Resources

Case Studies CCTV

 

CCTV 2024

Domestic CCTV

During 2024, the DPC received 157 complaints from individuals regarding the use of recording devices, for example domestic CCTV systems and smart doorbells by private individuals to protect their homes and property.  

In examining these complaints, the DPC’s focus is whether the processing of personal data by these devices comes within the scope of the GDPR or not. This is because of the household exemption under Article 2(2) (c) of the GDPR, which applies where personal data is processed by a natural person in the course of a purely personal or household activity.  In the sphere of CCTV and smart doorbells, this would generally mean that as long as the images captured are within the perimeter of an individual’s own home and are only used for their personal purposes, the domestic exemption is likely to apply. However, where a device operates in such a way as to capture images of people outside the perimeter of a home (in public spaces or in neighbouring property), individuals are no longer able to avail of the domestic exemption. In those circumstances, either the camera operation must change the way the device captures images to limit this to only within their property or they must comply with data protection
law and their obligations as a data controller.

One complaint examined in 2024 by the DPC was from an individual against their neighbour alleging that the entire CCTV system, made up of multiple cameras, was capturing their personal data. The DPC contacted the camera operator who provided footage from the CCTV system. Upon examination of the footage provided to the DPC it was noted that a number of the cameras were capturing areas outside the perimeter of the operator’s own home and that the remaining cameras were dummy cameras.  The DPC engaged with the operator to bring the relevant devices into line with the domestic exemption. 

The complainant in this case remained dissatisfied and requested additional details from the DPC about the cameras. The DPC engaged further with the individual to advise that once the cameras were being operated within the parameters of the domestic exemption and/or were dummy cameras, that it could not provide further information.

More information on this subject matter of domestic CCTV can be found at: Domestic CCTV 

Key Takeaway

  • If you are operating a domestic CCTV system, you should ensure that it is not capturing public footpaths or roadways; under no circumstances should cameras be able to view the homes or gardens of neighbours. 
  • If the domestic exemption applies to the operation of domestic CCTV cameras, the operators are not deemed to be data controllers for the purposes of the GDPR and in such circumstances the DPC has no role to play. The DPC encourages individuals with concerns about a neighbours CCTV system to engage directly with the neighbour themselves in the first instance, so that a satisfactory resolution can be achieved. 
  • The nature of domestic CCTV systems, and their potential engagement of both the provisions of the GDPR and any possible exemptions from data protection law, requires that the DPC be cognisant of the particular circumstances of each individual case which  it handles. 
  • Where a domestic CCTV  system is being operated  in line with the household exemption the DPC will not disclose details of that system to a complainant, as the GDPR would not be engaged and any such disclosure may compromise the security of the domestic CCTV operator.