The case of Rynes v Urad was a Czech case which referred a point of interpretation in relation to the Data Protection Directive and the use of CCTV cameras to the European Court of Justice (ECJ)
Mr Rynes installed CCTV cameras as a result of numerous attacks on his property. The CCTV covered the entrance of his home, a public footpath and the neighbour’s house opposite his property. On one occasion, Mr Rynes property was attacked and the CCTV captured the identity of the attackers. The CCTV recording was provided to the police for prosecution purposes.
One of the attackers raised the question with the Czech Office for Personal Data Protection as to whether the use of the CCTV data was lawful as it recorded personal data of him on a public footpath which he had not consented to. The Czech Office found that Mr Rynes use of the CCTV was unlawful in accordance with the Data Protection Directive (Directive) and he was fined.
Mr Rynes appealed to theSupreme Administrative Courtarguing that his use of the CCTV fell within the ‘domestic’ exception provided by the Directive, namely that the recording was made by a natural person ‘in the course of purely personal or household activities’. TheSupreme Administrative Courtturned to the ECJ to give a preliminary ruling on the issue.
The ECJ ruled that a domestic CCTV installed for the protection of the property, health and life of the installer and his family which also monitors a public space does not fall within the ‘domestic’ exception and the obligations set out in the Directive would apply to the data controller. The ECJ briefly referred to point that the processing of data (e.g. by CCTV) could be lawful if the data controller had a ‘legitimate interest’ but this interest would be balanced against the privacy and data protection rights of the data subject.
What does this mean for you?
The ECJ’s narrow application of the ‘domestic’ exception may have a significant impact as to how we use CCTV in the UKand so extra care should be taken.
The UK Information Commissioner’s Office (ICO), which is responsible for regulating compliance with information rights and data protection laws in theUK, will review the position in light of the ECJ ruling and may update its code of practice or provide supplementary guidance on the use of CCTV.
The code of practice for CCTV and other types of surveillance cameras was last updated by the ICO in October 2014 and reflects the wider regulatory measures that are in place to encourage good use of CCTV. These include the obligations laid out in the Protection of Freedoms Act 2012 (POFA) and the Surveillance Camera Code of Practice (issued under the POFA 2012) as well as the Data Protection Act 1998. If you use CCTV or other surveillance technologies (such as automatic number plate recognition and body worn video) it is vital that you review the updated code of practice which can be found at: https://ico.org.uk/media/for-organisations/documents/1542/cctv-code-of-practice.pdf as it provides best practice guidelines on the use of such systems.