Currently in Germany there are lots of discussions about privacy issues triggered by the General Data Protection Regulation (GDPR) which will enter into force on May 25th and will strengthen privacy regulation concerning persons on published photos.
Mapillary updated their privacy policy to address the GDPR regulations. This mainly concerns protection of user personal data. However, I did not find a clear statement about who is the liable party in case that a photo published on Mapillary violates legal regulations, the user who uploaded the photo or Mapillary.
Could somebody from Mapillary give some information on this topic?
I think in Germany the DSGVO (how it is called here) is an issue. Running dashcams is now officially illegal. I think (IANAL) it is possible to do it when photos are taken for a specific purpose, e.g. mapping - but I will quit my activities on Mapillary and OpenStreetCam by that date.
I also will stop capturing in Germany as long as the legal situation is not clear.
As Mapillary’s business model is based mainly on street level photography, they should have a vital interest in clarifying this question instead of delegating this to the individual contributors.
I am in the same boat, Mapillary has acted extremely unprofessionally by not clarifying the legal situation for their members.
Be sure to warn fellow contributors you know too, so they are not resposible for breaking the law!
Edit: I think it is still legal, but I am not risking it until we get an at least somewhat professional breakdown of the situation.
As I’ve been told in another thread once, technically you’re still transferring non-blurred images to a company without the photographed people’s consent. And the company stores the original image without the blues as well. So the blurring argument would only be valid if you blurred it yourself before uploading.
Also, afaik, it’s actually not new that this is a problem, as with German privacy laws it was actually illegal before the GDPR already. The fines are just higher now, and it’s valid in all EU countries.
However I’ll also continue in Germany.
I do not understand the european priorities. Our rubbish bags for plastic and metal are transparant. So everyone can see what and how much I am drinking. I find that far worse than a picture of me poking my nose.
Now that the automated blurring process is nearly perfect, blurring before transferring should be technically possible. Mapillary should offer this as an option for users who capture in countries with restrictive legislation.
After reading again the terms and conditions, I decided to stop uploading images from Germany as long as blurring is out of my control.
My preferred solution would be to keep the originals in a personal workspace on the servers. Blurring would be applied before transfer to Mapillary’s workspace so that Mapillary could only access the blurred images. As GDPR does not apply to data storage and processing for strictly personal use, this should be legal, like is storing pictures in a personal cloud.
I understand that Mapillary is not addressing the issue in the forum if they don’t have a solution ready. On the other hand, they probably underestimate the importance of this issue in privacy-sensitive countries like Germany. Not only do contributors stop contributing because of the recent legal changes but many people never joined the community because of privacy concerns.
Well…I know a way to push the issue to their attention though I’m not sure how much damage it would cause.
I’ll wait until my ISP cycles thought their log and reconsider the situation again.
This issue is now 2 months old and still to reaction from Mapillary.
Not only do contributors stop contributing because of the recent legal changes but many people never joined the community because of privacy concerns.
I am interested in contributing images, but until there is a statement/clarification/solution from Mapillary I won’t start because I also think it is a violation of the GDPR to upload unblurred images.
Thank you for bringing this up and sorry it took so long. Here’s the official word from Mapillary.
When you as an individual upload a photo to Mapillary, Mapillary is responsible for making sure that the processing of that photo is lawful under the GDPR. You (or any user) is not liable under the GDPR for any photo when it has been uploaded to Mapillary.
If we look outside the GPDR, Mapillary cannot take responsibility for making sure that the taking of the photo is legal in the location where the photo is taken since there can be any number of local rules and regulations that we cannot monitor. We mention this in our Terms, stating that you should not upload any content that violates any local law.
Regarding the discussion about uploading non-blurred images. As mentioned, it is Mapillary’s responsibility to make sure that any personal data that is included in any uploaded content is ok to processes under the GDPR. The GDPR does not stipulate that you need the consent of any person pictured in order to process their personal data. The GDPR have several other legal grounds, beside consent, that allows for a data controller to process personal data. Mapillary bases its processing on Mapillary’s legitimate interest to provide our service. When the legal bases “legitimate interest” is used steps have to be taken to ensure that the legitimate interest of Mapillary outweighs the pictured person’s privacy interest. This weighing of interests, and the fact that we value people’s privacy, is the reason that we blur the faces of people and license plates in uploaded content. We also make sure that only a handful of people at Mapillary has access to any non-blurred images and never publish non-blurred images.
I hope this helps and clarifies some of your concerns.