ICO Video Surveillance guidance
The steady growth of the use of video surveillance systems across public and private sectors, has led to both fixed and mobile cameras becoming more accepted in society. As video surveillance technology becomes more mainstream and affordable, it is now more common to see technologies such as smart doorbells and wireless cameras. Traditional closed circuit television (CCTV) also continues to evolve into more complex artificial intelligence (AI) based surveillance systems. These can process more sensitive categories of personal data. The ways in which the technology is used also continue to develop. This includes connected databases utilising Automatic Number Plate Recognition (ANPR) or the use of Facial Recognition Technology (FRT) in public spaces. Often they process the personal data of large numbers of the general public for security, crime prevention or for other specified purposes such as digital advertising. However, some of these uses can be particularly intrusive, especially if processing takes place without the knowledge of the individual.
ICO have developed guidance to help organisations in the public and private sector, who use video surveillance systems to collect and process personal data. It will help companies stay within the legal requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This guidance will also be relevant to law enforcement authorities that are using video surveillance separately for any purposes under the UK GDPR.
This guidance covers the processing of personal data by video surveillance systems by public and private sector organisations. Surveillance systems specifically include, but are not limited to traditional CCTV, Automatic Number Plate Recognition (ANPR), Body Worn Video (BWV), Drones (UAVs), Facial Recognition Technology (FRT), dashcams and smart doorbell cameras.
Organisations using surveillance systems that process the personal data of identifiable individuals need to comply with the UK GDPR and DPA 2018.
This particular guidance does not cover:
- covert surveillance techniques;
- processing for specific criminal law enforcement purposes by competent authorities under Part 3 of the DPA 2018;
- processing by intelligence services under Part 4 of the DPA 2018; and
- processing that is purely in the context of personal or household activities, such as household CCTV within the boundaries of private property.
This guidance also does not cover the use of ‘dummy’ or non-operational systems. However, it does cover pilots or trials as personal data is still processed.
For more information visit ICO website and check the following link .
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Stefania, Adam.
The Fourth quarter of 2021, really confirmed that 2021 is the year of fines. We did an overview of
The steady growth of the use of video surveillance systems across public and private sectors, has l
What is a DPA? A data processing agreement (DPA) is a legally binding document to be entered int