Automatic number plate recognition (ANPR) cameras have been around for a while. Optical character recognition technology to read and recognize vehicles’ license plates are great tools for enforcing traffic regulations and, therefore, creating safer and less congested roads. However, many people consider ANPR cameras a threat to their privacy, especially if these cameras can also capture their faces. Their fear of such violation of privacy may seem an exaggeration, but seeing the scandals many companies have been involved in over the past few years turned these concerns legit.
As such, this article won’t be about convincing you of the usefulness of ANPR cameras. We do hope, however, that once you reach the last sentence, you’ll see that these cameras not only protect the roads but sensitive data as well.
How Is Data Safety Regulated?
Due to the immense flood of data, many companies store them in the cloud. When using a cloud service, only a portion of the actual data is stored on the computer, with the majority in the cloud. This, however, creates a new problem: if the information isn’t on the device but on the servers of a third party, whose responsibility is to make sure it is protected? More importantly, what guarantees its safety?
Since license plates and the likeness of a person can be considered sensitive data, it is protected by law. It usually regulates who can use data gathered from ANPR cameras, how long said data can be kept, and what other privacy-related aspects apply. However, these laws vary from country to country. For instance, Canada, Australia, New Zealand, China, Japan, African/Mideastern countries, all 50 U.S. states, and even ASEAN (Association of Southeast Asian Nations) member states have their respective regulations. In other words, it isn’t easy to comply with regulations—unless you’re in the European Union. Because in the EU, there is the General Data Protection Regulation (GDPR) that strictly governs how private data may be collected, stored, and used in all member states.
ANPR and GDPR
Since GDPR considers personal data protection sacred, any manufacturer involved in the collection, encrypting, storing, and sharing of data must comply with a set of strict regulations lest they want to receive a penalty that can be €20,000,000.00 or even more. The strictness of GDPR and the high penalties ensure that companies collecting sensitive data handle it with utmost security. Regardless of having citizenship in an EU state, people have the so-called “right to be forgotten.” This allows you to request a company falling under GDPR to remove any personal information about you, provided that you have a clean criminal record and the gathered data aren’t exempted from the erasure rule.
License plate information, an image of a vehicle, and a facial snapshot are all deemed highly-sensitive personal information and thus protected by GDPR. Anyone using ANPR software or hardware in the EU must guarantee that their solutions fully comply with the strict European laws. Adaptive Recognition started manufacturing GDPR-compliant solutions even before the regulations came into effect, and it has continued this practice ever since. When license plate data is automatically entered into a Carmen® product, all uploaded results are handled by an encrypted channel and, upon request, can be deleted from databases. The same applies to our ANPR cameras – especially models running license plate recognition – whether they are used for access control, traffic monitoring, or speed and traffic enforcement.
Even ANPR Cloud, our cloud-based SaaS ANPR solution, which runs using the platforms of a third party, Amazon Web Services (AWS), fully complies with the requirements of GDPR. Data is used only for the recognition process – taking only 80–200 milliseconds – and is then temporarily stored in Amazon’s ultra-encrypted web servers before being entirely deleted. Additionally, we use an HTTPS channel for communication, and we never make images sent to ANPR Cloud public. Moreover, we never claim ownership of any of the content you transmit to the ANPR Cloud API.
Handling ANPR Data in the Rest of the World
Although GDPR has been and is still considered an overkill by many, more and more countries recognize it as an effective way to protect citizens’ data privacy rights. It’s safe to say that GDPR is just the beginning; similar or even stricter data protection laws are to be expected shortly, considering the exponentially growing amount of data and public outcry.
Thanks to the cooperation between the EU and the Organization for Economic Co-operation and Development (OECD), non-EU states already have guidance on creating regulations similar to the GDPR. The U.S. and many EU member states have passed legislation conforming with this guidance, while several other members have them pending. Some Middle Eastern and North African countries already enacted their data protection legislation before GDPR came into effect. The United Arab Emirates passed relevant laws in the middle of the COVID pandemic in 2020. China passed the Personal Information Protection Law (PIPL) in 2021, defining personal information and regulating data processing, storage, and transferring.
Sooner or later, no matter where you go, license plate information, vehicle image, and facial photos taken behind the windshield will be treated as highly-sensitive personal data inaccessible to all but parties collecting it. We at Adaptive Recognition have taken citizens’ and users’ concerns about access to their data very seriously. To guarantee compliance with privacy regulations and, consequentially, establish customer trust, all of our ANPR cameras and software – not to mention our passport readers and ID scanners – are manufactured per all existing data privacy laws around the world.