Andrew McKenna Business, Portrait, Headshot and Event Photographer Glasgow0776 579 1483

Photography in a GDPR world.


On the 25th of May 2018 the General Data Protection Regulations (GDPR for short) come into effect in the UK.
The GDPR rules are designed to give EU citizens more control over their data and privacy and simplify the process under one set of rules.

The key part of GDPR is the idea of Consent.

Previously you could assume consent for certain things, say things like adding past customers to an email list.
Now you have to have explicit consent.
It must be opt in rather than opt out.

Photographs are included in this new ruling under biometric data.
However not in every circumstance.

This is not a guide to GDPR for photographers.

I am writing this with the end user and those hiring photography services in mind.

And while I’m not a specialist lawyer in GDPR and cannot give 100% Cast iron absolutely water tight legal advice I am well aware of best practises, which I will share with you.

If we were making advertising photographs using models we would already be doing all the things we need to do.
Everyone featured would have to sign a release form.

If I supply photographs to a stock agency featuring recognisable people I am also required to supply a release form in order for those images to be available for sale.
If you have sourced imaged from somewhere else, a free image websites for example, Chances are that those images do not have relevant releases.
They might be ok to use but you can’t be 100% that they are legally safe depending on the context that you are using them in.

Lets look at Photographs at Events

Now I’m of the opinion that event photograph for business is actually marketing/advertising photography.
With that concept in mind there are a couple of things that need to be in place.
You need to ask for consent. And it can be verbal consent rather than written.

My fear is that the onus will be put on the photographer when really it’s the responsibility of the event organiser and the end user of the photographs.

Part of the new ruling is the concept of privacy by design.

That means that you set up your systems and processes to automatically keep you in line with the rules.

Based on that it would be prudent and best practise to always be up front about the possibility of there being photography or videos created at an event and how that content will be used.

The event sign up form should clearly state that there may be photography or video.
Put it on the event website and state it on the tickets or invitations.
There should be a sign at the actual event.
It should be mentioned to the audience and that people should make themselves known if they do not want to appear in publicity materials.
It is important that people can opt out.

Is this overkill?
Will it make your audience trust you more?

If you’re really smart you could even use this as another touch point with your customer.

Knowing this up front makes my job as photographer infinitely easier too.
Coming home to discover that I am not allowed to use half of the images I’ve shot is not something I ever want to happen.

Any photographer in this situation will charge you full price for their work.
Quite rightly so as it’d be your mistake!
If you know what restrictions are in place from the beginning then any work carried out will be made to accommodate that.

Which is what sets the professionals apart from the folk with cameras.

Have you ever been given a list of attendees at a networking event?
That IS the whole point of a networking event but the organiser will have to ask permission to do that in future.

Events with large crowds do not need consent and situations where it is reasonable to assume that photographs may be published also do not need individual consent.
Provided of course that the images are used in context and that context would not cause distress or harm to anyone in those images.

Go and look at the terms and conditions for tickets for football matches or festivals.
They say that filming and photography will be happening and by showing up you agree.

Have you ever seen photos of attendee badges at the sign in table for an event?
If they show names, companies and job titles on those badges then you’re sharing your attendees personal data.
Could that cause harm?
What if it was someone who wasn’t supposed to be there, would that cause harm?

It would be really simple to make an image like that unreadable.
Low angle, lower resolution.

If someone removes their consent and asks you to remove their photograph – remove it.
I’ve had that happen many times for all sorts of crazy reasons.
It’s less work and better practise to just remove them.

GDPR is a positive move for us all and not really something to be worried about.
You can’t just carry on and do what you’ve always done. there will need to be changes.
With a couple of little tweaks and following my suggestions you should never fall foul of these rules.

Comments are closed.