“There is something great about what Indivd is doing”
Image source: JP Infonet
– We think that Indivd’s anonymization technology is legal, based on what we have reviewed and our knowledge of the law. That is why we have given Indivd a green light. The solution is innovative and it satisfies the purpose in a privacy-friendly way. There is something great about what Invid is doing”, says the lawyer Didrik Värmon who, together with the lawyer Hanna Kjellman, have conducted the audit of Indivd’s technology in the podcast Privacypodden. Didrik also explains, in this interview, the background to the audit and how the audit was conducted.
How did the review of Indivd’s new technology come about?
– Me and Hanna Kjellman in the podcast Privacypodden came in contact with Fredrik Hammargården from Indivd during Almedalen 2019. We became curious about Indivd’s solution and eventually decided to do a first podcast episode with Fredrik about Indivd. It was an episode that generated more questions than answers. At that time, Indivd’s patent was not yet ready and Fredrik could not speak in detail about how the technology works. We are lawyers, but very interested in privacy and technology and found that there was a thrill in a guy sitting here and telling us that they have developed an anonymized facial recognition technology. Our first impression was that that does not go together – how can the technology be based on facial recognition and at the same time be anonymized? It brought us both questions and interest.
How did you conduct the audit?
– We already talked after the episode about conducting a deeper audit of the technology when the patents were ready and when Indivd could share more information about how the technology works. Which is why it ended up in March 2020. First, we were given the opportunity to access Indivd’s documentation, the data protection impact assessment that Indivd had conducted together with the law firm Baker McKenzie. Documentation that describes Indivd’s anonymization technology, but also describes anonymization from a more theoretical perspective. After that, we also had a meeting with Fredrik Hammargården and Indivd’s AI expert Leonard Johard, where we were given the opportunity to ask critical questions and get a better image of how the technology works.
– I am a lawyer and this is a technique that is quite complicated. Though it gave us enough to move on to stage three, which was the recording of the episode itself, where we interviewed Fredrik and placed him more publicly against the wall. Then, at the end of the section, we summarized what we considered about Indivd and Indivd’s technology.
What were your conclusions – is Indivd’s technology legal?
– Yes, Hanna Kjellman and I agree that Indivd is definitely on the right track. Based on what we have audited and based on our knowledge of the law, we think that it is legal. We gave Indivd a green light at the end of the episode. Both me and Hanna appreciate privacy-friendly innovation and we basically see Indivd’s solution as a step in the right direction.
But did you also come into some more difficult gray zones from a data protection point of view?
– Yes, we highlighted the data protection legislation as it is right now. It is tricky and contains many gray zones, which means that there will always be questions about the processing of personal data. Where the legislation does not have clear and sharp answers which affect a technical solution such as Indivd. We can assess the data protection impact assessment and, based on our opinion, agree with the difficulties with consent reasoning. But we cannot say for sure what considerations the Data Protection Authority chooses to make. Their consensus is crucial. But we believe that Indivd is right about the questions we had.
Do you feel that Indivd’s solution has an important purpose to fulfill?
– Indivd’s ambition has always been to develop a privacy-friendly solution, at the same time as there are other players who are pulling the other way. There is still a debate and an expression of will from some actors that we should allow the use of pure facial recognition in physical stores because the technology gives a huge amount of information, which you as a shop owner can directly benefit from. That is why a privacy-friendly solution must fulfill a purpose that the market sees great value in if it is going to survive. Something we think that Fredrik, during the interview, had good and satisfactory answers to.
– Retailers will not get the same insights they would have gotten if they used illegal facial recognition technology, but Indivd’s anonymized solution still results in such good and sought-after insights that it generates great value.
What dangers do you see with the increased acceptance of facial recognition?
– Facial recognition has been approved for military and police purposes in Sweden. The next step may be that we are talking about using facial recognition to stop the spreading of the coronavirus. But I think there is a great danger in implementing technology that can in the long run damage society and democracy. Even if it is, for the moment, it is being conducted for good purposes. There is always a risk that already implemented technology will be abused later on. There is also a risk that citizens will be overly positively and nonchalantly attuned to the fact that facial recognition is used in society in a broader context. I am not worried about how the government decides to implement facial recognition today. But what does society look like in 10-20 years? Democracy is always dynamic. It is never equally strong. Take Hungary as an example, where the corona pandemic is used as an excuse to further dismantle democracy. Similar dangers also exist in Sweden if we become more permissive.
Do you think that Sweden and the EU, with their tough data protection legislation, can take the lead in more privacy innovations?
– There is something great about what Indivd does. We believe that innovation is necessary, based on our audit and what we have seen of Indivd’s solution which satisfies the requested purposes in a privacy-friendly way.
– It is possible to solve a lot of personal data processing through innovative solutions, where things are implemented in an alternative and legal way. That is why this audit has made me more optimistic when I talk to innovators such as Indivd.
Should Sweden encourage privacy-friendly solutions?
– There are many different areas, where we should do just that. My hope is that more privacy-friendly solutions will emerge in the future. The EU has a head start as a result of Member States introducing the Data Protection Regulation in 2018. We are at the forefront when it comes to tough privacy legislation. What we now see, and have seen in Europe, is becoming increasingly important. Even internationally. Brazil, Japan, and India have already introduced tougher data protection laws. And in the United States, where California has taken the lead in its legislation, the chance of federally passing a privacy law has never been greater than now. Against this background, Europe’s entrepreneurs have gotten a head start when it comes to taking the lead with new privacy innovations.
For more information contact:
Fredrik Hammargården, Head of Commercialization, 004673 840 65 27, firstname.lastname@example.org