Privacy by design - GDPR

[ccloquet]

This topic discusses privacy by design principles & GDPR compliance

Purpose
For the 112-dispatching, to have pictures of an incident quickly, so that they can make the appropriate decisions and send the adequate help (eg: characterize which kind of smoke, or which kind of security issue the citizen is facing). The images are not to be used later in investigations.

Privacy principles

• once on the server, the images are stored anonymously
• TODO: the SMS should be erased from the server as soon as possible (only the calltaking center should have the data) => consider moving from Clickatell to Twilio (which allows to erase the messages)
• the images should be erased after 6 hours. TODO: a cron, instead of a delete one at the consultation time
• point of discussion: in the current implementation, the access logs are stored during 1 year (maybe too much for this purpose)

Notes

• to ckeck : which kind of EXIF data are transmitted and which are sensitive?
• right to one's image : what if 3rd parties are recognizable on the picture? Could they/would they be used eg. to charge for a crime unrelated with the call? Mitigation: add a banner 'only take a general picture, do not focus on people, etc.' [from @laudeco]
• if using Twilio: could redact/delete the message afterwards (eg : a cron every 6 hours deleting the messages older than 6 hours)