Is it ever OK to photograph strangers on a train? asks Nell Frizzell, in a balanced, and nuanced, article in the Guardian
one new public transport phenomenon has recently crashed into my consciousness. Tumblr accounts dedicated to secretly photographing, uploading and then critiquing fellow commuters, have spored like bed bugs on a bus seat.
She correctly points out that domestic law, even to the extent that it gives effect to Article 8 of the European Convention on Human Rights, does not prevent, in general terms, the act of photographing an individual without their consent.
However, the practice she describes, of uploading photographs to social media sites, does engage, and, I would argue, breach, the Data Protection Act 1998 (DPA).
An image of a person is potentially (and in these specific cases almost certainly) their personal data (particularly bearing in mind the observation by the Court of Appeal in Durant v Financial Services Authority [2003] EWCA Civ 1746 that for information to be personal data it “should have the putative data subject as its focus”). The DPA contains an exemption (at section 36) from all the provisions of the DPA for processing of personal data by an individual for the purposes of that individual’s personal, family or household affairs (including recreational purposes) (the “domestic purposes exemption”). It is possible, although arguable, that the mere taking (and no more) of a photograph of someone on a train, would be caught by this exemption. However, once such a photograph is uploaded to the internet, the exemption falls away. This is because the European Court of Justice held, in a 2003 ruling that binds all inferior courts, that personal data posted on the internet could not be caught by the domestic purposes exemption (Lindqvist (Approximation of laws) [2003] EUECJ C-101/01).
That said, the Information Commissioner’s Office (ICO), which regulates the DPA in the UK, has shown reluctance to accept this authoritative statement of the law regarding the online processing of personal data. I have previously written about this, in the context of the ICO’s social media DPA guidance, which sidesteps (or, rather, ignores) the point. However, it might be more difficult for a domestic court (bound by the authority of Lindqvist) to ignore it in the same way, in the event that any case came before one for determination.
But therein lies the (lack of) rub. Uploading a photograph, without consent, of someone sleeping on a train is unfair, and therefore in breach of the first Data Protection Principle (because no Schedule 2 condition exists which permits the processing). But I struggle to imagine the chain of events which could give rise to a claim (for instance, the data subject would have to contact the photographer, or the site, to require them to cease processing on the grounds that doing so was causing, or was likely to cause, substantial damage or substantial distress, and the photographer, or site, would have to refuse).
So, ultimately, even though I’d argue that these sites, and those who upload to them, breach the DPA, the unwillingness of the ICO to exercise jurisdiction, and the unlikelihood of any legal claim emerging, mean that they can probably continue with impunity, unfairness notwithstanding.
As photographer Paul Clarke said in an excellent blogpost on the subject earlier this year
Sticking to rigid rules of law won’t help us very much. This might feel (it does to me) like gross intrusion on privacy. But being offensive is not enough to make something an offence.
informationrightsandwrongs 
I can’t disagree, nor can I agree. How’s that for clarity of thought?
In any event, I wonder about two things. One, Google et al put photographs of people online without any sort of notification – unless you count the Streetview vehicles as some sort of notice. Does that fit your definition of a violation?
Two, trains are private property, and commercial space as distinct from public space. Privatised city plazas have banned photography in some instances, but in general, photos taken in public space are eminently publishable, with a couple of exceptions. So unless there’s some caveat in law that says public transport is subject to the same rules as public space, I’d think a train carriage is potentially private space for these purposes.
To be honest, if I’m right (and I think I am, of course) thousands of contraventions of the DPA happen all the time. No one can regulate the internet effectively, and there is an argument that data protection law in its current form simply doesn’t fit with modern online activity. This is one of the reasons the European parliament is proposing to pass new data protection legislation (see the end of my post on ICO’s Social media guidance).
As for Google et al, well, they’re Google et al, aren’t they? Very difficult to take action against, especially if the will is lacking, which I suspect it is in the UK.
Interesting point about public/private space on trains. I haven’t really though about it. Maybe I will, but I take issue (for the same reasons given in the blog post) with your “eminently publishable” comment about public space. Although ultimately the point was narrowly lost, Naomi Campbell’s argument in her litigation against MGN was that DPA (and Article 8) protected her participation in private activity in a public space. See also, in the European arena, Peck v UK, and the Hannover cases.
I have always wondered how the dreadful TV programmes involving police and accused are able to broadcast the scenes without consent, and especially where no wrongdoing was proven.
Any pixelation (which is seldomly used) isnt effective and an arrest on TV could have disasterous consequences for employment etc.
Again, similar arguments apply.
So how do the TV programmes get away with it? (other than the individuals not having the cash to fund legal counsel to fight their cause).
I touch on this in my post here https://informationrightsandwrongs.com/2013/08/06/on-the-tweet-where-you-live/
I think the programmes get away with it because no one challenges them. They would possibly also have the benefit of the special purposes exemption at s32 DPA.
Indeed, journalistic purposes arent absolute as the cases of Murray, Campbell and Mosley illustrate.
I do hope to read a case at some point where someone is arrested, filmed, released without charge and then counter charges the police / TV programme for an unwarranted invasion of privacy – I cant see how for example filming in a station even comes close to being warranted.
Will take a look at the previous post.
Great blog btw, always well constructed and reasoned articles, very enjoyable.
The people who take identifiable pictures of strangers and then publish them on the internet are processing personal data and should be obliged to comply with the Data Protection Act 1998 by the Information Commissioner. They should have to hand out fair processing, notify, respond to subject access requests and have security contracts with their processors (the websites who publish their photographs). It’s a sign of the ICO’s cowardice and lack of rigour that they run away from the truth because it’s so inconvenient. Lindqvist happened more than ten years ago, when this kind of casual, non-journalistic or artistic uploading of images was unusual and ICO action might have altered people’s behaviour.
The people who take these photographs are, more importantly, rude, intrusive and vulgar people who should mind their own business. The business is a small but depressing sign of a society gradually losing respect for itself and descending into a mindless vacuum of LOLZ.