From Hawaii, Joyce Macedo wrote an article for TecMundo talking about some of the innovations and features that could be developed and implemented by smartphone manufacturers with the adoption of the new processor Snapdragon 8 Gen 1 from Qualcomm. To find out more, access here all the stories she did from surfing paradise (she went to work, invited by Qualcomm, so, I don’t know if it got a little beach).
There are a lot of cool things that can be introduced, and the reality is that the Lei de Moore will have its end soon. If it’s not over, as many people say.
Always-on camera can reach high-end cell phones with Snapdragon 8 Gen 1.Source: Qualcomm
One of the possibilities of the new features will be the incorporation of an always-on front camera, that is, one that never turns off and that sees its owner’s face uninterruptedly. In addition, the person’s entire surroundings will also be captured through the lens, that is, the smartphone owner will constantly live in “big brother”.
When I read the article, I was concerned about the possibility of having my privacy violated yet again, but now in a much more direct and open way, and I sought the answer to my anguish in the General Law for the Protection of Personal Data (LGPD) , and in the General Regulation on Data Protection (GDPR) from Europe and yes, the adoption of this type of camera can be a problem.
Practically the entire Brazilian LGPD deals with the privacy and intimacy of users, but items I and IV of article 2¹, article 17 ², are the ones that more precisely protect these rights and — in my humble opinion — the adoption of such a camera can lead to total loss of privacy.
When the camera is on, it is continuously capturing our biometric data — our face, our facial expressions, and thus it is possible to know our biological sex, whether we are male, female, transgender, happy, sad, nervous, and this makes it possible to deliver advertising that is more and more personalized according to the moment in which we find ourselves.
Imagine an algorithm that knows you’re hungry for your physiognomy, or that you’re out of shape, and starts sending you suggestions for healthy restaurants, fit foods, or even gyms near you.
A lot of people will think it’s great, as this functionality can offer some benefits for those who want to stay hyperconnected, but: what if the user cannot disable the always-on function, or has no real guarantees that this functionality was actually disabled? It is obvious that our privacy will have been violated and we will not know what is being done with our data.
Whoever chooses to give authorization can do so without any difficulty. Everyone knows what they do with their data. But what matters is that this authorization is based on truth and transparency, and manufacturers must, necessarily, put the option for the user to enable the function, and not for it to come from the factory enabled.
This is because, according to item II of article 5 of the law ³, our biometric data are considered sensitive, and can only be collected and used if we authorize it expressly and consciously, and for specific purposes that have been previously informed4. The generic authorizations that companies do not explain anything and users do not read are not valid.
There should be a warning (a disclaimer) such as: “if you enable the Always-on function, we will use your face data to understand how you feel in a given situation, and we will deliver advertisements from our partners that are relevant to you that moment”.
Without this, and without you or I authorizing the use of this data, this will be illegal and companies that use the data can be fined according to the seriousness of the act, and it’s no use saying that this functionality serves to prevent fraud and protect the user, as it has been said, as there are several other less invasive ways to do this, such as making any smartphone have one or two screen locks after a certain time unlocked.
And we know that children, instead of playing ball and playing in the street, stay with their faces “buried” into their cell phones all day, so, knowing they are children, advertising can be specific for them, but the processing of data from the kids can only be done with the consent of those responsible, according to paragraph 1 of article 14 5.
In the case of children, there must be a functionality in which the responsible authorizes or denies the use of these data by the manufacturer or any third party, even if the activation of the functionality is authorized.
The problem is not the powerful processors, nor the cameras themselves, but the uncertainty that smartphone manufacturers will respect our right to intimacy and privacy, and that if we don’t enable this feature or disable it, our biometrics really don’t will be used. Felipe Payão has already written about it here at TecMundo, over 3 years ago, and until today we have no guarantees about it.
The RGPD of the European Community, in Article 9, also prohibits the processing of biometric data without consent6, and then we return to the same problems I mentioned earlier. But here, information about what will be done with these data also needs to be provided7.
But both in Europe and in Brazil, you and I can request that the processing of data be terminated at any time (nothing is eternal), as long as the data subject exercises his right and asks whoever is in possession of this data. delete and no longer use them, in accordance with article 21 et seq. of the RGPD, and article 15 et seq. of the LGPD.
The big question is: here in Brazil, which is still a “damn hoo-ha” in the matter of inspection, will we have guarantees that our privacy will be respected, or even our 15 minutes of privacy that we would all have one day will disappear?
Rofis Elias Son, a columnist for TecMundo, is a geek and lawyer, passionate about technology since childhood. He was the first on the street to have internet at home, in 1994, and specialized in Computer Law in Brazil and Portugal. Today, he is a professor of the same subject at several institutions, having been the executive coordinator of the postgraduate course at ESA/SP. He is a partner at Elias Filho Advogados, a lawyer for several technology companies in Brazil and abroad. sgo on social media for more tips: @eliasfilhoadv.
1: Art. 2 The discipline of personal data protection is based on: I — respect for privacy; (…) IV — the inviolability of intimacy, honor and image.
2: Art. 17. Every natural person is guaranteed the ownership of his/her personal data and guaranteed the fundamental rights of freedom, intimacy and privacy, under the terms of this Law.
3: Art. 5 For the purposes of this Law, it is considered: (…) II — sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or character political, data referring to health or sexual life, genetic or biometric data, when linked to a natural person.
4: Art. 11. The processing of sensitive personal data can only occur in the following cases: I — when the holder or his/her legal guardian consents, in a specific and prominent manner, for specific purposes.
5: Art. 14. The processing of personal data of children and adolescents must be carried out in their best interest, under the terms of this article and the pertinent legislation. § 1 The processing of personal data of children must be carried out with the specific and prominent consent given by at least one of the parents or by the legal guardian.
6: Article 9. Processing of special categories of personal data 1. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership is prohibited, as is the processing of genetic data, biometric data to uniquely identify a person, data relating to health or data relating to a person’s sex life or sexual orientation. 2. The provisions of paragraph 1 shall not apply if one of the following cases occurs: if the data subject has given his explicit consent to the processing of such personal data for one or more specific purposes, except if under Union law or a Member State to provide that the prohibition referred to in paragraph 1 cannot be overturned by the data subject.
7: Article 13. Information to be provided when personal data are collected from the data subject 1. When personal data are collected from the data subject, the data controller shall provide the following information when collecting such personal data: (… ) c) The purposes of the processing for which the personal data are intended, as well as the legal basis for the processing.