on videosurveillance syst… · web viewwithin video surveillance systems. table of content. 1....

55
Draft Guidelines on personal data processing within video surveillance systems This project is funded by the European Union

Upload: others

Post on 28-Oct-2019

1 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Draft Guidelines

on

personal data processing within video surveillance systems

This project is funded by the European Union

Page 2: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Table of content

1. Introduction: Video cameras and data protection

2. About this guidance paper

3. Scope of this guidance paper

3.1. Intended scope

3.2. Household exemption

3.3. Video surveillance in residential areas and in child care institutions

3.4. Targeted audience / readers of this guidance paper

3.5. Dummy or fake cameras

4. Deciding on whether and which video surveillance system to be used

4.1. Basic and initial considerations at the beginning

4.2. Privacy and Data Protection Impact Assessment (DPIA)

4.3. Possible legal grounds and proportionality considerations

5- Governance over video surveillance data

5.1 Ensuring effective administration

5.2 Maintaining recorded material and using the information

5.2.1 Storing and viewing video surveillance system information

5.2.2 Disclosure

5.2.3 Subject access requests

5.2.4 Freedom of information

5.2.5 Retention and deletion of data

6. Selecting, positioning and using video surveillance systems

6.1. Selection and design of systems

6.2. Positioning of video surveillance cameras

6.3. Using the equipment

Page 3: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

6.4 Areas of elevated expectations for privacy

6.5. Quality or resolution of images

7. Instruments for better achieving data protection compliance

7.1 Signposting

7.2 Signs on roads

7.3 Privacy notices

7.4 Other responsibilities

8. New trends in video surveillance technologies

8.1 Body worn video

8.2 Unmanned Aerial Systems (UAS) - drones

8.3 Automated recognition technologies

8.4 Dash cams in automobile vehicles

Appendix A

Checklist for users of limited video surveillance systems, e.g. when monitoring small retail and

business premises

Appendix B

Guiding principles for the deployment of video surveillance systems

Page 4: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

1. Introduction: Video cameras and data protection

Private or public organisations1 which think about using video cameras or surveillance systems might

wonder why they have to deal with data protection legislation and requirements laid out by those provisions

that need to be met with regard to this technology. Some might argue that recording images of – in most

cases – totally unknown or unidentified people or capturing images by live-broadcasting (monitoring) only

would not be what they think is to be understood as processing of personal data.

However, recent legislative acts, such as the EU General Data Protection Regulation or the current draft law

on personal data protection in the Republic of Moldova, explain clearly that the term of “personal data” is to

be understood broadly.

Art. 4 (1) of the EU General Data Protection Regulation provides a definition of “personal data”. It says:

“personal data” means any information relating to an identified or identifiable natural person (“data

subject”)”. It further states that “an identifiable natural person is one who can be identified, directly or

indirectly, in particular by reference to an identifier such as name, an identification number, location data,

an online identifier or to one or more factors specific to the physical, physiological, genetic, mental,

economic, cultural or societal identity of that natural person.”.

By including reference to the “physical” or “physiological” identity of a natural person, this definition of

“personal data” will be applicable to images of natural persons that are captured or recorded by video

cameras, because typically data on their physical characteristics, will be seen on video images. It is not

necessary that people who see such video images actually know the individuals shown on the images, so

that these individuals would be recognised making them an “identified natural person”. The definition of

personal data delivered by the EU General Data Protection Regulation expressly also includes data of

“identifiable” natural persons. Natural persons captured on video material will be identifiable by their

appearance, shape or some other physical or physiological characteristics. Thus, also video data or images

of any persons are to be understood as “personal data”, and consequently the legal provisions of data

protection law do apply to capturing and recording of video images by means of video surveillance cameras.

The definition of personal data, which is included in the draft law on personal data protection in the

Republic of Moldova in Art. 3, first bullet point, states that personal data is “any information identifying or

leading to the identification of the personal data subject”; it further stipulates that there may be “two

categories of data: common and special”. The second bullet point of Art. 3 lists elements of data that fall

into the “common category”; these “shall be, non-exhaustively: first name, given name, patronymic the

single identification number, address, phone number, vehicle registration number, location data, voice,

online identifier or one or several particularities related to the physical, physiological, economic, cultural or 1 the word „organisation“ means every public or private person, entity or body, which may want to or does use a video surveillance system.

Page 5: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

societal identity of the natural persons concerned, etc.” This definition ensures that also under this draft law

on personal data protection capturing and recording of video images is to be understood as processing of

personal data – here, again, with regard to identifiable natural persons (their looks and appearance being

“physical” and “physiological particularities” can “lead to their identification”) – and therefore, the

requirements of data protection legislation will apply to video surveillance cameras and systems. Data

protection legislation hereby may include a more general national data protection law as well as a data

protection law governing a specific sector or single provisions on data protection in sector specific laws.

It has been noted that the National Centre for Protection of Personal Data in the Republic of Moldova has

elaborated and submitted to the Ministry of Justice a comprehensive draft law “on the regime of video

devices”, which includes general provisions and requirements on the use of video cameras as well as

provisions on a number of special processing situations, e.g. use of video devices for police purposes or use

of fixed video devices in high-risk public spaces. This might be beneficial both to parties being interested in

using video surveillance systems and to potential data subjects by defining common standards that would

need to be met by all kind of users included in the draft law. It would also define in one comprehensive

legal document the rights of data subjects, and thus probably provide for more transparency and facilitating

exercising these rights by data subjects.

2. About this guidance paper

This guidance paper shall provide general explanation as well as practice advice for operating video

surveillance camera devices that view or record images of individuals. It may refer also to other personal

information collected and stored by organisations with regard to individuals (or “data subjects”). Personal

Information held by organisations is covered by data protection law and the guidance in this paper aims at

helping organisations to comply with these legal obligations.

Data protection law not only creates obligations for organisations, but it also gives individuals rights, such

as the right to access their personal information, or to have it deleted when keeping it is no longer necessary,

as far as derogations do not apply.

The basic legal requirement for all organisations is to comply with data protection law itself. This guidance

paper seeks to set out recommendations on how these legal requirements can be met. Organisations may use

alternative methods to meet these requirements, but if they do nothing they risk not being compliant with

the law. This practice guidance covers a wide area of potential users. This is because data protection law is

applicable to all organisations that process personal data in the private as well as in the public sector.

The recommendations of this guidance are based on the data protection principles that constitute the core of

the data protection law, and have been set out to follow the lifecycle and practical operation of video

surveillance systems.

Page 6: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Some sections of this guidance paper rise questions that need to be answered by organisations in order to

ensure that a good level of data protection will be achieved.

3. Scope of this guidance paper

3.1. Intended scope

Many video surveillance systems will be used to monitor or record the activities of individuals. As such

they process individuals’ information – which is their personal data. Consequently, these surveillance

systems will be covered by data protection law – no matter, whether the system is used by a multinational

company to monitor entry of staff and visitors in and out of its premises, or by a local shopkeeper recording

information to help prevent crime.

However, there are exceptions from the applicability of general data protection law. This needs to be taken

into account when it comes to the activities of specific state institutions, which have the legal task to provide

protection and safety to the civil society. This applies, for example, to the Police and to Law Enforcement

Authorities and their efforts to uphold public safety and security. Specific legal grounds may entitle them to

use video surveillance systems according to their particular needs and to derogate from some data protection

principles, e.g. the right of access can be limited when disclosing the information to the data subject would

endanger the purpose of the Police or Law Enforcement Authority´s activity, such as in the context of an

ongoing investigation against a suspected person. The same considerations apply to the penitentiary

administration, which is entitled by its specific legal provisions to use video surveillance systems according

to the needs that derive from the specific tasks and duties in the area of a prison and its detainees. Such

specific legal provisions can be found e.g. in Article 14 or Article 242 (2) of the Enforcement Code of the

Republic of Moldova both of which relating to the Penitentiary Administration. It is acknowledged that

these specific state institutions are fulfilling particular tasks for the entire society, which may justify

exceptions from general data protection rules and provisions.

This guidance paper will touch also some other video surveillance equipment, such as body worn video

(BWV), unmanned aerial systems (UAS – or “drones”) or “dash cams” in cars.

This paper aims at providing guidance also on information governance requirements, such as data retention

and deletion schedules, which are important to follow in order to comply with the data protection principles.

The use of conventional cameras (not video surveillance cameras) by the news media or for artistic

purposes, such as for film making, is not covered by this guidance paper, because an exemption within the

data protection law applies to activities relating to journalistic, artistic and literary purposes. However, this

guidance will apply to information collected by video surveillance systems that is then forwarded to the

media.

Page 7: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

3.2. Household exemption

With regard to solely private data processing, it will be likely that the use of video surveillance systems for

limited household purposes may be exempt from data protection law, see Art. 2 (2) c of the EU General

Data Protection Regulation on “purely personal or household activity” or Art. 2 (3) a of the draft law on

personal data protection in the Republic of Moldova on “processing of personal data by natural persons

exclusively for personal, family or domestic needs”, which may not include “professional or commercial

activities”.

However, the Court of Justice of the European Union (CJEU) issued a judgment in the case of Ryneš on 11

December 2014, where it concluded that where a fixed video surveillance camera faces outwards from an

individual’s private domestic property and it captures images of individuals beyond the boundaries of their

property, particularly where it monitors a public space, the recording cannot be considered as being for a

purely personal or household purposes.

This means that cameras attached to a private individual’s home may, depending on the specific

circumstances, no longer be exempt from the requirements of data protection law. Those circumstances are

likely to include cases where the camera monitors any area beyond the interior and exterior limits of that

individual’s home. This will include any camera to the extent that it covers, even partially, a public space

such as the pavement or adjacent street. It will also cover cameras which capture areas such as neighbours’

gardens.

This decision does not mean that using such a camera is not possible any more, but it does mean that

individuals will have to ensure that its use is legitimate and meets the requirements under data protection

law. In fact, the CJEU made clear that use of cameras to protect a property in this way can meet the

legitimate interest condition in the legislation.

3.3. Video surveillance in residential areas and in child care institutions

As a consequence of the Rynes case decision, house owners and associations which administer

condominiums or apartment blocks on behalf of their owners should check whether their video surveillance

system, if they have one in place, meet these enhanced necessity and proportionality requirements. As a

consequence, the layout or scope of some video surveillance systems might need to be modified (e.g. angle

or resolution of the camera, change or limitation of area to be under surveillance).

Whereas video surveillance in purely private areas I (usually rooms inside a building) in residential quarters

can be admissible – due to the household exemption or by consent of the owners (in case of condominiums

or appartment blocks) –, this may be different, when a public space, e.g. a playground lies between two or

more private buildings. If such a space is owned and managed by the condominium owners, then it can be

considered to be a part of their private property, so that video surveillance would be admissible there, too, if

Page 8: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

owners have given their consent to this measure either unanoumisly or by majority (rules on majority can

be laid down in the Condominium´s house administrative rules). However, if a square, space or playground

between building blocks is public and maintained by a municipal authority, then only this authority would

be competent to decide on – and to possibly install and use – a video surveillance system.

In any case, if a video surveillance system shall be used, this will need to be done in line with applicable

legal and technical requirements.

Another sensitive area with regard to the use of video surveillance systems are kindergartens, nurseries or

other institutions which take care of children or minors. The general feeling of most people will be that

children should be raised in an environment of trust and care and that the instalment of a video surveillance

system will not be necessary or appropriate in this specific environment. However, from a legal point of

view, using a video surveillance system might be admissible, if there is an urgent need to be addressed thus

defining a legitimate interest of the kindergarten management or if parents have provided their written

consent. In practice, it would be important to assess the exact scope and design of an intended video

surveillance system. Limiting the area or the duration of video surveillance could potentially make such a

system more proportionate. With regards to staff members, their interests need to be taken into account,

too, in a way that would exclude video surveillance in their social room or in bathrooms and toilets. Also in

this context, it is worth remembering that, if a video surveillance system shall be used, this will need to be

done in line with applicable legal and technical requirements.

3.4. Targeted audience / readers of this guidance paper

This guidance paper is primarily aiming at businesses and organisations that routinely capture individuals’

information on their video surveillance systems. This kind of video camera surveillance usually happens in

an open manner with appropriate signposting. However, the – sometimes covert – surveillance activities of

public authorities, such as the police and law enforcement authorities or the penitentiary administration,

which they are entitled to conduct due to specific legal grounds, are not be particularly touched by this

guidance paper, because they are governed by those specific laws that provide competences to these

authorities (see also previous chapter).

Not all sections of the guidance paper will be fully relevant to all users of video surveillance systems; this

will depend upon the extent and use of the information. Although small-scale users, such as small shops or

retailers, are covered by data protection law, they are unlikely to have very complicated systems, so many of

the recommendations given in this guidance paper might not be relevant. An appendix provides more

specific guidance, as an alternative to the full paper, for very limited use of video surveillance systems

where privacy risks are small and resources are limited. However, small scale users, who want to use a

video surveillance system for any purpose that is not covered in the checklist, still should read the entire

guidance paper.

Page 9: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

3.5. Dummy or fake cameras

Data protection law applies to information captured by video surveillance systems, both when they record

and when they merely live-broadcast images. Technically, data protection law does not apply to dummy,

fake or non-operational systems, because there will be no data processing operations. However, an

infringement to freedom and fundamental rights of people affected may occur nevertheless, since even the

mere appearance of the existence or use of video cameras can build pressure on people and make them

behave differently, e.g. by avoiding specific ways or areas; this is often called “chilling effects”. Such

infringements could be pursued by individuals affected on other legal grounds than data protection (e.g.

civil or criminal law, compensation). However, due to their detrimental effects, the provisions of data

protection law might be used here in an analogous way – as if processing of data happened. This would

strengthen data subjects` rights as well as the data protection supervisory authority.

4. Deciding on whether and which video surveillance system to be used

Using video surveillance systems will in many cases be privacy intrusive. These systems are capable of

putting large numbers of lawfully behaving people under surveillance and recording their movements as

they go about their daily activities, thus interfering into their privacy.

4.1. Basic and initial considerations at the beginning

Organisations, which are interested in using a video surveillance system, should therefore carefully

consider whether or not to use such a system. The fact that it is possible or affordable should not be the

justification for recording and processing personal data. If you are such an organisation, you should also

take into account the nature of the problem you are seeking to address; whether a video surveillance system

would be a justified and an effective solution, whether less intrusive solutions exist, what effect its use may

have on individuals (residents as well as third-parties), and whether in the light of this, its use is a

proportionate response to the problem. If you are already using a video surveillance system, you should

periodically evaluate whether it is necessary and proportionate to continue using it.

Example: Cars in a car park are frequently damaged and broken into at night. Consider whether improved

lighting would reduce the problem more effectively than the installation of a video surveillance system.

4.2. Privacy and Data Protection Impact Assessment (DPIA)

You should consider the matters explained above as part of an assessment of the scheme’s impact on

people’s privacy. The best way to do this is to conduct a privacy impact assessment. The European Data

Protection Board (EDPB, see Working Paper 248.rev.01) as well as some national data protection

Page 10: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

authorities, e.g. in the UK, have adopted specific guidance papers on how to conduct a proper privacy or

data protection impact assessment (DPIA).

A privacy impact assessment looks at privacy in a wider context than the data protection law, it also takes

into consideration the impact on privacy rights and seeks ways or means to mitigate them. It should look at

the pressing need the video surveillance system is supposed to address, and show whether or not the system

will meet this need. It should be based on reliable evidence and show whether the video surveillance system

proposed can be justified as appropriate to the needs identified – always taking into account the the specific

circumstances of the intended video surveillance system, such as placement of cameras or flow of persons,

4.3. Possible legal grounds and proportionality considerations

Having conducted a thorough data protection impact assessment will also help to meet the requirements laid

out in European and national data protection legislation, either in data protection laws as such or in potential

additional more specific data protection acts or in sections of other, maybe sector specific, laws that relate to

ensuring data protection in those specific areas.

These requirements basically stipulate that there needs to be a legal ground for any processing of personal

data. A legal ground can – in principal - be provided by law or by (freely given) consent of the data subject.

In the context of video surveillance systems such a legal ground could be the legitimate interest, as laid out

in Art. 6 (1) f of the EU General Data Protection Regulation or in Art. 5 (1) f of the draft law on personal

data protection in the Republic of Moldova, of a private or public entity, e.g. the interest to protect property

or to prevent thefts in a retail shop. When applying the legal ground of legitimate interest, it is also

necessary to check whether these interests are overridden by the interests of the data subjects affected by the

intended data processing, particularly if the data subject is a child. By making this check, the proportionality

of the measure needs to be assessed. In particular, it needs to be considered whether the use of the video

surveillance system is necessary to achieve the previously defined purpose, whether it is a suitable means

and whether it is appropriate (or non-excessive), By combining these assessments, a proportionality test on

the intended video surveillance measure can be achieved; this could also be done when conducting the Data

Protection Impact Assessment procedure (see previous chapter). As a general rule, it can be said that, if

there shall be installed a more intrusive video surveillance system, you accordingly need to have a better

justified legitimate interest or more pressing need.

However, with regard to areas, where people reasonably may have higher expectations of privacy, such as

social rooms, bathrooms, toilets, swimming pools or recreational facilities and changing or fitting rooms, in

almost all cases the interests of individuals, who would be subject to a potential video surveillance measure,

will prevail.

A privacy impact assessment should look at the urgent need that the video surveillance system is intended to

address and whether its proposed use has a lawful basis and is justified, necessary and proportionate. Where

Page 11: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

the system is already in use, the same issues should be considered or considerations should be made as to

whether a less privacy intrusive method could be used to address the pressing need.

Example: A city administration may face problems with burglars or thefts in a specific area of town, e.g. on

a public square, and consider to use a video surveillance system to prevent or investigate such incidents in

this area. These considerations should include assessments of different options, e.g. the installation of a

fixed permanent video surveillance system or the use of a mobile system only at times when those problems

occurred. The second option would be less privacy intrusive, but may still address the pressing need

sufficiently.

Failure to carry out an appropriate privacy impact assessment in advance has contributed to many of the

data protection problems that have occurred in relation to the use of video surveillance systems.

It should be noted that according to the draft for a new data protection law in the Republic of Moldova a

registration of data processing operations at the National Centre for Personal Data Protection will not be

mandatory any more. This means with regard to video surveillance systems that there will be no need for

data controllers to notify the data protection supervisory authority in order to be compliant with the new

data protection law.

However, there are legal requirements and technical specifications to be taken into account with regard to

video surveillance systems, which may be laid down by other than data protection related legislative

documents. In this context, it should be referred to the Governmental decision HG Nr. 667 of 8th July 2005

regarding the measures for the implementation of the Law no. 283-XV of 4 July 2003 regarding the private

detective and security activity as well as to the legal requirements and norms regarding the installation and

maintenance of the technical and fire protection systems (methodological and technical norms for the design

and installation of the Burglar alarm system as per Annex no. 6 to Governmental decision HG Nr. 667 of 8

July 2005). These decisions define special technical requirements that need to be met by video surveillance

systems.

5- Governance over video surveillance data

5.1 Ensuring effective administration

Establishing a clear basis for the processing of any personal information is essential, and the handling of

information relating to individuals that has been collected from video surveillance systems is no different. It

is important to establish within an organisation who has responsibility for the control of this information, for

example, who will decide what is to be recorded, how the information should be used and to whom it may

be disclosed(within the applicable legal framework, of course). If you are the organisation or entity that

makes these decisions, then you are the data controller and you will be legally responsible for compliance

with data protection law.

Page 12: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Where more than one organisation is involved, you should both know your responsibilities and obligations.

If you make joint decisions about the purposes for and operation of the scheme, then both of you are

responsible under data protection law.

Questions to be dealt with by an organisation, which considers using a video surveillance system

Who has responsibility for control of the information and making decisions about how it can be

used? If more than one body is involved, have responsibilities been agreed and does each know its

responsibilities?

If someone outside your organisation provides you with any processing services, for example editing

information (such as video cameras images), is a written contract in place with clearly defined

responsibilities? This should ensure that information is only processed in accordance with your

instructions. The contract should also include guarantees about security, scope and purpose of data

processing as well as recruiting properly trained staff.

Example: Public authorities may share a common control room for a video surveillance system in order to

cut back on running costs. This will include situations where the video surveillance system is managed by a

third-party on behalf of the public authority. If the video surveillance system monitors the inside of a

hospital but also monitors the main shopping street, then different privacy expectations will apply to the

information gained from each area. The agreement to share services must have guidelines and procedures in

place to ensure that control and use of these systems is appropriate and staff of the common control room

must be adequately trained to deal with the different levels of sensitivity of information.

You will also need clear procedures to determine how you use the system in practice.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Have you identified clearly defined and specific purposes for the use of information, and have these

been communicated to those who operate the system?

Are there clearly documented procedures for how information should be handled in practice? This

could include guidance on disclosures and how to keep a record of these. Have these been given to

the appropriate people?

Has responsibility for ensuring that procedures are followed been allocated to an appropriate

specific individual responsible person? This person should ensure that standards are set,

procedures are put in place to meet these standards, and that the system complies with legal

obligations.

Are checks or audits carried out on a regular basis to ensure that procedures are being complied

with? This can be done either by the responsible person or by a third party.

Page 13: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

You should regularly review whether the use of video surveillance systems continues to be justified. You

should also take into account other relevant rules and guidance which may cover your activities. For

example recommendations on privacy notices, transparency or data transfers to third countries.

5.2 Maintaining recorded material and using the information

5.2.1 Storing and viewing video surveillance system information

Recorded material should be stored in a way that keeps the integrity of the information. This is to ensure

that the rights of individuals recorded by video surveillance systems are protected and that the information

can be used effectively for its intended purpose. To do this you need to carefully choose how the

information is recorded and stored and ensure that access is restricted. You will also need to ensure that the

information is secure and, where necessary, encrypted. Thus, you may also meet the legal requirements

included in data protection law on the security of data processing and on maintaining data integrity; to this

end, you should implement appropriate technical and organisational measures at your organisation with

regard to processing personal data by video surveillance systems. Encryption can provide an effective

means to prevent unauthorised access to images processed in a video surveillance system.

If you are going to be collecting and retaining a large amount of information, for example video footage

from body worn cameras, then you may wish to store the data using a cloud computing system. You will

need to ensure that this system is secure and if you have contracted with a cloud provider to provide this

service, you will need to ensure that the provider can ensure the security of the information.

You should keep a record or audit log showing how the information must be handled, if it is likely to be

used as evidence, when requested e.g. by a law enforcement authority. This will serve also as

documentation for the organisation in order to be able to demonstrate later, if needed, how it has dealt with

such a request. Finally, once there is no reason to retain the recorded information, it should be deleted as

soon as possible. Exactly when you decide to do this will depend on the purpose for using the video

surveillance systems. A record of this process should also be captured.

Many modern video surveillance systems rely on digital recording technology and these methods present

their own problems. It is important that your information can be used, if required, by an appropriate law

enforcement agency. However, another effect of digital technology is that data can be copied or transferred

to another storage device rather easily. Therefore, it has become ever more important to prevent

unauthorised access to data.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

How practicable is it to take copies of a recording off your system when requested by a law

enforcement agency? Can this be done without interrupting the operation of the system?

Page 14: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Can it be provided in a suitable format without losing image quality or time and date information?

How can you ensure that information complies with designated standards?

Will they find your recorded information straightforward to use?

What will you do when recorded material needs to be taken away for further examination?

How will you prevent unauthorised access to video data held by your organisation?

Viewing of live images on monitors should usually be restricted to the operator and any other authorised

person where it is necessary for them to see it, for example to monitor congestion for health and safety

purposes.

Example: Monitors in a hotel reception area show guests in the corridors and lifts, i.e. out of sight of the

reception area. They should be positioned so that they are only visible to staff and members of the public

should not be allowed access to the area where staff can view them.

If you have installed a live streaming camera available to the public so that they can, for example, assess

which route to take on their journey to work based on the level of congestion, you should ensure that it is

appropriately zoomed out so that individuals cannot be identified. If individuals can be identified then this

will need to be justified and shown to be necessary and proportionate.

Recorded images should also be viewed in a restricted area, such as a designated secure office. The

monitoring or viewing of images from areas where an individual would have a reasonable and elevated

expectation of privacy should be restricted to authorised personnel, if monitoring is necessary at all.

Where images are in an area of particular sensitivity, such as a changing room, it may be more appropriate

to only view recorded images after an incident has occurred.

Questions to be dealt with by an organisation, which considers using a video surveillance system::

Are your cameras and monitors correctly sited taking into account the images that are displayed?

Is your monitor viewing area appropriate and secure?

Is access limited to authorised people?

Is recording of video images necessary or is real time monitoring sufficient?

Page 15: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

5.2.2 Disclosure

Disclosure of information from video surveillance systems must be controlled and consistent with the lawful

purpose(s) for which the system was established. For example, it can be appropriate to disclose video

surveillance information to a law enforcement agency, when the purpose of the disclosure is prevention,

investigation and detection of criminal offences and other offences, but usually it will not be appropriate to

disclose information about identifiable individuals, for example, to the media.

Every request for information should be approached with care as wider disclosure may be unfair to the

individuals concerned. Disclosure of information may be unfair in cases when it is not transparent to third

parties or when they have good reasons to believe that their privacy will not be challenged, such as in areas

of elevated privacy. In some limited circumstances it may be appropriate to release information to a third

party, where their needs outweigh those of the individuals whose information is recorded.

Example: A member of the public requests video surveillance footage of a car park, which shows their car

being damaged. They say they need it so that they, or their insurance company, can take legal action. You

should consider whether their request is genuine and whether there is any risk to the safety of the other

people involved.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Are arrangements in place to restrict the disclosure of information in a manner that is consistent

with the purpose for establishing the system and with all relevant law?

Does anyone who may handle requests for disclosure have clear guidance on the circumstances in

which it is appropriate to make a disclosure and when it is not?

Do you record the date of the disclosure along with details of who the information has been

provided to (the name of the person and the organisation they represent) and why they required it?

It is important that if you have a video surveillance systems, or if you are planning to have a video

surveillance system, that you have staff members or people available who are able to deliberately use the

system to access and extract information when disclosure is appropriate.

When disclosing video surveillance images of individuals, particularly when responding to subject access

requests, you need to consider whether the identifying features of any of the other individuals in the image

need to be blurred or obscured. It should be possible to achieve blurring of images by using advanced image

editing software, which nowadays has become widely available and more affordable than in the past.

Example: If footage from a camera that covers the entrance to a drug rehabilitation centre is stored, then

consider obscuring or blurring the images of people entering and leaving it, as this could be considered

sensitive personal data. This may involve an unfair intrusion into the privacy of the individuals whose

Page 16: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

information is captured and may cause unwarranted harm or distress. On the other hand, footage of

individual’s entering and exiting a bookshop is far less likely to require obscuring or blurring.

It may be necessary to contract obscuring or blurring out to another organisation. Where this occurs, you

will need to have a written contract with the processor that specifies exactly how the information is to be

used and provides you with explicit security guarantees.

Decisions about disclosure should be made by the organisation operating the video surveillance system.

They may refuse any request for information unless there is an overriding legal obligation, such as a court

order or information access rights. Once you have disclosed information to another body, such as the police,

they become the data controller for the copy they hold. Then it will be their responsibility to comply with

the data protection law in relation to any further disclosures.

The method of disclosing information should be secure to ensure that they are only seen by the intended

recipient.

5.2.3 Subject access requests

Individuals whose information is recorded have a right to be provided with that information or, if they are

happy with it, to view that information. As a general rule, information must be provided promptly or as soon

as possible. Providing information in a timely manner is important, particularly where you may have a

defined retention period which will mean that the information will have been routinely deleted after the

defined period of time. In such circumstances it is good practice to extract and preserve the requested the

information. Excessive, abusive or repetitive access requests lodged by data subjects may be denied by an

organisation in line with the rules set out in applicable data protection legislation for such cases.

The first copy of information provided to an individual in responding to an access request shall be free of

charge. But for additional copies you may consider to charge a nominal fee to cover your expenses, if your

data protection law allows this. Those who request access must provide you with details that allow you to

identify them as the subject of the information and also to locate the information on your system. You

should consider:

o how staff involved in operating the video surveillance system will recognise a subject access

request; and

o whether internal procedures for handling subject access requests are in place. This could include

keeping a log of the requests received and how they were dealt with, in case you are challenged.

It is advisable to design a video surveillance system in a way that it allows to locate and extract personal

data in response to subject access requests – based on the details provided by the data subject (particularly

Page 17: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

location, date, time of video recording). The system should also allow for the redaction (e.g. obscuring or

blurring) of third party data where this is possible and deemed necessary.

A clearly documented process will also help guide individuals through such requests. This should clearly

explain what information an individual needs to supply. You should consider:

o The details you will need to find the requester’s information. This might include the date, time and

location where the footage was captured.

o A potential fee you possibly may charge for supplying the requested information and how should it

be paid.

o Whether you have effectively labelled information to assist with retrieval.

o How you will provide an individual with copies of the information held.

It is important to note that where a data subject requests a copy of video surveillance footage or other

information that is related to him/her, you need to provide the data subject with such a copy, unless an

exemption applies. This shall be done by supplying them with a copy of the information in a permanent and

readable form. There are limited circumstances where this obligation does not apply. The first circumstance

is where the data subject agrees to receive the information in another way, such as by viewing the footage.

The second circumstance is where the supply of a copy in a permanent form is not possible or would

involve disproportionate effort.

To ensure data subjects rights you should:

explain to people interested how they can make a subject access request, whom it should be sent to

and what information needs to be supplied with their request;

offer them a copy of this guidance paper or details of the data protection authority´s website; and

tell them how to lodge a complaint about either the operation of the system or failure to comply with

legal requirements at the competent authority (e.g. the data protection authority).

As mentioned before, where information of third parties is also shown with the information of the person

who has made the access request, you should consider whether you need to obscure, blur or otherwise redact

this information in the best possible way you could do this

5.2.4 Freedom of information

Public authorities may receive requests under laws governing the access to information held by public

agencies.

Page 18: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Public authorities should have a dedicated unit which is responsible for responding to freedom of

information requests, and understands the authority’s responsibilities.

Access requests to video footage held by public agencies can be based on freedom of information laws by

an individual without any specific pre-conditions. Other than under data protection law, a request does not

need to refer or to be limited to personal data of the requestor. Therefore, also with regard to video

surveillance images, access to information requests need to be handled by public authorities according to the

requirements laid out in national freedom of information laws. Accordingly, public authorities will need to

check in each case

whether they do have the information or video footage which is sought after by the requestor and

whether it can be disclosed, i.e. whether one or more of the exemptions pertaining to the requirement to

disclose publically held information will apply in the specific case of the request.

Where you think obscuring images will appropriately anonymise third party personal data, then it may be

appropriate to do this rather than exempting the information.

If you are a public authority who has video surveillance systems in place, you may also receive requests for

information under freedom of information laws relating to those surveillance systems. For example,

requestors may ask for information regarding the operation of the systems, the siting of them, or the costs of

using and maintaining them.

If this information is held, then consideration will need to be given to whether or not it is appropriate to

disclose this information under freedom of information law. If it is not appropriate to disclose this

information, then an exemption under freedom of information will need to be used, if one is applicable.

This is not an exhaustive guide to handling freedom of information requests. For further information you

may approach your national office responsible for freedom of information affairs (Ombudsman, Ministry of

Justice, or any other).

5.2.5 Retention and deletion of data

Data protection law does not prescribe any specific minimum or maximum retention periods which apply to

all systems or footage. Rather, retention should reflect the organisation’s purposes for recording

information. The retention period should be determined by the purpose for which the information is

collected and how long it is needed to achieve this purpose. It should not be kept for longer than is

necessary, and should be the shortest period necessary to serve the specific and previously defined purpose.

In any case, this should not be determined just by the storage capacity of a system.

Example: Footage from a video surveillance system shouldn’t be kept for five weeks merely because the

manufacturer’s settings on the video surveillance system allow retention for this length of time.

Page 19: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Where it is not necessary to retain information, for example, it does not achieve the purpose for which you

are collecting and retaining information, then it should be deleted immediately or as soon as possible.

Example: If a supermarket uses video surveillance system to monitor use of its car park when there is a two

hour free parking limit and retains the details gathered from the video surveillance system for those cars that

have not exceeded the parking limit, then this is unnecessary and excessive and unlikely to comply with the

data protection principles.

You should not keep information for longer than necessary to meet your purposes for recording it. On

occasion, you may need to retain information for a longer period, where a law enforcement body is

investigating a crime and ask for it to be preserved, to give them opportunity to view the information as part

of an active investigation.

Example: A system installed to prevent fraud being carried out at an ATM machine may need to retain

images for several weeks, since a suspicious transaction may not come to light until the victim gets their

bank statement.

Example: A small system in a pub or retail shop may only need to retain images for a shorter period of time

because incidents will come to light very quickly. However, if a crime has been reported to the police, you

should retain the images until the police have time to collect them.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Have you decided on the shortest period that you need to retain the information, based upon your

purpose for recording it?

Is your information retention policy documented and understood by those who operate the system?

Are measures in place to ensure the permanent deletion of information through secure methods at

the end of this period?

Do you undertake periodic checks to ensure that the retention period is being complied with in

practice?

5.3 Staying in control

Once you have followed the guidance in this guidance paper and set up the video surveillance system, you

need to ensure that it continues to comply with the data protection law requirements.

Staff members using or administrating the video surveillance system or information should be trained to

ensure they comply with recommendations of this paper. In particular, do they know:

Page 20: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

What the organisation’s policies are for recording and retaining information?

How to handle the information securely?

What to do if they receive a request for information, for example, from the police?

How to recognise a subject access request and what to do if they receive one?

All information must be sufficiently protected to ensure that it does not reach the wrong recipient. This

should include technical and organisational measures as well as physical security. For example:

Are sufficient safeguards in place to protect wireless transmission systems from interception?

Is the ability to make copies of information restricted to appropriate staff?

Are there sufficient controls and safeguards in place if the system is connected to, or made available

across, a computer, e.g. an intranet?

Where information is disclosed, how is it safely delivered to the intended recipient (e.g. details on

the methods, ways and technology being used for delivery of data)?

Are control rooms and rooms where information is stored secure?

Are staff members trained in security procedures and are there sanctions against staff who misuse

video surveillance system information?

Have staff members been made aware that they might commit a criminal offence if they misuse

video surveillance system information?

Is the process for deleting data effective and being adhered to?

Have there been any software updates (particularly security updates) published by the equipment’s

manufacturer that need to be applied to the system?

Any documented procedures that you produce following on from legal obligations or recommendations of

this guidance paper should be regularly reviewed, either by a designated individual within the organisation

or by a third party. This is to ensure the standards established during the setup of the video surveillance

system will be maintained.

Similarly, there should be a periodic review, for example bi-annually, of the system’s effectiveness to

ensure that it is still doing what it was intended to do. If it does not achieve its purpose, the video

surveillance system should be stopped or modified.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Page 21: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Is the video surveillance system addressing the needs and delivering the benefits that justified its

use?

Is information available to help deal with queries about the operation of the system and how

individuals may make access requests?

Does the information include details of the data protection authority if individuals have data

protection compliance concerns?

Is a schedule of regular compliance reviews in place (e.g. every second year), including compliance

with the recommendations of this paper, continued operational effectiveness and whether the system

continues to meet its purposes and remains justified?

Are the results of the review recorded, and are its conclusions acted upon?

Example: A video surveillance system introduced to deal with persistent anti-social behaviour during the

evenings may no longer be justified if this area of the town is no longer popular during this time.

6. Selecting, positioning and using video surveillance systems

Note: This chapter may touch not only data protection issues, but also operational aspects of video

surveillance systems

6.1. Selection and design of systems

The information collected by a video surveillance system must be adequate for the purpose. The type of

video surveillance system you choose and the location it operates within must also achieve the purposes for

which you are using it. You should ensure that the design of any video surveillance systems you purchase

allows you to locate and extract personal data in response to subject access requests. They should also be

designed to allow, as far as possible, for the redaction of third party data where this is deemed necessary.

With regard to design and functionality of a video surveillance system, it might be necessary for the

responsible organisation to check and to take into account legal or technical requirements which may be

defined by other than data protection related provisions.

As outlined earlier in this guidance paper, you should identify, through a privacy impact assessment,

whether or not a video surveillance system is the most appropriate means of addressing the pressing need. If

you decide that a video surveillance system is required then a “privacy by design” approach should be

followed when making decisions about which equipment to purchase. This means that privacy matters

Page 22: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

should always be taken into account from the beginning as well as through the whole process of

considering, selecting and installing a video surveilance system by asking whether there is a (more) privacy-

friendly solution. You will need to identify which equipment will address the pressing need in the best

possible and ideally in a privacy-friendly way. The equipment you choose should, for example, be designed

in a way that it collects the information only that is necessary to meet the purpose for which the video

surveillance system was installed.

Example: A video surveillance system that allows recording to be switched on and off easily, and therefore

does not have to record continuously, will help mitigate the potential risk of recording excessive amounts of

information.

6.2. Positioning of video surveillance cameras

Both permanent and movable cameras should be sited and image capture should be restricted in a way that it

is ensured that they do not view areas that are not of interest and are not intended to be subject to video

surveillance, such as individuals’ private property. The cameras shall be sited openly and easily visible to

people who are about to enter an area under video surveillance. The system must have the necessary

technical specification to ensure that unnecessary images are not viewed or recorded, and those that are

recorded are of the appropriate quality.

Example: Check that a fixed traffic monitoring camera will not cover areas that are not relevant for its

purpose, e.g. gardens of private houses next to the street.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Have you carefully chosen the camera location to minimise viewing spaces that are not of relevance

to the purposes for which you are using a video surveillance system?

Where a video surveillance system has been installed to deal with a specific problem, have you

considered setting the system up so it only records during the time when the problem usually

occurs? Alternatively, have you considered other privacy-friendly ways of processing images? For

example, some systems only record events that are likely to cause concern, such as movement into a

defined area. This can also save on storage capacity.

Will the cameras be sited to ensure that they can produce images of a suitable quality, taking into

account their technical capabilities and the environment in which they are placed?

Is the camera suitable for the location, bearing in mind the light levels and the size of the area to be

viewed by each camera?

Are the cameras sited so that they are secure and protected from vandalism?

Page 23: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Will the system produce images of sufficient size, resolution and frames per second?

6.3. Using the equipment

It is important that a video surveillance system produces information that is of a suitable quality to meet the

purpose for which it was installed. If identification is necessary, then poor quality information that does not

help to identify individuals may undermine the purpose for installing the system.

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Does the video surveillance system produce good quality information? Will the quality of the

information be maintained throughout the recording process?

Have you considered the compression settings for recording material? In a digital system, a high

level of compression will result in lower picture quality on playback.

Have you set up the recording medium in such a way that information cannot be inadvertently

corrupted?

Is there a regular check that the date and time stamp recorded on images is accurate (for example,

if your country switches between summer and winter time)?

Has a regular maintenance scheme been set up to ensure that the system continues to produce high

quality information?

Have you ensured that your wireless transmission system is suitably secure, if one is used? If

necessary, do you have the ability to encrypt information?

6.4. Areas of elevated expectations for privacy

In areas where people reasonably may have a heightened expectation of privacy, such as in changing rooms,

or social rooms at the workplace, cameras should not be used; this might be an option only in the most

exceptional circumstances where it is necessary to deal with very serious concerns. In these cases, you

should make extra efforts to ensure that people affected by video surveillance are aware that they are being

recorded and that appropriate restrictions on viewing and disclosing images are in place. This applies

mainly to the use of video surveillance systems by private entities. Public entities, such as law enforcement

authorities, may have specific legal grounds to use video surveillance systems in these surroundings (see

chapter 3).

6.5. Quality or resolution of images

Page 24: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

To judge the necessary quality of images, it will be necessary to take into account the purpose for which a

video surveillance system will be used and the level of quality required to achieve the system´s purpose.

This judgement should be guided by the rule that it usually will be less privacy intrusive to have images of

standard or a lower kind of resolution.

7. Instruments for better achieving data protection compliance

7.1. Signposting

Organisations which use video surveillance systems must let people know when they are in an area where

such a system is in operation.

The most effective way of doing will in most cases be by using prominently placed signs at the entrance to

the video surveillance system’s zone and reinforcing this with further signs inside the area. This message

can also be backed up with an audio announcement, where public announcements are already used, such as

on a train.

Clear and prominent signs are particularly important where the video surveillance systems are very discreet,

or in locations where people might not expect to be under surveillance. As a general rule, signs should be

more prominent and frequent in areas where people are less likely to expect that they will be monitored by a

video surveillance system.

Signposting should:

be clearly visible and readable;

contain details of the organisation operating the system, the purpose for using the surveillance

system and who to contact about the scheme (where these things are not obvious to those being

monitored);

include basic contact details such as a simple website address, telephone number or email contact;

and

be an appropriate size depending on context - for example, whether they are viewed by pedestrians

or car drivers.

Example: “Images are being monitored and recorded for the purposes of crime prevention and public safety.

This scheme is controlled by Chisinau Municipal Council. For more information, call 01234 567890, or see

privacy notice at www...”

Questions to be dealt with by an organisation, which considers using a video surveillance system:

Do you have signs in place informing people that a video surveillance system is in operation?

Page 25: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Do your signs convey the appropriate information?

7.2 Signs on roads

Appropriate signs must be provided to alert drivers to the use of cameras on the road network or in areas

that vehicles have access to, such as car parks. It is important that these signs do not affect the safety of road

users. You should consider the amount of time the driver will have to read the information you provide;

particularly where the road has a high speed limit. Signs must make clear that cameras are in use and

explain who is operating them, so that individuals know who holds information about them and therefore

have the opportunity to make further enquiries about what is happening with their data. Where authorised

signs under road traffic sign regulations are used and these don’t explain which organisation is operating the

cameras, then supplementary signs should be used.

7.3 Privacy notices

It is clear that video surveillance and similar devices present more difficult challenges in relation to

providing individuals with fair and lawful processing information, which is a requirement under data

protection law. For example, it will be difficult to ensure that an individual is fully informed of this

information, if the video surveillance system is airborne, on a person or not visible at ground level.

However, these are issues that must be taken into account, as organisations are unlikely to comply with the

data protection principles. if they do not make all reasonable efforts to provide fair and lawful processing

information. If they are considering using such devices, it will be necessary to come up with appropriate and

potentially innovative ways of informing individuals about their rights.

Example: In addition to more traditional methods, it may be useful to use social media or internet websites

to inform individuals that certain types of video surveillance systems are in operation at a specific time and

in a specific area. Further links can be provided to privacy notices so that data subjects can find out more

information if they are interested.

One of the main rights that a privacy notice helps to deliver is an individual’s right of subject access. If you

have decided that you are going to use these devices you will need to have the ability to provide information

to requestors, be able to obscure or edit the information where necessary and have staff trained to deal with

the different issues that may arise when responding to a subject access request. If you’re a public authority

you will also need to consider your response to freedom of information requests (see previous chapters).

7.4 Other responsibilities

Staff members operating a video surveillance system also need to be aware of further rights that individuals

have under data protection law, such as the right to deletion of personal data or the right to contradict to the

processing of personal data by the data subject. Staff members need to recognise a request from an

Page 26: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

individual to prevent a processing of personal data which is likely to cause substantial and unwarranted

harm and a request to prevent automated decision-taking or profiling in relation to the individual.

Experience has shown that it is rather unlikely that operators of video surveillance systems receive such

requests. Should this happen nevertheless, you may seek advice from your data protection authority.

Apart from that, other or sector specific laws and their requirements, e.g. with regard to industrial or health

& safety standards or possibly necessary licensing requirements, need to be taken into account when it

comes to installation, design and use of video surveillance systems.

Question to be dealt with by an organisation, which considers using a video surveillance system:

Do the relevant staff members know how to deal with any data protection request lodged by data

subjects (other than access to data requests; see previous chapters), for example a request to

prevent processing or to prevent automated decision making and where to seek advice?

Does your system meet any potential industry or other relevant standards?

Have you satisfied any relevant licensing requirements?

8. New trends in video surveillance technologies

Video surveillance systems have advanced greatly and are not necessarily limited to conventional, fixed-

type of video cameras. Particularly, technical development and miniaturisation have made cameras and

other devices ever smaller, thus facilitating mobile use of such equipment. Mass production and decreasing

prices have led to a widely extended availability and affordability of devices, even for small private

organisations or individuals.

This section covers some of the recently developed video surveillance technologies and how to approach

them. While the technologies covered in this section might present new issues, the recommendations

throughout the rest of this paper will be relevant, nevertheless.

The way the information collected by these technologies can be linked or matched together means that

video surveillance technologies are becoming more interconnected. This presents further issues with regards

to people’s personal data. If you are intending to match data together from different systems, you will need

to be careful that the information you are collecting is accurate and not excessive.

It is possible for data collected by a range of video surveillance systems to be integrated into broader ‘big

data’ processing systems operated by an organisation – either by itself or by a contracted data processor via

outsourcing. This has implications in terms of profiling, what can be learnt about individuals and how

decisions are made about them. Your data protection authority may provide additional advice on the data

protection implications of big data and how to mitigate them.

Page 27: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

While developers and vendors of these new technologies may not be data controllers under data protection

law, data protection authorities worldwide recommend that they consider privacy impact assessments and a

“privacy by design” approach when developing their systems for the market. There is also a case for the

system’s instructions or manuals to include information highlighting the importance of addressing data

protection compliance.

As data controller, you are responsible for ensuring that the design of any video surveillance systems you

purchase allows you to easily locate and extract personal data in response to subject access requests. They

should also be designed to allow for the redaction of third party data where this is deemed necessary (see

previous chapters).

8.1 Body worn video

Body worn video involves the use of cameras that are worn by a person and are usually attached to their

clothing or uniform. These devices can often record both visual and audio information. They are

increasingly used across different sectors, most commonly by law enforcement agencies, but their costs

constantly getting lower means that also small businesses and private persons are increasingly able to

purchase and use such equipment.

Body worn video systems are likely to be more intrusive than the more conventional type of video

surveillance systems because of enhanced mobility and less visibility. Before you decide to procure and

deploy such a system, it is important that you justify its use and consider whether or not it is proportionate,

necessary and addresses a pressing need. If you are going to use a combined video and audio recording

system, you need to de-activate the audio-recording function or make sure that there is a legal ground also

for the audio-recording, such as the previous consent provided by those persons whose conversation shall be

recorded. The Police or law enforcement authorities, however, may be entitled to use audio recording

systems under specific conditions and as prescribed by law.

Body worn video devices have the ability to be switched on or off, but it is important to know when and

when not to record. Continuous recording will require strong justification as it is likely to be excessive and

cause a great deal of collateral intrusion. This is because continuous recording is likely to capture people

doing their daily activities as well as the individual person who is the focus of your attention. Further

justification will be required if you consider recording in more sensitive areas, such as private areas,

schools, care homes etc. The pressing social need will have to be far greater in order to justify the use of

body worn video systems. This will require the operator to provide more evidence to support its use in this

situation.

Example: It may be appropriate for a Parking Enforcement Officer to switch on their body worn video

camera when they believe an individual is being aggressive or there is the potential for aggression.

However, it would not be appropriate to switch it on when an individual is only asking for directions.

Page 28: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Individuals using body worn video systems should be able to provide fair processing to data subjects. As

body worn video cameras can be quite small or hard to see, individuals may not be aware that they are being

recorded. It is therefore important that clear signage is displayed, for example on an individual’s uniform, to

show that recording is taking place. You should also think of ways to provide further information to data

subjects if they wish to find out more information, for example, directing them to the privacy notice on your

website, if you have one.

Because of the volume of personal data and potentially sensitive personal data that body worn video

cameras will process and the portability of them, it is important to have appropriate and robust technical and

physical security in place to protect this data. For example, you should make sure that devices can encrypt

data, or where this is not possible have other ways of preventing unauthorised access to information.

Body worn video cameras will, in many cases, be part of a larger workflow of information. You will need to

make appropriate decisions about retention and deletion of data. As you may be recording a large amount of

data, you need to ensure that you can store all of it and have a retention and deletion policy in place. This

policy must set out how long the information should be kept for (this should be the minimum amount of

time necessary to fulfil its original purpose) and when it should be deleted, so that you do not hold excessive

amounts of personal data. You should also consider whether you need to retain all of the footage captured

by a device, or whether extracting short clips would be sufficient.

The information should be stored in a way that recordings relating to a specific individual or event can be

easily identified, located and retrieved. You should also store the data in a way that remains under your sole

effective control, retains the quality of the original recording and is adequate for the purpose for which it

was originally collected.

You should continue to regularly check the use of the body worn video system as a whole to see if it is still

achieving its original purpose. If it appears that it is no longer achieving this purpose or it is no longer

necessary, you should look at potentially less privacy intrusive methods to address the need.

8.2 Unmanned Aerial Systems (UAS) - drones

Unmanned Aerial Systems (UAS) refer to the whole system under which unmanned aerial vehicles (UAV)

operate. They are also referred to using different names such as Remotely Piloted Aircraft Systems (RPAS)

and “drones”. UAV are unmanned vehicles which, if fitted with a camera, are capable of recording images

whilst airborne. These devices can vary in size from the very large, up to the size of a plane, to the very

small, which can be the size of a remote control plane or helicopter. They were first used by the military, but

are now much more affordable and popular. As with BWV systems, the smaller devices can easily be

purchased by businesses and members of the public.

Page 29: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

A distinction should be drawn between those individual persons who can be considered as ‘hobbyists’ and

are therefore generally using their device for domestic purposes, and those individuals or organisations who

use the device for professional or commercial purposes. Where UAS are used for non-domestic purposes,

operators will need to comply with data protection obligations and it will be good practice for domestic

users to be aware of the potential privacy intrusion which the use of UAS can cause to make sure they are

used in a responsible manner.

Example: A business may purchase UAS to monitor inaccessible areas, such as a roof to check for potential

damage. Its use should be limited to that specific function and recording should not occur when flying over

other areas that may capture images of individuals.

The use of UAS has a high potential for collateral intrusion by recording images of individuals

unnecessarily and therefore can be highly privacy intrusive. Because of the height UAS can operate at and

the unique vantage point they afford. Individuals may not always be directly identifiable from the footage

captured by UAS, but often could still be identified through the context they are captured in or by using the

devices ability to zoom in on a specific person. As such, it is very important that you can provide a strong

justification for their use. As with all of the other technologies discussed in this guidance paper, performing

a robust privacy impact assessment will help you decide if using UAS is a good method to address the need

that you have identified.

As with other technologies discussed, it is important that the recording system on UAS can be switched on

and off when appropriate. This is particularly important given the potential for the cameras to capture large

numbers of individuals from a significant height. Unless you have a strong justification for doing so, and it

is necessary and proportionate, recording should not be continuous. This is something which you should

look at as part of the privacy impact assessment.

UAS cover the whole system, rather than just the device in the air, so you need to ensure that the whole

system is compliant. You should ensure that any data which you have collected is stored securely, for

example by using encryption or another appropriate method of restricting access to the information. You

should also ensure that data is retained for the minimum time necessary for its purpose and will be deleted

when no longer required.

You may be able to reduce the risk of collateral intrusion by incorporating privacy by design methods. For

example, you may be able to use a device that has restricted vision so that its focus is only in one place.

Privacy by design can be incorporated into your privacy impact assessment and can form part of your

procurement process.

One major issue with the use of UAS is the fact that on many occasions, individuals are unlikely to realise

that they are being recorded, or may not know that UAV have a camera attached. The challenge of

Page 30: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

providing fair processing information is something that you must address if you decide to purchase UAS

and if the household exemption does not apply to you.

You may need to consider innovative ways of providing this information. For example, this could involve

wearing highly visible clothing identifying yourself as a (commercial) UAS operator, placing signage in the

area you are operating UAS explaining its use or having a privacy notice on a website that you can direct

people to, or some other form of privacy notice, so they can access further information.

8.3 Automated recognition technologies

The use of technologies to identify individuals’ faces, the way that they walk or their eye movements, for

example when they are looking at advertising, are being increasingly used by organisations. These types of

technologies attract the same data protection concerns as those discussed already in this paper. If you

consider using such systems you must provide fair processing information to data subjects. If you store this

information, you will also need to have an appropriate retention and deletion schedule and have suitable

technological and physical security measures in place. In general, organisations should be very cautious and

reluctant using such technologies due to its potential far reaching effects on privacy of individuals.

Any use of automated technologies should involve some level of human interaction and should not be done

on a purely automated basis. Possibly due to its potential effects on the privacy of individuals, some

jurisdictions – e.g. California or the city of San Francisco – are considering to ban the use of (automated)

facial recognition technology.

8.4. Dash cams in automobile vehicles

Due to the rapid technological development, video cameras have become so small and affordable that they

can easily be used in cars. Such devices may gain popularity, because users tend to consider that dash cams

are a suitable instrument to record what is happening inside their cars or outside of the car and the video

footage will help them in cases of accidents or other events to prove whether they behaved correctly, if such

a proof might be asked by their insurance company or could be introduced as evidence into a court

proceeding.

However, using dash cams in cars will have implications on the privacy of those people who are subject to

this kind of video surveillance. Recording individuals by a video camera constitutes a way of processing

personal data. Therefore, a legal ground will be necessary to fulfil the requirement of lawfulness of the data

processing. The household exemption will in most cases not apply here, since users of dash cams usually

will want to record the surrounding of their vehicles (not only inside the car). Thus, unavoidably other

individuals will be affected by the use of dash-cams.

A possible legal ground for using a dash-cam could be that the user wants to pursue a legitimate interest,

such as protecting his car – but only if the interests of other parties affected by a dash cam do not prevail.

Page 31: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Accordingly, the interest of the user and the interests of other individuals need to be assessed and, if

possible, a balance of interests should be found. The result of such assessments will depend on the specific

circumstances of each case.

In general, a dash cam which runs permanently and covers a wide area will not be acceptable from a data

protection point of view, because the infringement into the privacy rights of others will be too strong.

However, it is worth thinking about how dash cams could be made more privacy-friendly. Some recent

court decisions have provided advice how this could be achieved.

- Recording images should happen only when it – probably – will be necessary

- Video recording should start only when triggered by a specific event or scenario, therefore the dash cam

could be connected to sensors in the car, e.g. with the airbag or the brakes system

- The angle of the cameras should be set in way that it will cover the immediate surrounding area of the car,

but not more remote areas.

- Captured images of individuals could be obscured or blurred

- Regular deletion of video data after a short period of time, if not needed any more; this could be done if

old data will be replaced by new data in the storage device.

- Button to turn a dash cam on or off, if not needed

- A sticker on the car indicating that a dash cam might be used.

Another issue is whether video data collected by a dash cam may be used as evidence in a court proceeding,

even if the use of the dash cam was not compliant with data protection law. It will be within the

responsibility of courts to decide about this in each individual case specifically applying the relevant

provisions of court procedural law. But even if courts allow such evidence, data protection supervisory

authorities still would have the opportunity to start investigations against users of non-compliant dash cams.

Sources / Further reading:

Draft law on personal data protection in the Republic of Moldova (provided by the Centre and by the

RTA of the EU Twinning Project)

Draft law on the regime of video devices in the Republic of Moldova (provided by the Centre and by the

RTA of the EU Twinning Project)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April on the protection

of natural persons with regard to the processing of personal data and on the free movement of such data,

and repealing Directive 95/46/EC (General Data Protection Regulation)

Page 32: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

in the picture: A data protection code of practice for surveillance cameras and personal information,

published by the Information Commissioner of the United Kingdom of Great Britain and Northern

Ireland (UK ICO)

Orientierungshilfe “Videoüberwachung durch nicht-öffentliche Stellen” des Düsseldorfer Kreises der

Konferenz der Datenschutzbeauftragten des Bundes und der Länder in Deutschland (available in German

language only; Orientation guidelines on „video surveillance by non-public bodies“ of the Dusseldorf

Circle of the Conference of the Federals and of State Data Protection Commissioners in Germany)

Page 33: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Appendix A

Checklist for users of limited video surveillance systems, e.g. when monitoring small retail and

business premises

This video surveillance system and the images produced by it are controlled by ………………….. who is

responsible for how the system is used and for notifying the data protection authority about the video

surveillance system and its purpose (which is a legal requirement of data protection law).

We (……) have considered the need for using a video surveillance system and have decided that it is

required for the prevention and detection of crime and for protecting the safety of customers in our

premises. It will not be used for other purposes. We regularly conduct review (e.g. bi-annually) of our use of

the video surveillance system.

Nr Requirement fulfilled

(yes or

no)

Checked

(Date)

By Date of

next

review

1 Notification has been submitted to the

data protection authority and the next

renewal date recorded.

2 There is a named individual who is

responsible for the operation of the

system.

3 The problem we are trying to address has

been clearly defined and installing

cameras is the best solution. This

decision should be reviewed on a regular

basis.

4 A system has been chosen which

produces clear images which the law

enforcement bodies (usually the police)

can use to investigate crime and these can

easily be taken from the system when

required.

5 Cameras have been sited so that they

provide clear images and are visible to

Page 34: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

customers.

6 Cameras have been positioned to avoid

capturing the images of persons not

visiting the premises or areas outside of

our premises.

7 There are visible signs showing that a

video surveillance system is in operation.

Where it is not obvious who is

responsible for the system contact details

are displayed on the sign(s).

8 Images from this video surveillance

system are securely stored, where only a

limited number of authorised persons

may have access to them.

9 The recorded images will only be

retained long enough for any incident to

come to light (e.g. for a theft to be

noticed) and the incident to be

investigated.

10 Except for law enforcement bodies,

images will not be provided to third

parties.

11 The potential impact on individuals’

privacy has been identified and taken into

account in the use of the system.

12 The organisation knows how to respond

to individuals making requests for copies

of their own images. If unsure the

controller knows to seek advice from the

data protection authority as soon as such

a request is made.

13 Regular checks are carried out to ensure

that the system is working properly and

Page 35: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

produces appropriate quality images.

Page 36: on Videosurveillance syst… · Web viewwithin video surveillance systems. Table of content. 1. Introduction: Video cameras and data protection. 2. About this guidance paper. 3. Scope

Appendix B

Guiding principles for the deployment of video surveillance systems

1. Use of a video surveillance camera system must always be for a specified purpose which is in

pursuit of a legitimate aim and necessary to meet an identified pressing need.

2. The use of a video surveillance camera system must take into account its effect on individuals and

their privacy, with regular reviews to ensure its use remains justified.

3. There must be as much transparency in the use of a video surveillance camera system as possible,

including a published contact point for access to information and complaints.

4. There must be clear responsibility and accountability for all video surveillance camera system

activities including images and information collected, held and used.

5. Clear rules, policies and procedures must be in place before a video surveillance camera system is

used, and these must be communicated to all who need to comply with them.

6. No more images and information should be stored than that which is strictly required for the stated

purpose of a video surveillance camera system, and such images and information should be deleted

once their purposes have been discharged.

7. Access to retained images and information should be restricted and there must be clearly defined

rules on who can gain access and for what purpose such access is granted; the disclosure of images

and information should only take place when it is necessary for such a purpose or for law

enforcement purposes.

8. Video surveillance camera system operators should consider any approved operational, technical and

competency standards relevant to a system and its purpose and work to meet and maintain those

standards.

9. Video surveillance camera system images and information should be subject to appropriate security

measures to prevent unauthorised access and use.

10. There should be effective review and audit mechanisms to ensure legal requirements, policies and

standards are complied with in practice, and regular reports should be published.