ICO Video Surveillance guidance
The steady growth of the use of video surveillance systems across public and private sectors, has led to both fixed and mobile cameras becoming more accepted in society. As video surveillance technology becomes more mainstream and affordable, it is now more common to see technologies such as smart doorbells and wireless cameras. Traditional closed circuit television (CCTV) also continues to evolve into more complex artificial intelligence (AI) based surveillance systems. These can process more sensitive categories of personal data. The ways in which the technology is used also continue to develop. This includes connected databases utilising Automatic Number Plate Recognition (ANPR) or the use of Facial Recognition Technology (FRT) in public spaces. Often they process the personal data of large numbers of the general public for security, crime prevention or for other specified purposes such as digital advertising. However, some of these uses can be particularly intrusive, especially if processing takes place without the knowledge of the individual.
ICO have developed guidance to help organisations in the public and private sector, who use video surveillance systems to collect and process personal data. It will help companies stay within the legal requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). This guidance will also be relevant to law enforcement authorities that are using video surveillance separately for any purposes under the UK GDPR.
This guidance covers the processing of personal data by video surveillance systems by public and private sector organisations. Surveillance systems specifically include, but are not limited to traditional CCTV, Automatic Number Plate Recognition (ANPR), Body Worn Video (BWV), Drones (UAVs), Facial Recognition Technology (FRT), dashcams and smart doorbell cameras.
Organisations using surveillance systems that process the personal data of identifiable individuals need to comply with the UK GDPR and DPA 2018.
This particular guidance does not cover:
- covert surveillance techniques;
- processing for specific criminal law enforcement purposes by competent authorities under Part 3 of the DPA 2018;
- processing by intelligence services under Part 4 of the DPA 2018; and
- processing that is purely in the context of personal or household activities, such as household CCTV within the boundaries of private property.
This guidance also does not cover the use of ‘dummy’ or non-operational systems. However, it does cover pilots or trials as personal data is still processed.
For more information visit ICO website and check the following link .
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.
As your Article 27 Representative we will always help if you receive a SAR, RTE, or other data prot
We have said this previously but we are still seeing a huge number of Subject Access Requests [
Summary: The Right to Be Forgotten is one of the fundamental rights defined in GDPR. Also