Prior to transferring audio data to a third-party recipient, it may be necessary for portions of the audio data to be redacted for security or privacy purposes, e.g., to anonymise the audio with regard to the audio data subject(s) or any other personal data included (see BP 5).
Redaction should be handled in the same way as enhancement of audio data (per BP 15), meaning any redaction of audio data must be performed on a duplicate copy—not on the original copy—and should be duly documented in accordance with BP 3.
The metadata of any redacted duplicate copy should be similarly redacted. For example, the respective transcript and, where applicable, translation(s), should mirror the audio redaction with a visual redaction, for example, with a black rectangle, or by replacing the relevant word(s) with ‘[REDACTED]’.
The Collector should assess the necessity of redactions prior to the transfer of audio data in accordance with the data transfer risk assessment (see BP 20). The Collector should additionally assess the extent to which, in the event the audio is tendered as evidence, the redaction of names and other identifying information might affect the fair trial rights of an accused who typically has the right to such information.
Tech Specs & Resources
Tools to anonymise data include, e.g., noise addition; speech transformation; voice conversion. Refer to BP 5, Technical Specifications + Resources.
An example of an approach to cryptography is zero-knowledge proofs, which are a class of cryptographic protocols that offer a way to verify secret information while keeping the information itself otherwise hidden. See e.g., K. Bamberger et al, Verification Dilemmas in Law and the Promise of Zero-Knowledge Proofs (2022), which provides both a technical primer and case studies about verification/authentication of the zero-knowledge mathematical demonstrations in legal spaces.**
Legal Framework
See section 4.2.2. on the three-part test for determining whether an interference with the right to privacy is justified, and in particular section 4.2.2.B. on the necessity aspect of this test.
See section 4.2.4.B. on ‘Data Protection Measures’ under the GDPR.
See section 4.3. detailing the rights of accused persons in connection with the right to a fair trial, in particular the right to be given exculpatory material.
Applicable Ethical Principles Do No Harm