There is (understandably!) a lot of confusion around the use of domestic CCTV, including the cameras fitted in ‘Ring’ doorbells and similar systems, especially when those cameras are used by social landlord tenants, which can be compounded when the footage is used as evidence in complaints.

News stories covering cases such as Fairhurst V Woodard in October 2021, can confuse matters further. So what are the facts?

In a nutshell, if an individual uses CCTV (in a Ring doorbell or otherwise) for purely personal or household reasons, the use of the CCTV is exempt from the (UK)GDPR and Data Protection Act.

So what makes the use of CCTV “purely personal or household”?

The main criteria is that the filming must only capture areas within the home’s own boundaries. This includes the front or back of the home, including doors, a driveway, garden, or garage.

What are the risks if domestic CCTV captures footage outside the home’s boundaries?

If the CCTV is capturing any footage outside of those boundaries though – such as the pavement or someone else’s driveway, home or garden, or common areas in flats – it stops being “purely personal or household”, and the use of the CCTV is no longer exempt from the data protection legislation. This means the person who owns the CCTV becomes a Data Controller under the (UK)GDPR, with all the responsibilities this brings to comply with the law.

What is the problem with being a Data Controller?

As any Data Protection Officer will tell you, there are a lot of legal obligations to get your head around and to comply with! Breaches of the law leave you open to being fined by the ICO (in theory, but there haven’t been many GDPR fines in the UK so far) but also leave you open to being sued by other people whose privacy you’ve infringed.

In the Fairhurst V Woodard case, Mr Woodard was ordered by the court to pay £100,000 damages to his neighbour Dr Fairhurst. She had found he had several cameras recording her garden and parking space, and the court agreed with Dr Fairhurst that Mr Woodard’s use of cameras breached data protection law and amounted to harassment. You can read the BBC article on the case here: https://www.bbc.co.uk/news/technology-58911296

Don’t let this scare you off using domestic CCTV or camera doorbells though – they can be a useful tool for your security, if used lawfully and securely.

The Fairhurst V Woodard case was a rare and extreme case; Mr Woodard’s cameras captured images of Dr Fairhurst’s house, almost the whole of her garden, and her parking space, plus the devices captured audio, which is even more invasive. The court also heard that Mr Woodard had continually failed to be honest with Dr Fairhurst about the devices, and that Dr Fairhurst eventually felt forced to move out of her home because of the invasion of her privacy.

In practice, many domestic CCTV systems will be filming pavements or a neighbour’s driveway, without it being on anyone’s radar or causing any problems. But if the footage is shared with the landlord to evidence alleged anti-social behaviour or misconduct by employees, people become aware of this overstepping of domestic CCTV rules, meaning it is firmly on the landlord’s radar, and could lead to complaints to the ICO, or even to court cases.

 

What action should Housing Associations take regarding tenants’ CCTV?

1) Review your CCTV Policy and your Adaptations Policy and include domestic CCTV guidance. You may want to require customers to obtain permission before mounting cameras (although be aware this could give the impression you’ll take action against unapproved cameras, which might not be practical – thanks to Janine Green for that tip). Or more likely you would allow customer to put up cameras without informing you.

2) Communicate with your customers and make advice on CCTV law readily available to them, so they are aware of how to use domestic CCTV within the law.

3) Review your ASB Policy and your Complaints Policy and check that they include guidance for colleagues who receive copies of domestic CCTV footage as evidence in an ASB case or a complaint. You can, and should, delete copies of any footage you don’t actually need as evidence. Only keep footage that you have a clear legal basis for storing and using.

4) Make sure you know how to handle Subject Access Requests (SARs) that include requests for CCTV footage, from your own cameras or a neighbour’s camera.

5) Download our FREE checklist for Domestic CCTV use, especially for Social Housing Providers.

If you have any questions about your policies and guidance, check out our upcoming training, drop us a line, or book in for a free 15-minute call. We can also help you review and update your policies.

We’re running SAR Training on 29th June 2022

We’re running CCTV Training on 12th October 2022

Any questions?

If you have any questions about CCTV or anything else related to personal data, book a free call!
Image of Clare Paterson - Caucasian female with long brown hair and wearing glasses

Author: Clare Paterson, CP Data Protection director

Clare draws on over 20 years of experience in risk management and quality assurance, including ten years in data protection, to provide clear and practical advice and training.

Don’t tell everyone (shh!) but Clare’s favourite sector is social housing, having worked in a large housing association for 12 years, although she loves to support all values-led organisations.

When EDI meets privacy

With National Inclusion Week 2022 coming to a close, what will your organisation continue to do to support inclusion in the workplace? Thoughts often turn to workshops, diversity champions, EDI statistics (Equality, Diversity & Inclusion), and so on. These require...

Social Housing Providers: Are you ready for the RSH TSM data collection?

The Regulator of Social Housing (RSH) recently published the final list of Tenant Satisfaction Measures (TSM) questions, that social housing providers have until April 2023 to get ready to start collecting data for - just over 6 months. I can imagine the stress and/or...

Why Data Purpose is Crucial – guest slot on “Get Data Done” on YouTube

Our Director & Consultant, Clare Paterson, was thrilled recently to be asked to join Phil Husbands of Truly Intelligent Business on their YouTube channel, Let's Get Data Done, to talk about why data purpose is crucial. After talking about why it's crucial for...

Customer insight in social housing: How to repurpose data safely & lawfully.

Customer insight Customer insight in the social housing sector is a key aim amongst many housing associations; we want to better understand our customers and better serve them. However, in a recent discussion about repurposing and combining data in the social housing...

Data Quality; how to ensure your data is good quality (1 min. video)

In under 60 secs we identify the 3 pillars of good quality data, to support your decision making and help you fulfil your organisation's purpose.

How to respond to SARs (& make SARs less stressful)

If you're anything like me, when I was working in-house doing Data Protection at a large Housing Association, you let out a sigh whenever a Subject Access Request (or SAR) hits your desk. Especially if it's taken a number of days, or even weeks, to get to you, leaving...

How to identify process-based risks in your DPIA; a checklist

In the last article about Data Protection Impact Assessments (DPIAs), we explored three techniques to help identify the ways people could be impacted by your planned processing, as part of the risk assessment part of a DPIA. In this article we'll look at the...

Data Protection Day – what’s it all about?

So every 28th January is Data Protection Day...but you would be forgiven for thinking "So what?" "What is 'Data Protection Day'?" Or "What is 'Privacy Day'?" as it's sometimes known. And "why is it important?" If you don't consider yourself as being in the data...

What is a DPIA? (Data Protection Impact Assessment)

Did you receive a text recently, apparently from the NHS, telling you that all adults need to receive the Covid booster? You might assume all the data related issues were worked through before the text was sent, perhaps in a Data Protection Impact Assessment (DPIA)....

RSH Sector Risk Profile 2021

Published in the month of Halloween, does the 2021 Sector Risk Profile from the Regulator of Social Housing contain any scary surprises? To be fair, as it's about risks, it's all pretty scary. But what does it say about data protection risks? One welcome surprise,...