The Data Protection Agency has changed its practice in relation to publication of images on the internet. In the future, the Agency will no longer distinguish between portrait photos and situational images.
When photos of people are published on the internet, it constitutes processing of personal data if the people photographed are identifiable. When assessing whether an image can be published without consent, the Data Protection Agency has until now distinguished between ”portrait photos” and ”situational images”, depending on whether the purpose of the image was to depict a person or a situation/activity.
So far publication of portrait photos has required consent from the person photographed. In contrast, situational images could be published without consent. The Agency has applied this practice since 2002, but the distinction has given rise to uncertainty. In light of such uncertainty, the Agency recently changed its practice.
Instead of distinguishing between portrait photos and situational images, the Agency will make an overall assessment of each individual image and the purpose of the publication in order to evaluate if the image can be published on the internet without consent from the person(s) photographed.
The data controller – including employers – must therefore prior to publishing an image determine the basis of the processing, including the purpose, of the publication. In addition, the data controller must make sure that the people photographed are aware that the image will be published to safeguard their rights, including their right of access.
The Agency’s article and comments on the new practice (in Danish) can be read here.
The content of the above is not, and should not be a substitute for legal advice.