Cookie consent

This site uses cookies that need consent. Learn more

Skip to content
Facit Data Systems

CCTV and Privacy

CCTV and privacy. Security or Big Brother.
Are CCTV cameras an invasion of privacy? Explore the intricate balance between CCTV surveillance and personal privacy. Who uses CCTV and what are your rights?
Posted in: Articles, Compliance, CCTV

CCTV and Privacy

CCTV (Closed-Circuit Television) systems raise important questions about privacy.

On one hand, CCTV enhances security by deterring crime and providing evidence in investigations.

On the other hand, CCTV cameras can intrude on individuals' privacy, especially if they are used inappropriately or without proper oversight.

CCTV and privacy.

GDPR and CCTV privacy

The General Data Protection Regulation (GDPR) applies to CCTV systems because they record personal information.

GDPR defines personal information as any information that could identify a living individual, which includes visual images of their face and any identifying elements.

Audio data from CCTV systems is also subject to GDPR.

ICO guidance on CCTV and privacy

The information Commissioner’s Office (ICO) offers extensive guidance on video surveillance: Video surveillance (including guidance for organisations using CCTV).

The ICO focuses on how to help organisations to comply with GDPR, which is intended to protect people’s privacy rights. Notably:

The public must have confidence that the use of surveillance systems is lawful, fair, transparent and meets the other standards set in data protection law.

CCTV and privacy checklist

Here are key points to consider regarding CCTV and privacy.

  1. Purpose and justification
    The use of CCTV should be justified by a legitimate purpose, such as enhancing public safety or protecting property. The benefits should outweigh the potential invasion of privacy.

    Having a written record of the scope and nature of your CCTV system is essential.

    A typical CCTV policy will confirm standard matters, such as:

    • The location of cameras

    • The purpose of CCTV (such as crime prevention or staff safety)

    • The contact details of the person in charge of the CCTV system

    • CCTV footage storage practices

  2. Placement and coverage
    CCTV cameras should be strategically placed to maximise security while minimising intrusion into private spaces. Cameras should be placed to avoid areas where individuals have a reasonable expectation of privacy, such as bathrooms or changing rooms.

    Privacy regulations and the ICO require compelling reasons for CCTV camera placement and usage. The most common reasons are crime prevention and staff protection.

  3. Data storage and access
    Data collected by CCTV systems should be securely stored and accessed only by authorised personnel for legitimate purposes. There should be clear policies regarding who can access the footage and under what circumstances.

  4. Notice and consent
    In public spaces where CCTV is used, there should be clear signage notifying individuals of its presence. In some jurisdictions, obtaining consent may be required, especially in areas where individuals have a heightened expectation of privacy.

  5. Data retention and deletion
    There should be clear guidelines for the retention and deletion of CCTV footage. Retaining data for longer than necessary increases the risk of privacy breaches and misuse.

  6. Accountability and oversight
    There should be mechanisms in place to hold organisations accountable for the use of CCTV systems. This may include independent oversight bodies, audits, or transparency reports.

  7. Encryption and security
    CCTV systems should employ encryption and other security measures to protect the integrity and confidentiality of the data collected. Security measures help prevent unauthorised access and tampering.

  8. Public debate and consultation
    The deployment of CCTV systems should involve public debate and consultation to weigh the benefits against the potential impacts on privacy. Community input can help to shape policies and guidelines that strike an appropriate balance.

Ultimately, the use of CCTV should be guided by principles of proportionality, necessity and transparency to ensure that CCTV enhances security without infringing on individuals' privacy rights.

Is CCTV invading privacy?

Despite governance regulations, there many groups around the world that argue that CCTV represents a threat to people’s fundamental privacy rights.

For example, Big Brother Watch. Big Brother Watch’s recent news items have included:

  • Are you being monitored at work?

  • Police using facial recognition to target protesters: find out if you’re on a watchlist

  • Big Brother Watch’s complaint to the ICO on retailer facial recognition

Privacy campaigning groups argue that CCTV is used either indiscriminately or to further the objectives of the powerful and privileged.

Commercial and domestic CCTV systems

Historically, the majority of CCTV systems were operated by businesses and by public bodies such as highways agencies and local authorities.

Today, domestic CCTV systems are commonplace, for which the ICO provides domestic CCTV use guidance.

The ICO advises that people should try to point their CCTV cameras away from their neighbours’ homes and gardens, shared spaces and public streets.

As with commercial CCTV, people are expected to consider whether the level of intrusion is proportionate and whether cameras compromise the privacy of others.

If anyone is concerned about their privacy when someone uses domestic CCTV to record them, they can take action by contacting the person.

It is recommended to ask why someone is using CCTV and explain your concerns. Ask to see what is being recorded, as seeing an example of what the camera records may make alleviate your concerns.

However, if you feel that CCTV is not being used legitimately, if, for example, someone is filming children inappropriately, you should contact the police.

CCTV privacy technology

Facit works with CCTV operators to enable them to comply quickly and cost-effectively with privacy regulations such as GDPR.

Facit’s Identity Cloak enables CCTV operators to protect the privacy of all but the subject(s) of interest when the operator is required to share video footage with third parties. For example, when an organisation receives a subject access request.

Identity Cloak quickly and reliably redacts (masks) personally identifying information from video footage, such as faces and number plates.

Identity Cloak is essential privacy technology for CCTV operators that enables them to comply with GDPR comfortably within ICO deadlines.

The history of CCTV in the UK

Data Privacy vs Data Security

CCTV in the workplace