Data Protection in Scotland is governed by the Data Protection Act 2018 (DPA). DPA is the UK’s implementation of the General Data Protection Regulation (GDPR).
Article 5 of the GDPR sets out seven key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Article 6 of the GDPR outlines the lawfulness of processing personal data. Processing shall only be lawful if at least one of the following applies:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
However, it can be problematic to obtain consent from individuals for processing their personal data in public spaces. Therefore, it is likely the appropriate lawful basis when using home security systems would be either (e) public interest or (f) legitimate interests.
These surveillance systems provide high-definition images and videos, and most allow the owner to post footage online or share in real time. Whilst modern surveillance systems can be an asset for home security, it is important to recognise that these systems can be considered intrusive and should be operated in such a way that complies with GDPR. Fitting these systems at your home may impact on the private lives of other individuals and may place copious amounts of people under surveillance as they go about their day-to-day life.
If you own a CCTV system at your private domestic property, you must ensure that your home security system complies with the laws and regulations set out in DPA and GDPR. Domestic private property is defined as any residential dwelling not used for commercial purposes. GDPR and DPA will apply if you record video footage and images of places beyond the boundaries of your residential property. GDPR requires all home security systems to be responsible and diligent while using their systems to limit the intrusion into others’ privacy.
Non-compliance may result in the Information Commissioner’s Office (ICO) pursuing legal action against you. The ICO is the UK’s independent regulator for data protection and information rights. Whilst the regulations which govern data in Scotland are UK wide, Scotland has its own Information Commissioner who regulates the Freedom for Information (Scotland) Act.
DPA requires all home security system owners to maintain their CCTV system regularly to ensure consistent compliance with GDPR and DPA regulations. Owners must also register themselves with the ICO if they wish to operate their CCTV outside of their personal property. For example, DPA stipulates that accurate date and time must be set on the systems and footage should be deleted as soon as it is no longer required, preferably within 31 days. The DPA also instructs the disabling of audio recording on home CCTV systems. The law highly discourages that as it is a major invasion of privacy.
In conclusion, the legal framework which surrounds home security systems strongly protects people’s privacy. It demands transparency from owners that intend to extend their coverage and requires CCTV owners not to use these systems for any other reason than that of security. It is important that CCTV owners remain compliant with DPA and GDPR to avoid legal action from the ICO. These matters can be somewhat complex, however our dedicated team of litigation specialists are well prepared to skillfully handle a wide range of disputes through expert negotiation and clear, personalised advice tailored to your unique circumstances. In cases where court intervention is necessary, we take a proactive and resolute approach, ensuring fast and effective solutions. We understand that litigation can be a daunting process, so we go the extra mile to simplify the process and guide you through each step in easy-to-understand language. We invite you to reach out to us today on 0141 221 1919.
