The Information Commissioner’s Office has warned CCTV operators that surveillance cameras must only be used as a necessary and proportionate response to a real and pressing problem.
The warning comes on the same day that the Information Commissioner’s Office (ICO) has published its updated CCTV Code of Practice. The update includes a look at the data protection requirements placed on the operators of new and emerging surveillance technologies, including drones and body-worn video cameras.
“The UK is one of the leading users of CCTV and other surveillance technologies in the world,” said Jonathan Bamford, the ICO’s head of strategic liaison. “The technology on the market today is able to pick out even more people to be recorded in ever greater detail. In some cases, that detail can then be compared with other databases, for instance when Automatic Number Plate Recognition (ANPR) is used. This realises new opportunities for tackling problems such as crime, but also poses potential threats to privacy if cameras are just being used to record innocent members of the public without good reason.”
Bamford added: “Surveillance cameras should not be deployed as a quick fix, but rather as a proportionate response to a real and pressing problem. Installing surveillance cameras or technology like ANPR and body-worn video is often seen as the first option, but before deploying such systems we need to understand the problem and whether that’s an effective and proportionate solution. Failure to conduct proper privacy impact assessments in advance has been a common theme in our enforcement cases.”
Updated Code of Practice: the detail
The updated Code of Practice explains how CCTV and other forms of camera surveillance can be used to process people’s information. The guidance details the issues that operators should consider before installing such surveillance technology, the measures that companies should have in place to make sure an excessive amount of personal information isn’t being collected and the steps organisations should take in order to make sure captured information is kept secure and destroyed once it’s no longer required.
The ICO’s CCTV Code of Practice complements the provisions in the Surveillance Camera Code of Practice issued last year by the UK Surveillance Camera Commissioner, which applies to police forces, local authorities and Police and Crime Commissioners in England and Wales (as described in the Protection of Freedoms Act 2012). The ICO’s guidance covers a wider area, as the requirements of the Data Protection Act apply to all sectors processing personal information across the whole of the UK (including the private sector). The Data Protection Act 1998 does not apply to individuals operating CCTV for their own domestic use.
Recent enforcement action taken by the ICO to stop the excessive use of CCTV includes an enforcement notice served on Southampton City Council after the latter required the video and audio recording of the city’s taxi passengers 24 hours a day.
The ICO also served an enforcement notice on Hertfordshire Constabulary after the force began using ANPR cameras to record every car entering and leaving the small rural town of Royston in Hertfordshire.
In both cases, the “excessive use” of surveillance cameras was reduced following the ICO’s action.