There was a time where CCTV systems were of a very poor quality and were rather expensive and were therefore limited to commercial premises. However it is now possible to get reasonably good quality CCTV cameras for less than £20 and as such there has been a steady rise in the number of homeowners installing CCTV cameras to help with home security.
Article 2 of the General Data Protection Regulation (GDPR) sets out the Regulation’s material scope; it includes a carve-out for processing of personal data “by a natural person in the course of a purely personal or household activity.” This replicates the language of the Directive which the GDPR replaces and which was reflected in section 36 of the Data Protection Act 1998 (the “domestic purposes” exemption).
On the face of it a home operated CCTV system seems to fall squarely within the scope of the carve-out for personal and household activities in Article 2 of the GDPR; however, the case law which interpreted the old Directive adds some complexity to matters. The placing of a home CCTV system is of particular importance; in particular, what is caught by the camera. If the camera is placed incorrectly then it can result in individuals falling outside of the carve-out in Article 2 of the GDPR and becoming a controller; with all of the liability and responsibility that this entails.
Domestic CCTV can be particularly useful in situations where there are neighbour disputes or where there is allegations of harassment; however, equally these are situations where a particular risk in terms of data protection law enters into the equation.
The issue of the use of domestic CCTV is something that I am increasingly being asked to advise on by clients; both the owners of the CCTV system and their neighbours. Invariably, there are issues that require to be resolved about the use of the domestic CCTV systems in these circumstances.
The matter has never been tested under the GDPR; however, given that the relevant provisions are substantially the same it seems likely that the cases decided under the older Directive and the now repealed Data Protection Act 1998 remain of relevance and will very likely be followed by the courts. Care should therefore be taken when installing domestic CCTV systems to ensure that you can continue to rely upon the domestic purposes exemption and not accidentally incur liability to third parties. People are becoming increasingly more privacy aware and concerned and as such it is becoming more important for domestic CCTV users to become aware of the limits of the domestic purposes exemption and how to avoid incurring liability under data protection laws.
If you require advice and assistance in respect of the use of CCTV by individuals or business; or any other data protection or privacy law concern; then you can contact our team on 0141 229 0880 or by E-mail to firstname.lastname@example.org. You can also follow our dedicated information law twitter account for news and updates on a range of information law matters.