Recherche avancée

Sur d’autres sites (3973)

• How to stream webcam video over RTSP using ffmpeg on Windows 10 ? [closed]

  15 mai 2024, par let me down slowly

  I am trying to stream my laptop's webcam using RTSP protocol using ffmpeg. I am trying to simulate an actual IP Camera. I have already tried different tools already including using VidGear python package, and gstreamer but could not get it working. Note : I am on Windows 10. I have tried this command :

  


  ffmpeg -f dshow -s 320x240 -rtbufsize 2147.48M -r 30 -vcodec mjpeg -i video="HD Camera" -f rtsp -rtsp_transport tcp rtsp://localhost:8554/mystream


  


  It turns on the webcam with but prints these logs to the console :

  


  ffmpeg version 7.0-full_build-www.gyan.dev Copyright (c) 2000-2024 the FFmpeg developers
  built with gcc 13.2.0 (Rev5, Built by MSYS2 project)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-w32threads --disable-autodetect --enable-fontconfig --enable-iconv --enable-gnutls --enable-libxml2 --enable-gmp --enable-bzlib --enable-lzma --enable-libsnappy --enable-zlib --enable-librist --enable-libsrt --enable-libssh --enable-libzmq --enable-avisynth --enable-libbluray --enable-libcaca --enable-sdl2 --enable-libaribb24 --enable-libaribcaption --enable-libdav1d --enable-libdavs2 --enable-libuavs3d --enable-libxevd --enable-libzvbi --enable-librav1e --enable-libsvtav1 --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxeve --enable-libxvid --enable-libaom --enable-libjxl --enable-libopenjpeg --enable-libvpx --enable-mediafoundation --enable-libass --enable-frei0r --enable-libfreetype --enable-libfribidi --enable-libharfbuzz --enable-liblensfun --enable-libvidstab --enable-libvmaf --enable-libzimg --enable-amf --enable-cuda-llvm --enable-cuvid --enable-dxva2 --enable-d3d11va --enable-d3d12va --enable-ffnvcodec --enable-libvpl --enable-nvdec --enable-nvenc --enable-vaapi --enable-libshaderc --enable-vulkan --enable-libplacebo --enable-opencl --enable-libcdio --enable-libgme --enable-libmodplug --enable-libopenmpt --enable-libopencore-amrwb --enable-libmp3lame --enable-libshine --enable-libtheora --enable-libtwolame --enable-libvo-amrwbenc --enable-libcodec2 --enable-libilbc --enable-libgsm --enable-libopencore-amrnb --enable-libopus --enable-libspeex --enable-libvorbis --enable-ladspa --enable-libbs2b --enable-libflite --enable-libmysofa --enable-librubberband --enable-libsoxr --enable-chromaprint
  libavutil      59.  8.100 / 59.  8.100
  libavcodec     61.  3.100 / 61.  3.100
  libavformat    61.  1.100 / 61.  1.100
  libavdevice    61.  1.100 / 61.  1.100
  libavfilter    10.  1.100 / 10.  1.100
  libswscale      8.  1.100 /  8.  1.100
  libswresample   5.  1.100 /  5.  1.100
  libpostproc    58.  1.100 / 58.  1.100
[mjpeg @ 0000026201ae9fc0] unable to decode APP fields: Invalid data found when processing input
Input #0, dshow, from 'video=HD Camera':
  Duration: N/A, start: 1285415.793302, bitrate: N/A
  Stream #0:0: Video: mjpeg (Baseline) (MJPG / 0x47504A4D), yuvj422p(pc, bt470bg/unknown/unknown), 320x240, 30 fps, 30 tbr, 10000k tbn
Stream mapping:
  Stream #0:0 -> #0:0 (mjpeg (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
[mjpeg @ 0000026201afe9c0] unable to decode APP fields: Invalid data found when processing input
[swscaler @ 0000026201b5cc40] deprecated pixel format used, make sure you did set range correctly
[swscaler @ 00000262068c57c0] deprecated pixel format used, make sure you did set range correctly
[swscaler @ 0000026201b5cc40] deprecated pixel format used, make sure you did set range correctly
    Last message repeated 1 times
[mjpeg @ 0000026201afe9c0] unable to decode APP fields: Invalid data found when processing input
    Last message repeated 8 times


  


  I tried opening rtsp://localhost:8554/mystream but it shows VLC is unable to open the MRL 'rtsp://localhost:8554/mystream'. Check the log for details.

  


  Killing the running process outputs these additional logs

  


  [out#0/rtsp @ 0000026201aeaf80] Could not write header (incorrect codec parameters ?): Immediate exit requested
[vf#0:0 @ 0000026201af4100] Error sending frames to consumers: Immediate exit requested
[vf#0:0 @ 0000026201af4100] Task finished with error code: -1414092869 (Immediate exit requested)
[vf#0:0 @ 0000026201af4100] Terminating thread with return code -1414092869 (Immediate exit requested)
[out#0/rtsp @ 0000026201aeaf80] Nothing was written into output file, because at least one of its streams received no packets.
frame=    0 fps=0.0 q=0.0 Lsize=       0KiB time=N/A bitrate=N/A speed=N/A
Exiting normally, received signal 2.


  


  Output of the command ffmpeg -list_devices true -f dshow -i dummy :

  


    built with gcc 13.2.0 (Rev5, Built by MSYS2 project)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-w32threads --disable-autodetect --enable-fontconfig --enable-iconv --enable-gnutls --enable-libxml2 --enable-gmp --enable-bzlib --enable-lzma --enable-libsnappy --enable-zlib --enable-librist --enable-libsrt --enable-libssh --enable-libzmq --enable-avisynth --enable-libbluray --enable-libcaca --enable-sdl2 --enable-libaribb24 --enable-libaribcaption --enable-libdav1d --enable-libdavs2 --enable-libuavs3d --enable-libxevd --enable-libzvbi --enable-librav1e --enable-libsvtav1 --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxeve --enable-libxvid --enable-libaom --enable-libjxl --enable-libopenjpeg --enable-libvpx --enable-mediafoundation --enable-libass --enable-frei0r --enable-libfreetype --enable-libfribidi --enable-libharfbuzz --enable-liblensfun --enable-libvidstab --enable-libvmaf --enable-libzimg --enable-amf --enable-cuda-llvm --enable-cuvid --enable-dxva2 --enable-d3d11va --enable-d3d12va --enable-ffnvcodec --enable-libvpl --enable-nvdec --enable-nvenc --enable-vaapi --enable-libshaderc --enable-vulkan --enable-libplacebo --enable-opencl --enable-libcdio --enable-libgme --enable-libmodplug --enable-libopenmpt --enable-libopencore-amrwb --enable-libmp3lame --enable-libshine --enable-libtheora --enable-libtwolame --enable-libvo-amrwbenc --enable-libcodec2 --enable-libilbc --enable-libgsm --enable-libopencore-amrnb --enable-libopus --enable-libspeex --enable-libvorbis --enable-ladspa --enable-libbs2b --enable-libflite --enable-libmysofa --enable-librubberband --enable-libsoxr --enable-chromaprint
  libavutil      59.  8.100 / 59.  8.100
  libavcodec     61.  3.100 / 61.  3.100
  libavformat    61.  1.100 / 61.  1.100
  libavdevice    61.  1.100 / 61.  1.100
  libavfilter    10.  1.100 / 10.  1.100
  libswscale      8.  1.100 /  8.  1.100
  libswresample   5.  1.100 /  5.  1.100
  libpostproc    58.  1.100 / 58.  1.100
[dshow @ 00000140f18d4200] "HD Camera" (video)
[dshow @ 00000140f18d4200]   Alternative name "@device_pnp_\\?\usb#vid_05c8&pid_03ea&mi_00#6&d0a8c55&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\global"
[dshow @ 00000140f18d4200] "Microphone (Realtek(R) Audio)" (audio)
[dshow @ 00000140f18d4200]   Alternative name "@device_cm_{33D9A762-90C8-11D0-BD43-00A0C911CE86}\wave_{06840D8D-1151-4D9C-B865-2FE01BFB9FD2}"
[in#0 @ 00000140f18ba640] Error opening input: Immediate exit requested
Error opening input file dummy.


  


  Output of the command ffmpeg -f dshow -list_options true -i video="HD Camera" :

  


    built with gcc 13.2.0 (Rev5, Built by MSYS2 project)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-w32threads --disable-autodetect --enable-fontconfig --enable-iconv --enable-gnutls --enable-libxml2 --enable-gmp --enable-bzlib --enable-lzma --enable-libsnappy --enable-zlib --enable-librist --enable-libsrt --enable-libssh --enable-libzmq --enable-avisynth --enable-libbluray --enable-libcaca --enable-sdl2 --enable-libaribb24 --enable-libaribcaption --enable-libdav1d --enable-libdavs2 --enable-libuavs3d --enable-libxevd --enable-libzvbi --enable-librav1e --enable-libsvtav1 --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs2 --enable-libxeve --enable-libxvid --enable-libaom --enable-libjxl --enable-libopenjpeg --enable-libvpx --enable-mediafoundation --enable-libass --enable-frei0r --enable-libfreetype --enable-libfribidi --enable-libharfbuzz --enable-liblensfun --enable-libvidstab --enable-libvmaf --enable-libzimg --enable-amf --enable-cuda-llvm --enable-cuvid --enable-dxva2 --enable-d3d11va --enable-d3d12va --enable-ffnvcodec --enable-libvpl --enable-nvdec --enable-nvenc --enable-vaapi --enable-libshaderc --enable-vulkan --enable-libplacebo --enable-opencl --enable-libcdio --enable-libgme --enable-libmodplug --enable-libopenmpt --enable-libopencore-amrwb --enable-libmp3lame --enable-libshine --enable-libtheora --enable-libtwolame --enable-libvo-amrwbenc --enable-libcodec2 --enable-libilbc --enable-libgsm --enable-libopencore-amrnb --enable-libopus --enable-libspeex --enable-libvorbis --enable-ladspa --enable-libbs2b --enable-libflite --enable-libmysofa --enable-librubberband --enable-libsoxr --enable-chromaprint
  libavutil      59.  8.100 / 59.  8.100
  libavcodec     61.  3.100 / 61.  3.100
  libavformat    61.  1.100 / 61.  1.100
  libavdevice    61.  1.100 / 61.  1.100
  libavfilter    10.  1.100 / 10.  1.100
  libswscale      8.  1.100 /  8.  1.100
  libswresample   5.  1.100 /  5.  1.100
  libpostproc    58.  1.100 / 58.  1.100
[dshow @ 000002670b4c12c0] DirectShow video device options (from video devices)
[dshow @ 000002670b4c12c0]  Pin "Capture" (alternative pin name "Capture")
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=1280x720 fps=30 max s=1280x720 fps=30
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=640x480 fps=30 max s=640x480 fps=30
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=640x360 fps=30 max s=640x360 fps=30
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=352x288 fps=30 max s=352x288 fps=30
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=320x240 fps=30 max s=320x240 fps=30
[dshow @ 000002670b4c12c0]   vcodec=mjpeg  min s=176x144 fps=30 max s=176x144 fps=30
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=1280x720 fps=10 max s=1280x720 fps=10
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=640x480 fps=30 max s=640x480 fps=30
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=640x360 fps=30 max s=640x360 fps=30
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=352x288 fps=30 max s=352x288 fps=30
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=320x240 fps=30 max s=320x240 fps=30
[dshow @ 000002670b4c12c0]   pixel_format=yuyv422  min s=176x144 fps=30 max s=176x144 fps=30
[in#0 @ 000002670b4aa200] Error opening input: Immediate exit requested
Error opening input file video=HD Camera.


  


  Please help me solve the issue or suggest a better approach.

  


• What Is Data Misuse & How to Prevent It ? (With Examples)

  13 mai 2024, par Erin

  Your data is everywhere. Every time you sign up for an email list, log in to Facebook or download a free app onto your smartphone, your data is being taken.

  This can scare customers and users who fear their data will be misused.

  While data can be a powerful asset for your business, it’s important you manage it well, or you could be in over your head.

  In this guide, we break down what data misuse is, what the different types are, some examples of major data misuse and how you can prevent it so you can grow your brand sustainably.

  What is data misuse ?

  Data is a good thing.

  It helps analysts and marketers understand their customers better so they can serve them relevant information, products and services to improve their lives.

  But it can quickly become a bad thing for both the customers and business owners when it’s mishandled and misused.

  

  Data misuse is when a business uses data outside of the agreed-upon terms. When companies collect data, they need to legally communicate how that data is being used. 

  Who or what determines when data is being misused ?

  Several bodies :

  • User agreements
  • Data privacy laws
  • Corporate policies
  • Industry regulations

  There are certain laws and regulations around how you can collect and use data. Failure to comply with these guidelines and rules can result in several consequences, including legal action.

  Keep reading to discover the different types of data misuse and how to prevent it.

  3 types of data misuse

  There are a few different types of data misuse.

  If you fail to understand them, you could face penalties, legal trouble and a poor brand reputation.

  

  1. Commingling

  When you collect data, you need to ensure you’re using it for the right purpose. Commingling is when an organisation collects data from a specific audience for a specific reason but then uses the data for another purpose.

  One example of commingling is if a company shares sensitive customer data with another company. In many cases, sister companies will share data even if the terms of the data collection didn’t include that clause.

  Another example is if someone collects data for academic purposes like research but then uses the data later on for marketing purposes to drive business growth in a for-profit company.

  In either case, the company went wrong by not being clear on what the data would be used for. You must communicate with your audience exactly how the data will be used.

  2. Personal benefit

  The second common way data is misused in the workplace is through “personal benefit.” This is when someone with access to data abuses it for their own gain.

  The most common example of personal benefit data muse is when an employee misuses internal data.

  While this may sound like each instance of data misuse is caused by malicious intent, that’s not always the case. Data misuse can still exist even if an employee didn’t have any harmful intent behind their actions. 

  One of the most common examples is when an employee mistakenly moves data from a company device to personal devices for easier access.

  3. Ambiguity

  As mentioned above, when discussing commingling, a company must only use data how they say they will use it when they collect it.

  A company can misuse data when they’re unclear on how the data is used. Ambiguity is when a company fails to disclose how user data is being collected and used.

  This means communicating poorly on how the data will be used can be wrong and lead to misuse.

  One of the most common ways this happens is when a company doesn’t know how to use the data, so they can’t give a specific reason. However, this is still considered misuse, as companies need to disclose exactly how they will use the data they collect from their customers.

  Laws on data misuse you need to follow

  Data misuse can lead to poor reputations and penalties from big tech companies. For example, if you step outside social media platforms’ guidelines, you could be suspended, banned or shadowbanned.

  But what’s even more important is certain types of data misuse could mean you’re breaking laws worldwide. Here are some laws on data misuse you need to follow to avoid legal trouble :

  General Data Protection Regulation (GDPR)

  The GDPR, or General Data Protection Regulation, is a law within the European Union (EU) that went into effect in 2018.

  The GDPR was implemented to set a standard and improve data protection in Europe. It was also established to increase accountability and transparency for data breaches within businesses and organisations.

  The purpose of the GDPR is to protect residents within the European Union.

  The penalties for breaking GDPR laws are fines up to 20 million Euros or 4% of global revenues (whatever the higher amount is).

  The GDPR doesn’t just affect companies in Europe. You can break the GDPR’s laws regardless of where your organisation is located worldwide. As long as your company collects, processes or uses the personal data of any EU resident, you’re subject to the GDPR’s rules.

  If you want to track user data to grow your business, you need to ensure you’re following international data laws. Tools like Matomo—the world’s leading privacy-friendly web analytics solution—can help you achieve GDPR compliance and maintain it.

  With Matomo, you can confidently enhance your website’s performance, knowing that you’re adhering to data protection laws. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  California Consumer Privacy Act (CCPA)

  The California Consumer Privacy Act (CCPA) is another important data law companies worldwide must follow.

  Like GDPR, the CCPA is a data privacy law established to protect residents of a certain region — in this case, residents of California in the United States.

  The CCPA was implemented in 2020, and businesses worldwide can be penalised for breaking the regulations. For example, if you’re found violating the CCPA, you could be fined $7,500 for each intentional violation.

  If you have unintentional violations, you could still be fined, but at a lesser fee of $2,500.

  The Gramm-Leach-Bliley Act (GLBA)

  If your business is located within the United States, then you’re subject to a federal law implemented in 1999 called The Gramm-Leach-Bliley Act (GLB Act or GLBA).

  The GLBA is also known as the Financial Modernization Act of 1999. Its purpose is to control the way American financial institutions handle consumer data. 

  In the GLBA, there are three sections :

  1. The Financial Privacy Rule : regulates the collection and disclosure of private financial data.
  2. Safeguards Rule : Financial institutions must establish security programs to protect financial data.
  3. Pretexting Provisions : Prohibits accessing private data using false pretences.

  The GLBA also requires financial institutions in the U.S. to give their customers written privacy policy communications that explain their data-sharing practices.

  4 examples of data misuse in real life

  If you want to see what data misuse looks like in real life, look no further.

  Big tech is central to some of the biggest data misuses and scandals.

  

  Here are a few examples of data misuse in real life you should take note of to avoid a similar scenario :

  1. Facebook election interference

  One of history’s most famous examples of data misuse is the Facebook and Cambridge Analytica scandal in 2018.

  During the 2018 U.S. midterm elections, Cambridge Analytica, a political consulting firm, acquired personal data from Facebook users that was said to have been collected for academic research.

  Instead, Cambridge Analytica used data from roughly 87 million Facebook users. 

  This is a prime example of commingling.

  The result ? Cambridge Analytica was left bankrupt and dissolved, and Facebook was fined $5 billion by the Federal Trade Commission (FTC).

  2. Uber “God View” tracking

  Another big tech company, Uber, was caught misusing data a decade ago. 

  Why ?

  Uber implemented a new feature for its employees in 2014 called “God View.”

  The tool enabled Uber employees to track riders using their app. The problem was that they were watching them without the users’ permission. “God View” lets Uber spy on their riders to see their movements and locations.

  The FTC ended up slapping them with a major lawsuit, and as part of their settlement agreement, Uber agreed to have an outside firm audit their privacy practices between 2014 and 2034.

  

  3. Twitter targeted ads overstep

  In 2019, Twitter was found guilty of allowing advertisers to access its users’ personal data to improve advertisement targeting.

  Advertisers were given access to user email addresses and phone numbers without explicit permission from the users. The result was that Twitter ad buyers could use this contact information to cross-reference with Twitter’s data to serve ads to them.

  Twitter stated that the data leak was an internal error. 

  4. Google location tracking

  In 2020, Google was found guilty of not explicitly disclosing how it’s using its users’ personal data, which is an example of ambiguity.

  The result ?

  The French data protection authority fined Google $57 million.

  8 ways to prevent data misuse in your company

  Now that you know the dangers of data misuse and its associated penalties, it’s time to understand how you can prevent it in your company.

  

  Here are eight ways you can prevent data misuse :

  1. Track data with an ethical web analytics solution

  You can’t get by in today’s business world without tracking data. The question is whether you’re tracking it safely or not.

  If you want to ensure you aren’t getting into legal trouble with data misuse, then you need to use an ethical web analytics solution like Matomo.

  With it, you can track and improve your website performance while remaining GDPR-compliant and respecting user privacy. Unlike other web analytics solutions that monetise your data and auction it off to advertisers, with Matomo, you own your data.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  2. Don’t share data with big tech

  As the data misuse examples above show, big tech companies often violate data privacy laws.

  And while most of these companies, like Google, appear to be convenient, they’re often inconvenient (and much worse), especially regarding data leaks, privacy breaches and the sale of your data to advertisers.

  Have you ever heard the phrase : “You are the product ?” When it comes to big tech, chances are if you’re getting it for free, you (and your data) are the products they’re selling.

  The best way to stop sharing data with big tech is to stop using platforms like Google. For more ideas on different Google product alternatives, check out this list of Google alternatives.

  3. Identity verification 

  Data misuse typically isn’t a company-wide ploy. Often, it’s the lack of security structure and systems within your company. 

  An important place to start is to ensure proper identity verification for anyone with access to your data.

  4. Access management

  After establishing identity verification, you should ensure you have proper access management set up. For example, you should only give specific access to specific roles in your company to prevent data misuse.

  5. Activity logs and monitoring

  One way to track data misuse or breaches is by setting up activity logs to ensure you can see who is accessing certain types of data and when they’re accessing it.

  You should ensure you have a team dedicated to continuously monitoring these logs to catch anything quickly.

  6. Behaviour alerts 

  While manually monitoring data is important, it’s also good to set up automatic alerts if there is unusual activity around your data centres. You should set up behaviour alerts and notifications in case threats or compromising events occur.

  7. Onboarding, training, education

  One way to ensure quality data management is to keep your employees up to speed on data security. You should ensure data security is a part of your employee onboarding. Also, you should have regular training and education to keep people informed on protecting company and customer data.

  8. Create data protocols and processes 

  To ensure long-term data security, you should establish data protocols and processes. 

  To protect your user data, set up rules and systems within your organisation that people can reference and follow continuously to prevent data misuse.

  Leverage data ethically with Matomo

  Data is everything in business.

  But it’s not something to be taken lightly. Mishandling user data can break customer trust, lead to penalties from organisations and even create legal trouble and massive fines.

  You should only use privacy-first tools to ensure you’re handling data responsibly.

  Matomo is a privacy-friendly web analytics tool that collects, stores and tracks data across your website without breaking privacy laws.

  With over 1 million websites using Matomo, you can track and improve website performance with :

  • Accurate data (no data sampling)
  • Privacy-friendly and compliant with privacy regulations like GDPR, CCPA and more
  • Advanced features like heatmaps, session recordings, A/B testing and more

  Try Matomo free for 21-days. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• A Guide to GDPR Sensitive Personal Data

  13 mai 2024, par Erin

  The General Data Protection Regulation (GDPR) is one of the world’s most stringent data protection laws. It provides a legal framework for collection and processing of the personal data of EU individuals.

  The GDPR distinguishes between “special categories of personal data” (also referred to as “sensitive”) and other personal data and imposes stricter requirements on collection and processing of sensitive data. Understanding these differences will help your company comply with the requirements and avoid heavy penalties.

  In this article, we’ll explain what personal data is considered “sensitive” according to the GDPR. We’ll also examine how a web analytics solution like Matomo can help you maintain compliance.

  What is sensitive personal data ?

  The following categories of data are treated as sensitive :

  1. 1. Personal data revealing :
        • Racial or ethnic origin ;
        • Political opinions ;
        • Religious or philosophical beliefs ;
        • Trade union membership ;
     2. Genetic and biometric data ;
     3. Data concerning a person’s :
        • Health ; or
        • Sex life or sexual orientation.

  

  Sensitive vs. non-sensitive personal data : What’s the difference ?

  While both categories include information about an individual, sensitive data is seen as more private, or requiring a greater protection. 

  Sensitive data often carries a higher degree of risk and harm to the data subject, if the data is exposed. For example, a data breach exposing health records could lead to discrimination for the individuals involved. An insurance company could use the information to increase premiums or deny coverage. 

  In contrast, personal data like name or gender is considered less sensitive because it doesn’t carry the same degree of harm as sensitive data. 

  Unauthorised access to someone’s name alone is less likely to harm them or infringe on their fundamental rights and freedoms than an unauthorised access to their health records or biometric data. Note that financial information (e.g. credit card details) does not fall into the special categories of data.

  

  Legality of processing

  Under the GDPR, both sensitive and nonsensitive personal data are protected. However, the rules and conditions for processing sensitive data are more stringent.

  Article 6 deals with processing of non-sensitive data and it states that processing is lawful if one of the six lawful bases for processing applies. 

  In contrast, Art. 9 of the GDPR states that processing of sensitive data is prohibited as a rule, but provides ten exceptions. 

  It is important to note that the lawful bases in Art. 6 are not the same as exceptions in Art. 9. For example, while performance of a contract or legitimate interest of the controller are a lawful basis for processing non-sensitive personal data, they are not included as an exception in Art. 9. What follows is that controllers are not permitted to process sensitive data on the basis of contract or legitimate interest. 

  The exceptions where processing of sensitive personal data is permitted (subject to additional requirements) are : 

  • Explicit consent : The individual has given explicit consent to processing their sensitive personal data for specified purpose(s), except where an EU member state prohibits such consent. See below for more information about explicit consent. 
  • Employment, social security or social protection : Processing sensitive data is necessary to perform tasks under employment, social security or social protection law.
  • Vital interests : Processing sensitive data is necessary to protect the interests of a data subject or if the individual is physically or legally incapable of consenting. 
  • Non-for-profit bodies : Foundations, associations or nonprofits with a political, philosophical, religious or trade union aim may process the sensitive data of their members or those they are in regular contact with, in connection with their purposes (and no disclosure of the data is permitted outside the organisation, without the data subject’s consent).
  • Made public : In some cases, it may be permissible to process the sensitive data of a data subject if the individual has already made it public and accessible. 
  • Legal claims : Processing sensitive data is necessary to establish, exercise or defend legal claims, including legal or in court proceedings.
  • Public interest : Processing is necessary for reasons of substantial public interest, like preventing unlawful acts or protecting the public.
  • Health or social care : Processing special category data is necessary for : preventative or occupational medicine, providing health and social care, medical diagnosis or managing healthcare systems.
  • Public health : It is permissible to process sensitive data for public health reasons, like protecting against cross-border threats to health or ensuring the safety of medicinal products or medical devices. 
  • Archiving, research and statistics : You may process sensitive data if it’s done for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

  In addition, you must adhere to all data handling requirements set by the GDPR.

  Important : Note that for any data sent that you are processing, you always need to identify a lawful basis under Art. 6. In addition, if the data sent contains sensitive data, you must comply with Art. 9.

  Explicit consent

  While consent is a valid lawful basis for processing non-sensitive personal data, controllers are permitted to process sensitive data only with an “explicit consent” of the data subject.

  The GDPR does not define “explicit” consent, but it is accepted that it must meet all Art. 7 conditions for consent, at a higher threshold. To be “explicit” a consent requires a clear statement (oral or written) of the data subject. Consent inferred from the data subject’s actions does not meet the threshold. 

  The controller must retain records of the explicit consent and provide appropriate consent withdrawal method to allow the data subject to exercise their rights.

  Examples of compliant and non-compliant sensitive data processing

  Here are examples of when you can and can’t process sensitive data :

  • When you can process sensitive data : A doctor logs sensitive data about a patient, including their name, symptoms and medicine prescribed. The hospital can process this data to provide appropriate medical care to their patients. An IoT device and software manufacturer processes their customers’ health data based on explicit consent of each customer. 
  • When you can’t process sensitive data : One example is when you don’t have explicit consent from a data subject. Another is when there’s no lawful basis for processing it or you are collecting personal data you simply do not need. For example, you don’t need your customer’s ethnic origin to fulfil an online order.

  Other implications of processing sensitive data

  If you process sensitive data, especially on a large scale, GDPR imposes additional requirements, such as having Data Privacy Impact Assessments, appointing Data Protection Officers and EU Representatives, if you are a controller based outside the EU.

  Penalties for GDPR non-compliance

  Mishandling sensitive data (or processing it when you’re not allowed to) can result in huge penalties. There are two tiers of GDPR fines :

  • €10 million or 2% of a company’s annual revenue for less severe infringements
  • €20 million or 4% of a company’s annual revenue for more severe infringements

  In the first half of 2023 alone, fines imposed in the EU due to GDPR violations exceeded €1.6 billion, up from €73 million in 2019.

  Examples of high-profile violations in the last few years include :

  • Amazon : The Luxembourg National Commission fined the retail giant with a massive $887 million fine in 2021 for not processing personal data per the GDPR. 
  • Google : The National Data Protection Commission (CNIL) fined Google €50 million for not getting proper consent to display personalised ads.
  • H&M : The Hamburg Commissioner for Data Protection and Freedom of Information hit the multinational clothing company with a €35.3 million fine in 2020 for unlawfully gathering and storing employees’ data in its service centre.

  One of the criteria that affects the severity of a fine is “data category” — the type of personal data being processed. Companies need to take extra precautions with sensitive data, or they risk receiving more severe penalties.

  What’s more, GDPR violations can negatively affect your brand’s reputation and cause you to lose business opportunities from consumers concerned about your data practices. 76% of consumers indicated they wouldn’t buy from companies they don’t trust with their personal data.

  Organisations should lay out their data practices in simple terms and make this information easily accessible so customers know how their data is being handled.

  Get started with GDPR-compliant web analytics

  The GDPR offers a framework for securing and protecting personal data. But it also distinguishes between sensitive and non-sensitive data. Understanding these differences and applying the lawful basis for processing this data type will help ensure compliance.

  Looking for a GDPR-compliant web analytics solution ?

  At Matomo, we take data privacy seriously. 

  Our platform ensures 100% data ownership, putting you in complete control of your data. Unlike other web analytics solutions, your data remains solely yours and isn’t sold or auctioned off to advertisers. 

  Additionally, with Matomo, you can be confident in the accuracy of the insights you receive, as we provide reliable, unsampled data.

  Matomo also fully complies with GDPR and other data privacy laws like CCPA, LGPD and more.

  Start your 21-day free trial today ; no credit card required. 

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now