Snapdragon 8 Gen 1 and always-on cameras: where is the limit to privacy?

From Hawaii, Joyce Macedo wrote an article for TecMundo talking about some of the innovations and features that could be developed and implemented by smartphone manufacturers with the adoption of the new processor Snapdragon 8 Gen 1 from Qualcomm. For you to know more, access here all the stories she did from surfing paradise (she went to work, invited by Qualcomm, so, I don’t know if it got a little beach).

There are a lot of cool things that can be introduced, and the reality is that the Lei de Moore will have its end soon. If it’s not over, as many people say.

Snapdragon 8 Gen 1 Camera aways-on can reach high-end cell phones with Snapdragon 8 Gen 1 Source: Qualcomm

One of the possibilities for new features will be the incorporation of an always-on front camera, that is, one that never turns off and sees its owner’s beautiful face uninterruptedly, and the person’s entire surroundings will also be captured by the lenses, or that is, the smartphone owner is constantly living on big brother.

When I read the article, I was mad at the possibility of having my privacy violated yet again, but now in a much more direct and open way, and I sought the answer to my anguish in the Brazilian general data protection law, and in the GDPR from Europe and yes, the adoption of this type of camera can be a problem.

practically the entire general data protection law The Brazilian LGPD deals with the privacy and intimacy of users, but items I and IV of article 2¹, article 17 ², are the ones that more precisely protect these rights, and in my humble opinion, the adoption of a camera of this type can generate the total loss of privacy.

When the camera is on, it is continuously capturing our biometric data – our face, our facial expressions, and with this it is possible to know our biological sex, whether we are men, women, transgender, whether we are happy, sad, nervous, and this makes it possible to deliver advertising that is more and more personalized according to the moment in which we find ourselves.

Imagine an algorithm that knows you’re hungry by your physiognomy, or that you’re out of shape, and starts sending you suggestions for healthy restaurants, fit foods or even gyms near you.

Snapdragon 8 Gen 1 Fonte: Shutterstock

A lot of people will think it’s great, as this functionality can bring some benefits for those who want to stay hyperconnected, but: what if the user cannot disable the always-on function, or has no real guarantees that this functionality was actually disabled? It is obvious that our privacy will have been violated and we will not know what is being done with our data.

Whoever chooses to give authorization can do so without any difficulty. Everyone knows what they do with their data. But what matters is that this authorization is based on truth and transparency, and manufacturers must, necessarily, put the option for the user to enable the function, and not for it to come from the factory enabled.

This is because, according to item II of article 5 of the law ³, our biometric data are considered sensitive, and can only be collected and used if we authorize it expressly and consciously, and for specific purposes that have been previously informed4. The generic authorizations that companies do not explain anything and users do not read are not valid.

There should be a warning (a disclaimer) like: “if you enable the Always-on function, we will use your face data to understand your meaning in a given situation, and we will deliver you advertising from our partners that are relevant for you at that moment”

Without this, and without you or I authorizing the use of this data, this will be illegal and companies that use the data can be fined according to the seriousness of the act, and it’s no use saying that this functionality serves to prevent fraud and protect the user, as it has been said, as there are several other less invasive ways to do this, such as making any smartphone have one or two screen locks after a certain time unlocked.

And we know that children, instead of playing ball and playing in the street, stay with their faces buried in their cell phones all day, so, knowing they are children, the advertising can be specific for them, but the processing of the data of the children only it can be done with the consent of those responsible, according to paragraph 1 of article 14 5.

Snapdragon 8 Gen 1Fonte: Shutterstock

In the case of kids, there must be a functionality where the responsible authorizes or denies the use of these data by the manufacturer or any third party, even if the activation of the functionality is authorized.

Look, the problem is not the powerful processors, nor the cameras themselves, but the uncertainty that smartphone manufacturers will respect our right to privacy and privacy, and that if we don’t enable this feature or disable it, our data biometrics will not really be used. Felipe Payão has already written about it here at Tecmundo, more than 3 years ago, and until today, we have no guarantees in this respect.

The General Regulation on Data Protection of the European Community, in Article 9, also prohibits the processing of biometric data without consent6, and then we return to the same problems I mentioned earlier. But here, information about what will be done with these data also needs to be provided7.

But both in Europe and in Brazil, you and I can request that the processing of data be terminated at any time (nothing is eternal), as long as the data subject exercises his right and asks whoever is in possession of this data. delete and no longer use them, in accordance with article 21 et seq. of the RGPD, and article 15 et seq. of the LGPD.

The big question is: here in Brazil, which is still a hell of a blast when it comes to inspection, will we have guarantees that our privacy will be respected, or even our 15 minutes of privacy that we would all have one day, will disappear?

Rofis Elias Son, a columnist for TecMundo, is a geek and lawyer, passionate about technology since childhood. He was the first on the street to have internet at home, in 1994, and specialized in Computer Law in Brazil and Portugal. Today, he is a professor of the same subject at several institutions, having been the executive coordinator of the postgraduate course at ESA/SP. He is a partner at Elias Filho Advogados, a lawyer for several technology companies in Brazil and abroad. sgo on social media for more tips: @eliasfilhoadv.

1: Art. 2 The discipline of personal data protection is based on: I – respect for privacy; (…) IV – the inviolability of intimacy, honor and image;

2: Art. 17. Every natural person is guaranteed the ownership of his/her personal data and guaranteed the fundamental rights of freedom, intimacy and privacy, under the terms of this Law.

3: Art. 5 For the purposes of this Law, it is considered: (…) II – sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership in a union or organization of a religious nature, philosophical or political, data referring to health or sexual life, genetic or biometric data, when linked to a natural person;

4: Art. 11. The processing of sensitive personal data can only occur in the following cases: I – when the owner or his/her legal guardian consents, in a specific and prominent manner, for specific purposes;

5: Art. 14. The processing of personal data of children and adolescents must be carried out in their best interest, under the terms of this article and the pertinent legislation. § 1 The processing of personal data of children must be carried out with the specific and prominent consent given by at least one of the parents or by the legal guardian.

6: Article 9. Processing of special categories of personal data 1. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership is prohibited, as well as the processing of genetic data, biometric data to uniquely identify a person, data relating to health or data relating to a person’s sex life or sexual orientation. 2. The provisions of paragraph 1 shall not apply if one of the following cases occurs: If the data subject has given his explicit consent to the processing of such personal data for one or more specific purposes, unless under Union law or a Member State to provide that the prohibition referred to in paragraph 1 cannot be overturned by the data subject

8: Article 13 Information to be provided when personal data are collected from the data subject 1. When personal data are collected from the data subject, the data controller shall provide the following information when collecting such personal data: ( …) c) The purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;

Leave a Comment