[PeterisP]

In the licence plate situation the point would be that this isn't personal data, and thus the data protection directive and the consent requirement doesn't apply.

In the motorcycle example, there is no personal data involved whatsoever - it's just a photo that some motorcycle was there; again, DPD doesn't restrict anything at all for such cases.

[gnerd]

Did you read my comment or just scan the second paragraph and assume I was saying license plates weren't public data? I was talking about automated decision making using collected data, I was not saying license plates were or were not public information (in fact, I have previously made some of the same points you are, that a license plate is public information and that an individual has no expectation of privacy in public).

So if a private company were to automate the collection of license plates and therefore have a trove of information that included times and places a car was and then that system was to grow so that insurance companies used that information so rates could be calculated through Bayesian classification using that data to determine risk, then that would be an automated decision based on that data AND THAT is protected (in theory) by that directive and the laws based on it in the member states.

That was the point of my comment. Automated decisions are protected unless you consent to them.

[PeterisP]

Okay, yes, automated decisions are prohibited in EU when based on unverified, unconsented data - that still doesn't prohibit from automatically gathering that data without consent, storing it forever, distributing it to third parties, and having then some human be interested or prejudiced to you based on that info.

[gnerd]

Yep. All of that could happen as far as I can see, which again, is why my comment was specifically talking about automated decision making.