heise PlusAbo
Anzeige

Data protection authority stops unpixelated livestream of nudist beach & more

In addition to topics such as AI and video surveillance, data protectionists are also concerned with curiosities such as a live stream from a nudist beach.

listen Print view
Beginning of a nudist beach with beach chairs in the background.

(Image: Harald Lueder/Shutterstock.com)

8 min. read
By
Contents

If you want to be undisturbed on vacation, you should also take a quick look at any cameras that may be installed. As the State Commissioner for Data Protection in Lower Saxony, Denis Lehmkemper, states in his activity report for 2024, a freely accessible webcam with a pan and zoom function streamed a nudist beach directly onto the internet. This turned the holidaymakers into unsuspecting protagonists in a livestream that was probably intended for tourist advertising. In addition to the clothing, there was also no reference to the video surveillance.

The section of beach in question was recorded with a swivel webcam, which even had a zoom function: "This affected people in their private parts", the report states. The person responsible pixelated the section of beach as part of a procedure and had to pay a fine "due to the high level of intrusion".

In another case, a complaint was received about video surveillance in a sauna and spa area. According to its own research, the authority then discovered "that the company's website also contained recordings from two webcams", one of which showed the beach area and the other the indoor pool area. The controller initially did not want to design the video surveillance in compliance with data protection regulations. The "unlawful data processing" was only stopped after a "formal" request from the authority. Overall, these were isolated cases, but according to the report, more complaints and information about "tourist webcams" were received, whereupon the LfD Lower Saxony wrote a letter of advice for the municipalities.

Video surveillance and facial recognition

The authorities receive a particularly high number of complaints about video surveillance, "especially from private individuals [...] due to cameras recording large areas in the neighborhood". Employees also reported to the data protection authority due to "extensive camera surveillance of sales and recreation areas".

Videos by heise

Another frequent reason for complaint mentioned in the report is unwanted contact, "usually for advertising purposes". Other data protection authorities also cited this reason. The unauthorized publication of personal data on the internet also attracted negative attention, which "represents a considerable encroachment on the personal rights of those affected".

Facial recognition systems

Data protection experts also warn against the increasing use of automated biometric facial recognition systems in public spaces, which is regularly called for by representatives from politics and the police. The data protection conference of the independent German federal and state data protection supervisory authorities published guidance on this at the end of 2024 and advised caution when using them (PDF).

The State Data Protection Commissioner of Brandenburg had "extensively" dealt with the use of the much-discussed facial recognition software "PerlS" by the police, which the Saxon police had developed. In her initial review, Dagmar Hartge classified the data processing as "not proportionate": "I am surprised that the investigating authorities are resorting to non-relevant standards in the Code of Criminal Procedure for the use of PerIS –, just as if the scandal surrounding the automatic license plate reading system (KESY) had not occurred a few years ago. It stands to reason that the concerns that apply to license plate recognition are even more relevant to the particularly intrusive comparison of biometric facial images."

Dependence of public authorities on market-dominating IT providers

Lehmkemper also mentions the "increasing dependence of public authorities on a few dominant IT providers". He therefore advocates strengthening the "ability to switch between IT manufacturers and service providers". For interoperability, he calls for open standards and interfaces. "Dependence on highly integrated, proprietary IT ecosystems can become a trap for data protection if it becomes almost impossible to switch to a data protection-friendly offering if necessary. Digital sovereignty is therefore becoming an increasingly central requirement for digitalization," emphasizes Lehmkemper.

Artificial intelligence in the focus of data protection authorities

All data protection officers, such as the State Commissioner for Data Protection and Access to Files in Brandenburg, Dagmar Hartge, are also specifically concerned with the topic of artificial intelligence – from employee monitoring with AI to AI in schools. Lehmkemper has set up a corresponding staff unit for the data protection-compliant use of AI. He is also in charge of the CRAI AI real-world laboratory in Osnabrück, which develops AI software for SMEs. The results are due to be published in the fall.

Read also

A "new form of individualized learning" is to be introduced in schools with the help of various tutoring systems. Children will be given tasks according to their strengths and weaknesses. To this end, the Ministry of Education in Lower Saxony has licensed the "Bettermarks" application for better grades in mathematics, while an application from the Westermann publishing house, "OnlineDiagnose", is intended to improve grades in German and English.

Shortcomings in AI software in schools

Following a review of data protection declarations, the LfD Lower Saxony has identified shortcomings, such as a lack of transparency in data processing. According to this, pupils must receive information on data protection and the program process and possible effects. Parents must also be informed that individual learning progress profiles are created. It is not permissible for these to be used to assess pupils. Furthermore, a deletion concept was not always available or clearly regulated. As with other software, this is a case of commissioned data processing, which is why the schools are responsible for data protection, not the software providers. The LfD expects the deficiencies to be rectified promptly.

Furthermore, data protection in schools with privately funded tablets poses a challenge, which is why the LfD has been "placing a special focus on data protection and media literacy among children and young people since 2024 – in response to the increasing influence of digital media and growing cyber risks in everyday school and private life."

In 2024, there was a major data leak in the daycare app "Stay Informed" that affected more than 11,000 facilities. For the final assessment of the incident, Lehmkemper is still waiting for the evaluation of the company's "extensive" forensic investigation report by the State Data Protection Commissioner of Baden-WĂĽrttemberg, Tobias Keber.

Increase in complaints and reported data protection breaches

To date, the number of complaints has also increased at all data protection authorities. In 2024, the LfD of Lower Saxony received 2,361 complaints, an increase of 7 percent on the previous year. The State Data Protection Commissioner of Lower Saxony cites several reasons for the increase in data protection complaints since the GDPR came into force. On the one hand, the increasing digitalization of many areas of life, on the other hand, the knowledge of reporting obligations, "six years after the GDPR became applicable". The number of cyberattacks has also increased, often resulting in data leaks. In total, the LfD has issued fines amounting to 1.04 million euros.

(mack)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten