In a recent ruling, Belgium’s Data Protection Authority (GBA) has directed the City of Antwerp to delete voice recordings obtained through its “noise in the student district” project due to violations of the General Data Protection Regulation (GDPR). Initiated in 2022, this project aimed to tackle noise pollution using innovative technologies, but was found to breach several data protection principles, including legality and transparency.
Insight into the Project
In an effort to address noise complaints, Antwerp installed 30 noise sensors throughout a student neighborhood. These sensors recorded ambient sound 24/7, generating ten-second audio files. When noise levels exceeded a certain threshold between 7 PM and 7 AM, the sensors produced voice prints to train an AI model to differentiate sounds and encourage noise reduction behaviors. However, the GBA’s inspection service halted the project in late 2022 pending further review.
GDPR Compliance Issues
Upon review, the GBA’s Dispute Chamber declared the project lacked a legitimate legal basis, noting it processed sensitive biometric data, specifically voice prints. According to Article 9.2 of the GDPR, processing such sensitive information is heavily restricted. Moreover, the city falsely assured the public that conversations would not be recorded, failing transparency requirements. Additionally, the processing of voice prints unencrypted on Google’s cloud platform without sufficient protective measures, and the transfer of data outside the European Economic Area, further compounded the GDPR breaches.
The GBA highlighted the city’s inadequate assessment of potential risks to individual rights, as forewarned by its Data Protection Officer. With thorough risk evaluations, measures could have been implemented to prevent GDPR infringements, the authority stated.
Sanctions and Recommendations
In response, the Dispute Chamber issued a reprimand and ordered Antwerp to erase all voice prints and raw audio files. Though the project aimed to resolve a recognized nuisance within a limited timeframe and the city cooperated with the investigation, compliance failures had to be addressed. Hielke Hijmans, the Dispute Chamber’s president, emphasized that innovation and data protection can coexist, but projects involving new technologies necessitate robust risk management strategies and collaboration with data protection officers.
The GBA offers resources to guide data controllers in leveraging new technologies within the bounds of GDPR, including informational booklets on AI systems and reports from “Smart Cities” workshops.
For further insights, visit the original source link: [https://www.gegevensbeschermingsautoriteit.be/burger/gba-beveelt-antwerpen-audiobestanden-in-het-kader-van-project-lawaai-in-de-studentenbuurt-te-verwijderen]