DATA PROTECTION ASPECTS OF AN AUTOMATED REGISTRATION OF VEHICLE REGISTRATION PLATES
The benefits of automatic processing of vehicle license plates are now manifold. Whether it's opening a barrier to a parking garage, determining parking times on parking areas or statistically evaluating the origin of visitors or customers, license plate recognition is now a good tool.
However, the question arises as to whether personal data are collected in accordance with the European Basic Data Protection Regulation (DSGVO) when passing through a collection point, and whether these persons should actually give their consent prior to collection. However, this is not practicable for mass scanning for the purposes stated above. The operators like to talk themselves out of a balance of interests, which is, however, on shaky legs.
The Road Traffic Act (StVG) expressly states that a reference can always be made to an "identified or identifiable person" via the registration number of a vehicle. Thus, at least theoretically, there is the possibility of establishing a personal reference in the sense of a personal reference, which fulfils the elements of the offence of Art. 4 No. 1 DSGVO. Section 39 (1) StVG provides a basis for a claim in order to obtain information about the person of the respective licence holder by presenting a specific vehicle registration plate. Accordingly, the competent registration authority or the Federal Motor Transport Authority is obliged to disclose the name of the holder of the vehicle registered on the licence plate presented to the applicant when presenting a qualified interest. It is therefore questionable whether the abstract existence of a legal possibility to obtain the additional knowledge required to establish a personal reference already turns a license plate into personal data. In the context of a recent judgment on the personal reference of dynamic, i.e. changing IP addresses which are regularly reassigned to a certain subscriber, the ECJ clarified that it is not necessary for the assumption of a personal date that all information necessary for the identification of the person concerned is in the hands of a single person. Rather, it is sufficient if the data processor concerned has means which could reasonably be used, with the help of third parties, to identify the person concerned on the basis of the IP addresses stored. In accordance with the ECJ's referral decision, the BGH subsequently decided that the existence of legal means is sufficient to establish the necessary personal reference and thus assumes that personal data exist. If a certain sign is known, it is at least theoretically possible without major obstacles to obtain the additional knowledge required to identify the holder by means of a request to the competent authority. This does not require any cumbersome searches for the holder of the additional knowledge, nor is the procedure to be followed for this particularly time-consuming or costly. In contrast to querying the holder of a determined dynamic IP address, no legal action is required. The personal reference of a sign is thus already to be affirmed with indirect identifiability of a person.
It is therefore necessary to use a new procedure in which no personal reference is possible in order to be on the safe side under data protection law. The new CAR-READER® version ff is capable of this. Details can be obtained directly from the manufacturer
We are currently in development and release in the near future