An App might shortly allow Google Glass users to read the sentiments of people they are talking to as part of a wearable technology project run by a US start-up Emotient. However, this project might face some data protection issues.
According to what covered on the press, the technology that Emotient is working on is named “sentiment analysis glassware” and will be a software able to interpret facial expressions through the screening of 19 different facial movements by means of the camera placed on Google Glass and associating them to sentiments. In the short term such technology might look more like a “game”, but for instance I would never allow my counterparty in a contract negotiation to know what I am feeling and potentially thinking! However, in the long term the purpose of Emotient is to enable commercial companies to collect aggregate data on the sentiments of their customers so that they can improve the services addressed to them.
Emotient declares that no privacy issue arises as the data will be aggregated and the images will not be stored. However, under a European data protection law perspective, also the mere collection of images and their review in order to associate them to the relevant user will lead to a “data processing” subject to privacy regulatory restrictions. Indeed, also the point raised as to the circumstance that data will be aggregated does not waive data protection law restrictions as far as it is possible even indirectly connect those images and therefore the relative emotions to the relevant users. And this might be easily performed through the identification code of the wearable technology to which the user will be linked as part of registration processes even if performed by third parties such as Google once the user registers to Google Play. Additionally, facial expressions might be considered even biometric data subject to additional privacy related obligations as previously reported or health related data if the user has facial deformities.
As discussed with reference to the monitoring of users’ movements by means of wearable technologies, the fact that processing of personal data will occur by means of this wearable technology will oblige companies running such type of product to comply with the privacy obligations in terms of, among others, disclosure of purposes of processing, storage modalities and required consent to the data processing already covered here. And interestingly enough, according to the position of the European data protection consultancy body, companies running such products shall comply with the data protection laws of the place where their users are located rather than of their place of establishment putting considerable regulatory obligations on such entities that if they want to market their products in Europe shall comply with the stringent European data protection obligations.
Finally, if such technology will enable a profiling of users allowing marketers of products to send them promotions and offers based on their personal sentiments when they see the image of some products, additional data protection obligations will apply and for instance in Italy the processing of personal data shall be notified to the Italian Data Protection Authority.