What they, and EU regulators, have never spelled out is what happens to that footage after the alert goes off.
That's actually not true.
The General Data Protection Regulation (GDPR) is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU residents with respect to their personal data. This harmonization creates new rights for individuals and a set of stronger and clearer rules for businesses. The GDPR applies to all companies handling the personal data of EU residents, including companies established outside the EU if they offer goods or services to EU residents or monitor their behaviour. The GDPR entered into force on May 25, 2018.
Updated:
Updated definition of personal data: Location data and online identifiers are now expressly included in the definition of personal data.
Comprehensive record-keeping obligation: Records are used to demonstrate compliance.
Stricter definition of consent: Specific, informed and unambiguous consent must be freely given by a statement or by clear affirmative action. Individuals can withdraw their consent at any time.
New rights for individuals: Individuals have the right to access, transfer, correct and restrict their personal data and to ask that it be destroyed.
New requirement to appoint a data protection officer: Companies processing personal data on a large scale must appoint a data protection officer.
New data breach notification requirement: Competent supervisory authorities within the EU must generally be informed within 72 hours of a personal data breach.
Diversified toolkit of mechanisms: The toolkit is provided to lawfully transfer data outside the EU; the transfer is subject to specific conditions and safeguards.
Penalties for non-compliance: Companies would be subject to fines of up to 4% of global annual turnover or €20 million, whichever is higher.
Early real-world testing suggests the distraction warnings can be overly sensitive and potentially distracting.