Select an area of expertise to find out more about our experience.
Find out more about our barristers and business support teams here.
In a County Court decision by HHJ Clarke sitting in Oxford, the defendant was held liable for both harassment of one of his neighbours and breach of the Data Protection Act 2018 as a result of his various CCTV cameras, including Ring doorbell cameras. Damages are to be assessed.
It’s an interesting claim from a data protection perspective: the defendant asserted that the cameras were for the legitimate interest of security, but his case was pretty comprehensively rejected. The court found that he had misled the claimant about what the cameras recorded, which was not transparent. It also found that the recording and retaining video footage from the Ring doorbell camera was justified, but not audio recording – the capabilities of the camera meant it was likely to capture substantial audio recordings of individuals who were not even aware it was there, and this was not necessary for the claimant’s legitimate interests.
On one view, this is a careful judgment that neatly balances questions of personal privacy and the legitimate interest of security. It certainly doesn’t, as some media reports have suggested, mean that doorbell cameras are illegal – just that care needs to be taken given that their capabilities may outstrip what’s really required, and that there is honesty about their use. Of course, in this case the context was a finding that the recording of audio and images was part of a campaign of harassment by the defendant against the claimant, as well as findings that the defendant’s evidence was in multiple places ‘dishonest, exaggerated or otherwise incredible.’ Those are not promising starting points for an argument that his use of CCTV systems was in accordance with the Data Protection Act 2018/UK GDPR (which, it should be noted, appears to have been applied notwithstanding that it was the EU GDPR which was in force at the material times…). But the point does not appear to have been taken that home CCTV systems are processing ‘by a natural person in the course of a purely personal or household activity’ and therefore, by Art 2(2)(c), outside the GDPR’s scope. Rynes v Urad in the CJEU (case C-212/13, 11 December 2014) held that home surveillance does not fall within this exception if it also monitors a public space. But this pre-dates GDPR, and perhaps the point is ripe for re-visiting – not least in the light of the (also pre-GDPR) comments of the Court of Appeal in Ittihadieh v 5-11 Cheyne Gardens RTM on the need to balance public and private interests when applying this provision, the wording of recital 18 GDPR, and the apparent inconsistency between being able to share pictures on social media of strangers on the beach, but not to record them on your doorstep.
(with thanks to Greg Callus for some of the thoughts in this article)
A monthly data protection bulletin from the barristers at 5 Essex Chambers
The Data Brief is edited by Francesca Whitelaw KC, Aaron Moss and John Goss, barristers at 5 Essex Chambers, with contributions from the whole information law, data protection and AI Team.