PROJECT General Data Protection Regulation
_VOID Nomadic Gallery
GDPR & Data Protection Statement
Project: Fragility in the Eye of the Beholder (The Wrong Biennale 2025–26)
Duration: Online Pavilion (1 Nov 2025–31 Mar 2026) + Embassies: Glasgow (Nov 2025) & Aberdeen (Mar 2026)
Controller: _VOID Nomadic Gallery (artist-run)
Scope: Online interactive experience (optional camera access) and two public window displays using a live video feed.

Document link: This GDPR & Data Protection Statement is available publicly by the link.

1) Our legal basis & principles
We process personal data only where strictly necessary and with freely given, specific, informed and unambiguous consent (UK GDPR Art. 6(1)(a)).
We adhere to the core principles of the UK GDPR and the Data Protection Act 2018, including:
  • Lawfulness, fairness, and transparency
  • Purpose limitation — personal data are used only for stated artistic and administrative purposes
  • Data minimisation — only the data necessary to deliver the project are handled
  • Storage limitation — data are kept only for the duration of the project
  • Integrity and confidentiality — secure storage and restricted access
  • Accountability — we maintain clear internal responsibility for all data practices
  • These standards are embedded within _VOID Nomadic Gallery’s operational policy and align with the expectations outlined by Creative Scotland, the Information Commissioner’s Office (ICO), and the Data (Use and Access) Act 2025 (DUAA).

2) What we do (and don’t do)
A. Online Pavilion (browser-based interaction)
  • Visitors choose Observer (no camera) or Observed (camera).
  • If choosing Observed, the browser permission prompt appears; users may Allow or Block. Declining redirects to the Observer view.
  • No recording, transmission or storage of the camera feed occurs; processing is local in the browser via Cables.gl.
  • The live image is distorted/anonymised in real time (generative filters) to prevent identification.
  • Clear notice appears: “You are not being recorded.”
B. Offline Embassies (window installations)
  • A camera near the display provides a live, real-time feed.
  • OpenCV face detection is used solely to overlay colour blocks over detected faces; there is no facial recognition, profiling, or biometric identification.
  • No images or footage are recorded or stored.
  • Prominent signage states:
CCTV-style live feed (artwork)
No images are recorded or stored. Faces are masked in real time. Part of the exhibition “Fragility in the Eye of the Beholder” by _VOID Nomadic Gallery.
C. Artist submissions and stored works
  • We collect artworks and accompanying information from participating artists with their explicit consent.
  • These files are securely stored only for the duration of the exhibition period to enable presentation and documentation.
  • After the project concludes (April 2026), all submitted materials will be deleted unless artists request or authorise continued display elsewhere.
  • No personal or creative data is shared with third parties without additional consent.

3) Purpose and artistic context
Fragility in the Eye of the Beholder is an artistic and critical inquiry into contemporary systems of surveillance, control, recognition, and data collection.
The interactive formats—both online and offline—serve as metaphors and provocations, not as mechanisms for gathering or storing data.
The project uses the aesthetics and interfaces of observation to question the conditions of visibility and consent in digital culture.

4) Why a DPIA is not required
Our internal assessment found that this project does not meet ICO thresholds for a mandatory Data Protection Impact Assessment:
  • no large-scale or systematic monitoring,
  • no biometric identification or profiling,
  • real-time data are anonymised and not stored.
  • We will review and update this position if the scope of processing changes.

5) Security & retention
  • No live feed is stored anywhere locally or remotely.
  • Artist submissions and administrative files are stored in encrypted, password-protected drives and deleted after the project’s conclusion.
  • Only core team members (project leads) have access.
  • We maintain logs of access and deletion actions to ensure accountability.

6) Data subject rights
Where personal data are held (e.g., artist submissions), individuals may:
  • request access, correction, or deletion;
  • withdraw consent at any time;
  • contact the ICO if concerns arise.
  • All inquiries: voidnomadic.gallery[at]gmail.com
  • FAO: Andrey Chugunov & Olesya Ilenok, Project Leads

7) Compliance references
  • UK GDPR & Data Protection Act 2018
  • Data (Use and Access) Act 2025
  • ICO Guidance on Video Surveillance (including CCTV)
  • Creative Scotland & Screen Scotland Data Protection Policy (2024)
ABOUT THE PROJECT
👁️