The European Union’s General Data Protection Regulation (GDPR), which comes into force next May, will require a wholesale reassessment of data protection for the UK’s 5.9 million CCTV cameras, which to date have benefited from relatively light touch regulation. In tandem, the GDPR will enable the sector to enhance its public image and create opportunities for new valued-added services. That’s according to a White Paper from cloud-based video surveillance company Cloudview.
Cloudview asked Andrew Charlesworth, Reader in IT Law at the University of Bristol, to examine the impact of the changing nature of data privacy regulation on the CCTV industry. The resulting White Paper, entitled Watching The Watchers, shows how changing technology has altered both the data protection environment and public perceptions of what’s acceptable to protect their privacy, and goes on to explain how it creates opportunities for providers to offer enhanced value services.
As stated, there are almost six million CCTV cameras surveilling the UK’s homes, schools, businesses and public spaces, all of which will come under the jurisdiction of the GDPR. The White Paper points out that UK regulation has been relatively light touch until now, using recent court cases* to show how current legislation has been applied. It explains the key changes that will be required as the GDPR changes the focus of data protection from a focus on compliance to one centred around accountability.
As the new regulation coincides with a transition to new IP and cloud-based CCTV systems, it creates both opportunities and risks.
“The GDPR places new demands on CCTV users, with any non-compliance putting them at risk of a significant fine,” said James Wickes, Cloudview’s CEO and co-founder. “However, they may be able to use the changes it requires in a positive way. The GDPR gives them an opportunity to tackle what’s often a negative image of people being watched by a third party and take the lead in demonstrating accountability and privacy protection. They will need to review and possibly change their privacy policies, but by using new technologies such as cloud they can meet the new regulations while improving data accessibility and opening up new applications for visual data.”
Wickes continued: “Cloud allows selective and secure access to CCTV footage from any device by nominated employees. It also offers performance improvements such as making data more readily accessible, providing accurate date and time-stamping and providing constant updates on camera status such that any technical problems can be rectified immediately. It’s up to the industry to use the GDPR as an opportunity to rethink the way in which visual data is stored, how it’s secured and, ultimately, how it can be used to better effect as a business tool rather than purely as a security system.”
*Until recently, the courts had held that damages could only be awarded where a data subject had suffered monetary loss, but in the case of Vidal-Hall v Google Inc (2015), the Court of Appeal ruled that damages could be awarded solely for distress. This is aside from any damages that might now be claimed for breach of private information (Peck v UK, 2003). In the court case of Woolley v Akbar (2017) involving a dispute between two householders, Akbar’s breaches cost her over £17,000 in damages for distress caused to Woolley for breaches of data protection rights. Further details are provided in the White Paper
**The White Paper can be downloaded here: http://www.cloudview.co/whitepapers/watchingthewatchers