Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Facit Data Systems

A history of CCTV and the rise in data subject access requests since GDPR

Female security guard sitting in front of multiple screens, talking into a walkie talkie.
CCTV is a relatively new technology. Prior to recent times, it would have been impossible to incorporate video data subject access requests (DSARs) in legislation such as GDPR, which became law in May 2018. Early CCTV technologies were not sophisticated enough to allow operators to record events. In this blog we reflect on the evolution of CCTV and changing attitudes to stored personal data.

More people seek access to stored data

In one of law firm Dac Beachcroft’s lawcast podcasts, ‘Current trends in Data Subject Access Requests’, the presenters identify a 50% increase in DSARs between May 2018 and September 2020. In a previous blog post, Facit reported a comparable surge in DSARs relating to video data requests continuing into 2022.

People are initiating more and more personal data requests.

The advances in CCTV and data storage technologies that protect our lives collided with privacy rights issues to the extent that legislation became necessary and inevitable.

CCTV has become a part of our lives

CCTV cameras have become an accepted part of our lives. We see cameras on the underground, in shops, offices, museums and hospitals, on trains and in car parks.

In November 2020, it was reported that the number of CCTV cameras in the UK reached 5.2 million.

We are under constant surveillance. However, it was not long ago that CCTV was invented. It is the technical advances in recent decades and today’s ubiquitous surveillance that has stimulated heightened concerns about privacy.

When was CCTV first used in the UK?

Live video capture was first used in 1942 in Germany to monitor V-2 rockets. It wasn’t until 1949 that CCTV became available commercially, and soon after it was used in advanced security control by government contractors in the United States. CCTV arrived in the UK in 1960.

CCTV was not as sophisticated as it is today. No automated sensors, infrared cameras or temperature detection. Early CCTV was live monitoring streamed to monitors with no recording.

CCTV had a long way to evolve to become today’s real-time feeds through mobile devices and remote monitors; wireless installations with solar-powered batteries; and automated sensors for movement and breach detection.

The evolution of CCTV technology

Following the introduction of the first systems, engineers developed reel-to-reel recording. The systems could capture footage but still required continuous manual control by an operator to thread and swap tapes in the recorder.

Reel-to-reel was superseded by VCR in the 1970s. VCRs were relatively cheap to run and buy, were far more convenient to operate, and could run autonomously to allow footage review at a later time. Notable VCR drawbacks included the limited capacity of tapes; tape library storage space; and tape re-use that caused tape degradation.

The advent of multiplexing solutions in the late 1990s meant that multiple signals from multiple CCTV cameras could feed onto one monitor, which proved ideal for observing several areas at once. Multiplexing still relied on VCR recording, but it reduced physical storage requirements. If four CCTV cameras were streaming to one monitor, it cut the storage capacity required to a quarter.

CCTV camera in a busy restaurant.

The advent of digital CCTV

When digital technology became mainstream in the early 2000s, CCTV changed forever. DVRs (digital video recorders) were faster and had greater storage capacity, and provided better image quality. Multiplexers could be built into CCTV systems, which reduced installation times and simplified management.

Also, digital footage eliminates the need for tapes and is far more accessible. (Later, we’ll consider how and why storage of vast amounts of video has prompted more people to demand access.)

Pricing is also a significant factor as digital technology costs have tumbled over time. Today it is widely accessible and affordable for private homes as well as commercial enterprises and small businesses.

In 2022, innovations include NVRs (network video recorders) that incorporate video processing and encoding capacity within the camera itself, which means footage can be streamed for viewing or recording remotely.

How technological advances in CCTV stimulate privacy concerns

We’ve noted the huge growth in the number of CCTV cameras as well as the advances in their capabilities. Unsurprisingly, constant surveillance and the potential for misuse of video data has caused people around the world to become concerned about their privacy. In Hong Kong in 2019 protesters fought to stay anonymous and destroyed 900 CCTV cameras. In the UK, Big Brother Watch campaigns continuously against intrusion.

Widespread data collection is not going to stop. People will continue to protest against potential data misuse. And knowing that data is stored, people will increasingly ask for access to what is being stored.

Changes in people’s motivation and risks to data-holding organisations

In the Dac Beachcroft podcast, contributors suggest that the fact that post-GDPR DSARs involve no fee makes it easier for anyone to initiate a data request. They also point to the fact to that the motive for a DSAR is irrelevant; all requests have to be fulfilled by the data holder.

The contributors agree that there has been an increase in the strategic use of DSARs by employees (sometimes referred to as the ‘claimant’). A recent change in requestor behaviour reveals that people are not just making inquisitive data requests; the requests are backdrops to a grievance or the early stages of litigation.

The podcast contributors suggest that ICO fines are to some extent a ‘red herring’, and the greater risk to data-holders is in the cost of getting a DSAR wrong and the high cost of the subsequent litigation.

The more focused the DSAR, the easier it is to respond quickly and comprehensively. However, complex DSARs can involve requests for significant amounts of data held in various formats and locations, including archives. Data privacy processing can therefore cost tens of thousands of pounds, which makes it imperative to invest in DSAR protocols.

Conclusions: eliminate potential for DSAR errors and reduce admin burden

From the point of view of litigation, the risk of data being handed over that ought not to have been disclosed is potentially more costly than the imposition of fines.

The greatest risks of a DSAR are the administrative burdens, especially when data-holders do not have efficient resources in-house.

Facit’s video redaction solution, Identity Cloak, enables organisations to take full in-house control of video data privacy processing, to eliminate the risk of disclosing data unintentionally and reduce the costs of compliance admin.