Expert Advice Community

Actors considered data subjects in media files?

  Quote
LindaK Created:   Jan 12, 2023 Last commented:   Jan 13, 2023

Actors considered data subjects in media files?

We process media files like series, movies etc for streaming service providers. In these movies you have a person (actor) and in the credits you can see the person's actual name so you can connect the picture to the actual person. Does this also make all films and series that we handle in our production fall under GDPR? Although this information is available on various streaming platforms and online etc.?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Jan 13, 2023

Names and pictures are personal data, according to Article 4 GDPR – Definitions. By doing media processing of personal data – images, video feeds, and names in credits – you are processing personal data. If you are based in the EU, or if you offer goods and services to people in the EU, according to Article 3 GDPR - Territorial scope – GDPR applies to your personal data processing operations. The first step is to determine your role – controller or processor. If you are a processor, you need a Data Processing Agreement signed with the streaming service providers, where they mandate you to process these films based on their instructions.

If you are a controller, you need a purpose and a legal ground for processing, according to Article 6 GDPR - Lawfulness of processing. The actors and the crew have a contract with the movie production company, so they process their data based on Contractual Obligation, per Article 6.1.b GDPR – contractual obligation. The streaming service providers have a contract with the production company, and you have a contract with the streaming service providers, but the crew and actors are not part of your contract, so you cannot use Contractual Obligation. In my opinion, the best fit for a legal ground for processing would be Legitimate Interest, but in this case, you should perform a Legitimate Interest Assessment and you should inform the actors and the crew.

At Advisera, we have a great resource to help you, an EU GDPR Documentation Toolkit that contains all documents necessary to drive your GDPR-compliance efforts, which also contains templates for privacy notices, data subject access requests, data processing agreements, and so on.

Please check these links:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2023

Jan 13, 2023

Suggested Topics

Dana Created:   Jan 22, 2023 EU GDPR
Replies: 1
0 0

Controller and Processor

wasima Created:   Jan 22, 2023 EU GDPR
Replies: 1
0 0

Data subject Rights

Guest user Created:   Jan 19, 2023 EU GDPR
Replies: 1
0 0

GDPR in Sweden