules.

The solution: Automated video anonymization software

In each of the above cases, the companies can mitigate privacy and data protection risks using video anonymization software to blur faces and license plates.

Removing personal data from the video footage could enable these companies to:

• Share the videos freely. If the personal data has been irreversibly erased, the videos are no longer covered by the GDPR’s restrictions on data sharing and security (though the company might need to comply with other laws and maintain its trade secrets).
• Reuse the videos for other purposes. Even if video footage was collected for security purposes, once anonymized, it can be used to train staff or improve operational efficiency.
• Store the footage indefinitely: The GDPR’s “storage limitation” rules do not apply to anonymous data, meaning the businesses are free to keep it as long as they want.
• Analyze the footage with AI: The GDPR requires companies to conduct risk assessments before using novel technologies or conducting risky data-processing activities. Anonymising the videos removes this obligation.

Make the videos accessible from “third countries”: Anonymising data eliminates the need to consider the GDPR’s rules on “international data transfers”, which require organizations to conduct legal assessments and put safeguards in place before using cloud software providers based in most countries outside the European Economic Area (EEA) or the UK.

Best GDPR Practices for OHS Departments Using Video

• Legal basis: Organisations must determine a “legal basis” before processing personal data, including when using surveillance cameras and non-anonymous videos—even for safety purposes.
• Laws on video surveillance: Most countries have laws or regulations on CCTV, such as the UK’s Surveillance Camera Code. Ensure any use of surveillance cameras complies with the law.
• Data minimization: Only collect as much personal data as you need for a specific purpose, including video footage. Anonymise video footage with face-blurring software unless you need it to show an identifiable individual.
• Storage limitation: Maintain a retention schedule setting out how long you need to keep videos recorded in various contexts (dashcams, warehouse CCTV, bodyworn cameras, etc.). Implement a process for deleting or anonymizing videos once the retention period expires.
• Security: Keep videos showing personal data secure via technical measures such as anonymization, access control, and encryption.
• Data subject rights: Comply with people’s request to access copies of videos in which they appear. If other people appear in a requested video, blur their faces or license plates before providing access.

By implementing strong data protection practices and anonymizing videos wherever possible, Occupational Health and Safety departments and other teams can maximize the potential of these valuable assets while staying compliant with data protection law.