Tag Archives: CCTV

September 3, 2024 · 7:03 am

CCTV and commercial property leases

[reposted from LinkedIn]

There is a minor, but interesting, data protection point in this judgment on a dispute between a landlord and commercial tenant about a lease.

The claimant was a dentist who had become suspended and therefore could not practise as a fully registered dentist in accordance with the terms of the lease. The dispute was about whether she had done so, and, if so, whether the court should grant relief from forfeiture (it did, on the facts).

The claimant also sought and was granted a declaration, in relation to the landlord’s siting of internal CCTV cameras, “that the processing of the claimant’s data by the defendant is unlawful and breached the provisions of the Data Protection Act 2018 and the regulations [sic] relating thereto”. 

The evidence was that “a CCTV camera was installed by the defendant by being affixed to the door frame above the entrance to the toilets in the building, on the same floor as the room let to the claimant, pointing at the stairs and the door to the claimant’s…premises”. Although the defendant landlord claimed that “the CCTV was placed there for the legitimate purpose of monitoring those going to the building’s toilets”(!), the judge did not accept that: “as it was placed, [it] had a distinct view of the entrance to the claimant’s room, and, when it was opened, into the room itself. There is no real reason why it could not have been so positioned to exclude that, or why indeed it could not have been located to point in the opposite direction to monitor those coming out of the toilet area door[!]… it was an attempt to monitor who was attending the claimant’s room and its use.”

Unfortunately, the judge does not appear to have made findings as to what precisely were the infringements of the data protection law (one notes that the declaration was sought only in respect of the claimant’s own data, and not of those attending her premises, but the finding appears to be in respect of both). 

So, as I say, a minor point, but interesting. Landlords, even in commercial property agreements (and disputes arising), should not simply assume they have the right to place CCTV on their property in such a way as it infringes the data protection rights of individuals using the property (whether they be tenants, employees of tenants, or the tenant’s visitors).

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

2 Comments

Filed under CCTV, Data Protection, judgments, property dispute, Uncategorized

Tagged as ,

July 8, 2023 · 9:03 am

ICO guidance on domestic CCTV – more hindrance than help

An article in the Mail on the use of connected doorbells has led me again to one of the oddest pages on the ICO’s website, on the use of domestic CCTV. Odd, because (behoven to the outdated, and frankly somewhat silly, decision of the CJEU in the 2014 Ryneš case) it approaches the issue on the basis that if a camera captures footage outside the curtilage of one’s home, then the home owner cannot avail themselves of the carve-out from the UK GDPR (at Article 2(2)) for “processing of personal data by an individual in the course of a purely personal or household activity”. But the law says nothing at all about the location or visual range of cameras – it is all about the processing purposes.

Also odd is that the ICO goes on to say that people operating CCTV that captures footage beyond their home’s curtilage will be required to comply with data subject rights (such as providing a privacy notice, and responding to access/erasure/stop requests). But, says the ICO, “we probably won’t do anything if people ignore us”:

You can complain to us when a user of domestic CCTV doesn’t follow the rules. We can send a letter asking them to resolve things, eg put up the appropriate signage or respond to data protection requests. 

There is a limited amount of action the ICO can take after this point to make the person comply. It is highly unlikely the ICO will consider it fair or balanced to take enforcement action against a domestic CCTV user.

But oddest of all, the ICO says:

“These rules only apply to fixed cameras. They do not cover roaming cameras, such as drones or dashboard cameras (dashcams) as long as the drone or dashcam is used only for your domestic or household purposes”

I simply don’t understand this distinction between fixed cameras and “roaming” cameras, despite the fact that the ICO states that “data protection law” says this. I’m unaware of any law that provides a basis for the assertion (if anyone knows, please let me know). I would, in fact, be prepared to mount an argument that “roaming” cameras are more, or have the potential to be more, intrusive on others’ rights than fixed cameras.

The Article 2(2) “purely personal or household activity” carve-out is a complex provision, and one that has got the ICO into choppy waters in the past (see the trenchant criticism of Tugendhat J in the “Solicitors from Hell” litigation, at paras 93-101, which considered the similar carve-out under the prior law). There are some very interesting questions and arguments to be considered (especially when the gloss provided by recital 18 is taken into account, with its reference to online personal or household activities also being outwith the material scope of the law). However, the ICO’s guidance here will likely serve only to confuse most householders, and – I suspect – has the potential in some cases to escalate private disputes.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under CCTV, GDPR, Information Commissioner, material scope, privacy notice, surveillance, UK GDPR

Tagged as , , , , ,

August 10, 2022 · 8:11 am

No, 43% of retail businesses have NOT been fined for CCTV breaches

A bizarre news story is doing the rounds, although it hasn’t, as far as I can see, hit anything other than specialist media. An example is here, but all the stories contain similar wording, strongly suggesting that they have picked up on and reported on a press release from the company (“Secure Redact”) that undertook the research behind the story.

We are told that

research reveals that 43% of UK retailers reported that they had been fined for a violation of video surveillance GDPR legislation…Of these retailers, 37% reported paying an equivalent of 2% of their annual turnover, 30% said the fine amounted to 3% of annual turnover, and 15% said the fine was 45% [sic] of annual turnover…A staggering 33% of those fined also had to close stores as a result of enforcement action

The research was apparently based on a survey of 500 respondents in retail businesses (50% in businesses with less than 250 employees, 50% in businesses with more than 250).

What is distinctly odd about this is that since GDPR has been in force in the UK, including since it has become – post-Brexit – UK GDPR, there has been a sum total of zero fines imposed by the Information Commissioner in respect of CCTV. 43% of retail businesses have not been fined for CCTV infringements – 0% have.

You can check here (direct link to .csv file) if you doubt me.

It’s difficult to understand what has gone wrong here: maybe the survey questions weren’t clear enough for the respondents or maybe the researchers misinterpreted the data.

Whatever the reasons behind the stories, those in the retail sector – whilst they should certainly ensure they install and operate CCTV in compliance with GDPR/UK GDPR – should not be alarmed that there is a massive wave of enforcement action on the subject which threatens to put some of them out of business.

Because there isn’t.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under CCTV, GDPR, Information Commissioner, monetary penalty notice, UK GDPR

Tagged as , , ,