Information Commissioner's Office
ICO warns CCTV operators that use of surveillance cameras must be necessary and proportionate
The Information Commissioner’s Office (ICO) has warned operators that surveillance cameras must only be used as a necessary and proportionate response to a real and pressing problem.
The warning comes on the day the ICO published its updated CCTV code of practice (pdf). The update includes a look at the data protection requirements placed on operators of new and emerging surveillance technologies, including drones and body worn video cameras.
ICO Head of Strategic Liaison, Jonathan Bamford, said:
“The UK is one of the leading users of CCTV and other surveillance technologies in the world. The technology on the market today is able to pick out even more people to be recorded in ever greater detail. In some cases, that detail can then be compared with other databases, for instance when automatic number plate recognition is used. This brings new opportunities to tackle problems such as crime, but also potential threats to privacy if they are just being used to record innocent members of the public without good reason.
“Surveillance cameras should not be deployed as a quick fix, but a proportionate response to a real and pressing problem. Putting in surveillance cameras or technology like automatic number plate recognition and body worn video is often seen as the first option, but before deploying it you need to understand the problem and whether that is an effective and proportionate solution. Failure to do proper privacy impact assessments in advance has been a common theme in our enforcement cases.”
The updated code explains how CCTV and other forms of camera surveillance can be used to process people’s information. The guidance explains the issues that operators should consider before installing such surveillance technology, the measures that organisations should have in place to make sure excessive amounts of personal information aren’t being collected and the steps organisations should have to make sure the information is kept secure and destroyed once it is no longer required.
The ICO’s CCTV Code of Practice complements the provisions in the Surveillance Camera Code of Practice, which applies to police forces, local authorities and police and crime commissioners in England and Wales, as described in the Protection of Freedoms Act. The ICO’s guidance covers a wider area, as the requirements of the Data Protection Act apply to all sectors processing personal information across the whole of the UK, including the private sector. The Data Protection Act does not apply to people using CCTV for their domestic use.
Recent enforcement action taken by the ICO to stop the excessive use of CCTV includes an enforcement notice served on Southampton City Council after the council required the video and audio recording of the city’s taxi passengers 24 hours a day. The ICO also served an enforcement notice on Hertfordshire Constabulary after the force began using Automatic Number Plate Recognition (ANPR) cameras to record every car entering and leaving the small rural town of Royston in Hertfordshire. In both cases the excessive use of surveillance cameras was reduced following the ICO’s action.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
Latest News from
Information Commissioner's Office
Blog: Data Protection law can help create public trust and confidence around COVID-status certification schemes29/03/2021 12:25:00
Blog posted by: Elizabeth Denham, Information Commissioner, 26 March 2021.
Secretary of State for the Department for Digital, Culture Media & Sport and the Information Commissioner sign Memorandum of Understanding on data adequacy22/03/2021 14:33:00
Having left the EU, the Secretary of State for the Department for Digital, Culture, Media and Sport now holds powers to make independent UK data adequacy arrangements with new partners around the world, making it easier for organisations to send data internationally.
Blog: Building on the data sharing code – our plans for updating our anonymisation guidance22/03/2021 11:05:00
Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out trends and provide new insights to improve patient care, while in the financial sector, data sharing can help to protect against money laundering and ensure individuals are protected from fraud.
Secretary of State for the DCMS and the Information Commissioner sign Memorandum of Understanding on Data Adequacy19/03/2021 12:07:00
Oliver Dowden, Secretary of State for the Department for Digital, Culture, Media and Sport, now holds powers to make independent UK data adequacy arrangements.
Digital Regulation Cooperation Forum publishes its first annual plan of work10/03/2021 14:15:00
The Digital Regulation Cooperation Forum (DRCF) today outlined its priorities for the coming year, marking a step-change in coordination of regulation across digital and online services.
Blog: Supporting UK democracy through data protection with new political campaigning guidance09/03/2021 12:25:00
Blog posted by: Elizabeth Denham, Information Commissioner, 09 March 2021.
ICO fines firms for sending more than 2.7 million spam text messages during the pandemic05/03/2021 15:05:00
Two separate companies that sent nuisance text messages during the Covid-19 pandemic have been fined a total of £330,000 by the Information Commissioner’s Office (ICO).