Tag: CCTV

CCTV and the Law

By Steve Morris[ File # csp0356261, License # 1228612 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / fintastique

The updated version of the Information Commissioner’s CCTV Code of Practice address the rising phenomena of surveillance technologies and methods. No longer are surveillance cameras passive image collectors, providing a resource for immediate use or historical evidence.

CCTV, ANPR, Body Worn Cameras, Aerial Drones, together with the associated analytical tools and software, are all technologies being used within many public and private sector organisations.

These technologies are invaluable for efficient and effective public protection as well as revenue collection and enforcement activities. Just one such example might be lone workers performing a caring function and for their safety, wearing audio and video recording equipment when they leave the safety of their own home. These persons then enter the private dwelling of a vulnerable person in need of assistance. In some instances the video and audio will be running throughout the whole of the attendance – often with a live feed to a control room. The benefits for the safety of the carer are clear, and the immediate response and advice by control room personnel is undoubtedly beneficial for the person requiring assistance. But this equipment is capturing images and conversation of an individual, and perhaps family and friends, within that person’s private home. The images and conversation, being witnessed by others many miles away is likely to be very intimate and private.

Does this vulnerable person or those responsible for them realise this is actually taking place?

Do they consent to it as a part of the provision of the service?

Before a public authority undertakes such activity it must conduct a privacy impact assessment, and perhaps obtain consent for the collection and processing of such information. Without such consideration – and a record of such assessment, then it might easily be argued that the organisation has not shown “Respect for the private life” in accordance with Article 8 of the European Convention on Human Rights, and the activity might be deemed to be unlawful – and indeed might be in breach of the Data Protection Act 1998. The Care Quality Commission has issued guidance on use of cameras in care homes.

The Surveillance Camera Commissioner, Tony Porter, pursuing compliance with a Code of Practice issued in accordance with the Protection of Freedoms Act has identified several aspects non-compliance when it comes to CCTV cameras:

  • Inadequate or non-existent privacy impact assessments
  • Equipment deployed with no respect or consideration for privacy or consideration for the benefit balanced with intrusion (proportionality)
  • Equipment in use not fit for purpose
  • Excessive use of surveillance
  • Removal of surveillance such as CCTV to reduce costs with little regard for the void left in relation to public safety and security

In a speech to the CCTV User Group, Mr Porter said budget cuts had led councils to decide to spend less on public space CCTV, meaning there was less money for staff training, poorer understanding of legal issues and a reduced service. He said councils could face greater scrutiny of their use of CCTV, including potential inspections and enforcement. Organisations should carry out annual reviews of their CCTV capacity but many failed to do so. He cited a West Midlands local authority which, upon review, reduced the number of ineffective cameras and saved £250,000 in the process.

Mr Porter, who has been in his post since March 2014, has written to council chief executives to remind them of the law and code of practice.

My latest series of one day CCTV law workshops examine the ‘surveillance landscape’ and the regulatory regime of the Information Commissioner, the Office of the Surveillance Commissioner, and the Surveillance Camera Commissioner. Attendees will be able to identify which regime(s) and codes of practice apply to their surveillance activity, and how to manage efficient, effective and lawful surveillance systems.

Steve Morris is an ex police officer and one of our expert surveillance law trainers. His CCTV law workshops take place in Manchester and London in October.

CCTV Surveillance: Getting It Right

Steve Morris writes…

“I keep six honest serving men, they taught me all I know, their names are what, why, when, how, where and who…”

“I know a person small, she keeps ten million serving-men who get no rest at all! – One million how’s, two million where’s, and seven million whys!”

Rudyard Kipling 1902

Well it’s 2015 and we have an estimated 6 million (give or take a million or so!) surveillance cameras within the UK regulated sector, and that does not include those installed by private individuals. Cameras are no longer stuck on the end of poles recording peoples’ movements. They are worn by officials, installed on public transport and can even predict peoples’ behaviour.

Image technology has advanced tremendously in recent years. Data captured by CCTV systems is often automatically interacting with other databases with the capability of providing very intrusive information about the private lives and activities of innocent individuals as well as offenders and those that pose a risk to society.

We are also going through economically difficult times. CCTV and other surveillance technology can be seen a cost effective answer to the resource problem. However, without careful planning and regular review, it can be a costly option that might in fact provide little or no benefit and/or land an organisation in trouble with the various regulators in this sector. The Information Commissioner’s Office (ICO) has taken enforcement action involving both number plate recognition systems and cameras  recording customers’ conversations in taxis.

The ICO is not the only regulator in this area. The Surveillance Camera Commissioner is tasked with raising awareness of the Surveillance Camera Code. Made pursuant to the Protection of Freedoms Act 2012 it governs the use of surveillance camera systems including CCTV and Automatic Number Plate Recognition (ANPR) operated by the police and councils in England and Wales.

The Office of the Surveillance Commissioner has oversight in relation to the covert surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000  (RIPA). This often involves the deployment of covert CCTV cameras. Recently Ibrahim Hasan alerted you to the revisions of the two RIPA codes of practice.

So why quote Rudyard Kipling’s poem from 1902?

The overall question revolves around whether a ‘scatter gun approach’ (obtaining lots of private data from lots of cameras) is actually a practical, cost effective use of resources. Furthermore is this approach a lawful, necessary and proportionate approach to addressing a ‘pressing social need’ or problem? Or would a smaller number of cameras providing images and data of the quality required, when it is required, be a better use of resources?

Compliance with the various codes and laws which govern CCTV, is easy if key questions are addressed at the outset:

  1. What is the pressing social need or lawful grounds for the CCTV surveillance activity? What type(s) of devices and system is appropriate? What personal data is going to be collected? What policies and processes should we have?
  2. Why do we need this surveillance in this place? Why is surveillance the option we have chosen?
  3. When should the system be capturing and recording information? When is it right to share this information?
  4. How will the system be managed? How much private information are we obtaining about individuals? How will we ensure it is kept secure?
  5. Where will the cameras be positioned? Where will we store the data?
  6. Who will we be watching? Who will have access to the collected information?

Looking for an opportunity to discuss these questions and many others, and to examine the regulatory requirements in relation to the decision making process? Attend one of my CCTV workshops and be brought right up to date with the latest laws, codes of practice and guidance.

Steve Morris is an ex police officer and one of our experts in surveillance law trainers.

Yet Another CCTV Code

picture camCCTV is a hot topic. Following complaints by Big Brother Watch, the ICO has taken enforcement action involving both number plate recognition cameras and cameras recording people’s conversations in taxis.

On 20th May 2014, the Information Commissioner’s Office (ICO) launched a consultation on a revised Code of Practice on CCTV. The previous version was published in 2008. On 15th October the ICO published the 44 page code of practice on surveillance cameras and personal information. Jonathan Bamford, Head of Strategic Liason at the ICO, states in his blog post launching the code:

“Today’s updated CCTV code is one that is truly fit for the times that we live in. The days of CCTV being limited to a video camera on a pole are long gone. Our new code reflects the latest advances in surveillance technologies and their implementation, while explaining the key data protection issues that those operating the equipment need to understand.”

There are no major changes in the code when compared with the previous version. The ICO once again emphasises fundamental Data Protection Act (DPA) principles e.g. informing people about the information being collected about them, keeping data collected secure and having effective retention and disposal schedules.

The new and emerging technologies section of the code covers the key surveillance technologies that the ICO believes will become increasingly popular in the years ahead. Jonathan Bamford says:

The days of CCTV being limited to a video camera on a pole are long gone. Our new code reflects the latest advances in surveillance technologies and their implementation, while explaining the key data protection issues that those operating the equipment need to understand.”[A1]

The code emphasises the importance of conducting a privacy impact assessment before undertaking surveillance using CCTV, especially when fitted to drones e.g. broadcasters seeking to gather footage for production purposes, police forces conducting surveillance on suspects, or construction companies monitoring job progress. Concerns have been expressed about the legal use of drones. The BBC reports, “Drones which could seriously injure or kill are being flown over cities and towns across England, despite laws designed to protect the public.” The code refers to drones as ‘unmanned aerial vehicle’ (UAV) and the overarching systems in which UAV’s are used as ‘unmanned aerial systems’ (UAS). Key points include:

· Organisations should ensure there is an on/off button for recording in UAS’ and have “strong justification” for continuously recording via the system.

· Continuous recording must be both “necessary and proportionate” for the purpose the business is pursuing.

· The Fair Processing Code under Principle 1 of the DPA must be complied with. Website notices, social media, highly visible clothing and signage telling the public about the use of drones for filming in the area can help to do this.

Many councils now use body worn cameras to, amongst other things, help deal with combating anti-social behaviour or to help gather evidence for parking enforcement. These small inconspicuous devices can record both sound and images. This can mean that they are capable of being much more intrusive than traditional town centre CCTV. The code states that the use of such cameras needs to be justified. Safeguards must be put in place to ensure they are only used when needed. Strong security is essential in case the devices fall into the wrong hands. The code identifies other practical steps to help users of these devices stay on the right side of the law.

The new ICO code is said to complement the Surveillance Camera Code (PoFA code) which came into force last year. Made pursuant to the Protection of Freedoms Act 2012 (PoFA) the latter governs the use of surveillance camera systems including CCTV and Automatic Number Plate Recognition (ANPR).

The ICO code applies to all data controllers (public and privacy sector) throughout the UK but the PoFA code currently only applies, in the main, to local authorities and policing authorities in England and Wales. The Scottish Government has produced its CCTV Strategy for Scotland. The strategy provides a common set of principles that operators of public space CCTV systems in Scotland must follow. The principles aim to ensure that these systems are operated fairly and lawfully and are using technologies compatible with the DPA.

As regards the legal effects of the PoFA Code:

“A failure on the part of any person to act in accordance with any provision of this code does not of itself make that person liable to criminal or civil proceedings. This code is, however, admissible in evidence in criminal or civil proceedings, and a court or tribunal may take into account a failure by a relevant authority to have regard to the code in determining a question in any such proceedings” (paragraph 1.16).

The Surveillance Camera Commissioner (SCC) has been appointed by the Home Secretary but has no enforcement or inspection powers unlike the ICO. He “should consider how best to ensure that relevant authorities are aware of their duty to have regard for the Code and how best to encourage its voluntary adoption by other operators of surveillance camera systems” (paragraph 5.3). The ICO says of its revised CCTV code:

“This code is consistent with the [Home Office] code and therefore following the guidance contained in this document will also help you comply with many of the principles in that code”.

It is essential that all CCTV operators, both in the public and private sector, read the new ICO code and revise their policies and procedures accordingly. Whilst the code is not legally binding, it will be taken into account by the Commissioner and the courts in deciding whether the DPA has been complied with.

Steve Morris will explain the new code and the wider law on CCTV surveillance in our full day workshop. Want a new practical qualification for the modern Data Protection Officer? Click here

 

NEW CCTV Code Consultation

CCTV MP900390153

On 20th May 2014, the Information Commissioner’s Office (ICO) launched a consultation on a revised Code of Practice on CCTV. This is intended to replace the current version, which was published in 2008, and aims to:

  • reflect the developments in existing technologies that have taken place in the last six years,
  • discuss the emergence of new surveillance technologies and the issues they present,
  • reflect further policy development in areas such as privacy impact assessments,
  • explain the impact that new case law has had on the area of surveillance systems
  • reflect the wider regulatory environment that exists when using surveillance systems.

Jonathan Bamford, Head of Strategic Liason at the ICO, states in his blog post that the revision covers “everything from automatic recognition of car number plates to flying drones” but emphasises that the underlying principles remain the same.

Since last Summer we have had two codes of practice on CCTV. The Surveillance Camera Code (PoFA code) came into force last year. Made pursuant to the Protection of Freedoms Act 2012 (PoFA) it governs governing the use of surveillance camera systems including CCTV and Automatic Number Plate Recognition (ANPR). The ICO code applies to all data controllers (public and privacy sector) but the PoFA code currently only applies, in the main, to local authorities and policing authorities. As regards its legal effects:

“A failure on the part of any person to act in accordance with any provision of this code does not of itself make that person liable to criminal or civil proceedings. This code is, however, admissible in evidence in criminal or civil proceedings, and a court or tribunal may take into account a failure by a relevant authority to have regard to the code in determining a question in any such proceedings” (paragraph 1.16).

The Surveillance Camera Commissioner (SCC) has been appointed by the Home Secretary but has no enforcement or inspection powers unlike the ICO. He “should consider how best to ensure that relevant authorities are aware of their duty to have regard for the Code and how best to encourage its voluntary adoption by other operators of surveillance camera systems” (paragraph 5.3). The ICO says of its revised CCTV code:

“This code is consistent with the [Home Office] code and therefore following the guidance contained in this document will also help you comply with many of the principles in that code”.

So why have two codes then? (Answers on a postcard or in the comment field below.) 

CCTV is a hot topic. Following complaints by Big Brother Watch, the ICO has taken enforcement action involving both number plate recognition and cameras recording people’s conversations in taxis. Big Brother Watch has welcomed the latest ICO consultation but has expressed concerns:

“We also remain concerned that, given that the responsibility for legally enforcing the Data Protection Act with regard to CCTV (apart from private cameras, which remain exempt) will remain with the ICO rather than the SCC, public confidence will not be helped if the process of making a complaint and action being taken is not straightforward. Equally, the situation of private cameras not being subject to regulation, with the only power available to the police to prosecute for harassment, is unsustainable as the number of people using them increases.”

The consultation runs until 1st July 2014.

Our full day CCTV workshop will explain the revised code and the wider law on CCTV surveillance in detail. Want a new practical qualification for the modern Data Protection Officer? Click here

Sat Nav Bad Day

In March 1998, High Court Judge Lord Justice Brown threw a claim out of court by the Police against a motorist who was caught using a Radar Detector. The Police claimed that under the Wireless Telegraphy Act of 1949, the motorist was illegally using the device. The Judge ruled that the Radar Detector did not actually receive any intelligible police information and that the Detector was only picking up the presence of radar and not any information within it. This case set a precedent and made the use of Radar Detectors legal in the UK. To over-rule this judgement, the Road Safety Act 2006 specifically bans the use of radar and laser detectors. Most drivers are happy with this situation. They know where cameras are because a fair processing notice is in place (to comply with principle 1 of the DPA) and this is usually a picture of an old fashioned camera recognised by millions. Even the mobile cameras that travel to different locations have their way of delivering an FPN although it is usually found on the web rather than in situ.

So we’re relatively happy. We know where all the speed cameras are and we see them in map books, on the net; We hear about mobile cameras on local radio and TV and we’re cool about it. We buy our TomToms and justify using them saying “it’s just an electronic version of publicly available database”. Then we go to France on holiday.

Since decree n°2012-3 was introduced on 3 January 2012 it has been illegal to be warned about the position of fixed or mobile speed cameras while you are driving in France. If your sat nav has this function and you continue to use the service, you risk a fine of up to €1500. Even if the device is switched off and not operational the possession of such witchcraft is the work of the devil. Ken Russell would have loved to have made a film about it. Good old data subjects from Blighty being thwarted by sneaky foreigners not even bothering to use Schedule 2 (6) just ignoring the rights of individuals and worse disapplying the Subject Information Provisions.

Initially this sounds quite tough. There have been discussions on the web, advice from motoring lobbys and horror stories of motorists having their boot searched by a bold gendarme emerging triumphantly from black plastic sacks of dirty washing with an old device and demanding instant payment of a fine. There is also the other view that the law is unenforceable; that Gendarmes cannot search for satnavs, cannot operate them if they see one as it is technically a computer and their common law powers don’t extend to interrogating them, they cannot check your smart phone for that app you downloaded for free…

The truth naturally lies in the middle. There’s been discussions between french satnav manufacturers and government (one french firm feared 2,000 job losses) and they’ve come up with a concept of danger zones. Instead of listing cameras they list danger zones where there may be a hazard (such as a level crossing or a school or where people might speed) and the satnav can issue a warning of the danger.

The french authorities meanwhile are pushing ahead with a programme of taking down existing signs warning of cameras; they are setting up new cameras and not telling drivers where they are and generally acting very french. Pah! I spit on your schedule 2 requirement.

Other solutions suggested in hyperspace include modifying your satnav camera POIs and labelling them lay bys. (or transport caffs); Registering your car in Lithuania; Buying your next satnav from France and specifying UK maps…(although we did hear that french spoken instructions interpret M25 as Monsieur Vingt Cinq) or exploring Germany which has excellent weissbier and many ancient castles.

Glossary.

A speed camera is un radar (pronounced rad – ah).
A satnav is a GPS (pronounced shay pay ess)
Zones of danger – zits noirs
Breathalyser is un alcooltest (did we forget to tell you that by law you must carry two of these in your car as well as a dayglo yellow vest for each passenger)

Useful phrases

  • Bordelle de merde, espece de radar
  • Fer cryin’ out loud a bloody speed camera
  • Est-ce qu’il y a une brasserie independante dans ce trou a rat, j’ai envie d’une biere?
  • Please direct me to a real ale pub if you have one in this dump of a town.
  • Va te faire cuire un oeuf, sale gendarme.
  • I don’t agree with you officer.

Bonnes Vacances!

Sort of Fair Processing Notice

Walking through Huddersfield the other day I caught this interesting example of a fair processing notice. It was a bus shelter. The actual notice was well above the normal range of vision. (Which reminds me of an old joke. What lies on its back eight feet up in the air.  Answer later.)

But how fair is this sign? Is it a fair processing notice informing data subjects that they might be being filmed? It has the magic acronym CCTV so there’s definitely a possibility that filming is taking place. But the other words seem to confuse the issue.

Anti-social behaviour is a crime. We’re not going to disagree with that are we? but it’s a statement of fact not really what’s needed on an FPN. You might as well say that Chelsea won the Champion’s League this year.

Plain Clothes Police Officers.  So how do we know they are Police Officers? Do they wear a carnation in their lapel or are they really operating covertly? This phrase means that everyone on the streets may be a police officer. Is this fair? Or if covert operations are being undertaken why do we say that plain clothes police officers are in place. Isn’t covert er… wait for it… covert? Does RIPA ring a bell?

Or CCTV in use.  Whoa let’s take a rain check.  Either it is in use or it isn’t. If it is you put up signs saying who’s doing it, why and contact details. If it’s not you don’t. Or maybe it’s secret filming. Donnnngggg. (That’s an alliteration denoting the tolling of the RIPA bell)

Finally your behaviour could be under observation. Back to the previous paragraph. Either it is or it isn’t. If it is for general crime prevention purposes then put up signs. If it’s a covert operation pre-authorise it through your SPOC and don’t bother with signs.

And to finish off 7 (count them) individual organisations contributed to this sort of fair processing notice including some very well known ones. So 7 data protection persons gave their opinion on the poster. No-one thought it was a bit naff.   Or maybe they didn’t ask the DP persons.

Take care in Huddersfield. They might be filming you (or not). Anyone at all could be a police officer. And Chelsea won the Champions League.

Ah yes the answer to the question.

What lies on its back eight feet up in the air. A dead spider.

Protection of Freedoms Act 2012

Protection of Freedoms Act 2012

 2012 CHAPTER 9

The Protection of Freedoms Act 2012 received Royal Assent on 1st May 2012. The Act contains a number of measures which, when brought into force, will have a major impact on public authorities especially councils. Amongst other things the Act:

Introduces a new code of practice for surveillance camera systems. This is in addition to the CCTV Code of Practice under the Data Protection Act 1998. There will also be a surveillance camera commissioner. Read our article on  the New CCTV Regime 

  • Extends the Freedom of Information Act by requiring datasets to be made available in a re-usable electronic format. Read our blog entry on how this can make you money. For details of an innovative use of a dataset click here
  • Provides for Magistrates’ approval of all surveillance activities by local authorities under RIPA. Read a full article on the changes.
  • Requires schools to obtain parents’ consent before processing children’s biometric information
  • Restrict the scope of the ‘vetting and barring’ scheme for protecting vulnerable groups and makes changes to the system of criminal records checks. Read our article

Ibrahim Hasan is doing a special online training session  on the new Act in June and July.

The Act will also:

  • bring in a new framework for police retention of fingerprints and DNA data
  • provide for a code of practice to cover officials’ powers of entry, with these powers being subject to review and repeal
  • outlaw wheel-clamping on private land
  • introduce a new regime for police stops and searches under the Terrorism Act 2000 and reduces the maximum pre-charge detention period under that Act from 28 to 14 days
  • enable those with convictions for consensual sexual relations between men aged 16 or over (which have since been decriminalised) to apply to have them disregarded

All our information and surveillance law courses will be updated to take account of the new Act. If you would like customised in house training on any aspects of the Act, please get in touch.

FPN & CCTV

Not sure why but when a normally rational DP officer is asked to produce a Fair Processing Notice for a CCTV camera they seem to lose track of reality and forget the basics. Name of Data Controller; purpose of processing, contact details.

Here’s a simple example.

Forgot almost everything and also made the mistake of telling people that they were using hidden cameras. Hidden engages RIPA. Easy mistake to make.

Another fine example of this on the right is a well known police force.

Clearly they thought about what to put on their sign but managed to get it spectacularly wrong.

And while the Act Now staff are abroad they also keep their eyes open for interesting signs. Souriez means Smile. We’ve seen versions of this in the UK.

And a colleague sent the following to me knowing I had a library of CCTV signs collected on my travels.

 

 

 

 

How we laughed… But then we realised… what do our CCTV signs look like? Is anyone snapping ours and showing them off as not actually very good…   Send us your signs.

CCTV and the Law Workshop – Watching You Watching Them More details – http://www.actnow.org.uk/courses/714