#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 14°C Thursday 7 July 2022

'Big rise' in complaints about domestic CCTV cameras, Data Protection Commissioner says

Helen Dixon said domestic CCTV is “an issue that really bothers people”.

Image: Shutterstock/Kolomenskaya Kseniya

THERE HAS BEEN a “big rise” in the number of complaints relating to CCTV cameras outside peoples’ homes, the Data Protection Commissioner has said.

Helen Dixon told TheJournal.ie in an interview that domestic CCTV is “an issue that really bothers people”. 

“We’ve seen a big rise in complaints from individuals whose neighbours have installed CCTV cameras that are trained beyond the perimeter of the neighbour’s home,” Dixon said. 

And of course, that’s not permitted in data protection terms. The cameras should be trained within the perimeter of your own home.

She said if they are trained beyond this, people acquire “the full obligations of a data controller”. 

If a CCTV camera is used solely by the people living in the home and doesn’t capture a public space or a neighbour’s property, it isn’t subject to these obligations. 

However, if a person publishes their footage online or share it on social media they may be subject to the obligations of a data controller. 

Any person or organisation that collects and processes peoples’ personal data is considered a data controller, according to the DPC.

The ‘personal data’ in this instance is a video recording in which people can be identified. 

Asked about other common complaints her office has dealt with in recent months, Dixon said there had been a lot of contacts from employees “feeling that they’re being monitored electronically” by their employers. 

“Often there are much broader issues in the dispute, but what comes to us is using CCTV in disciplinary processes, introducing turnstile tracking systems and then using the clock-in clock-out information in disciplinary processes and monitoring of employees through electronic means.”

Dixon said the DPC this year wants to “give clearer guidance” on any confusion about what constitutes a breach of data protection law in these instances. 

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Twitter fine

On 15 December, the DPC imposed a €450,000 fine on Twitter in a landmark ruling over a violation of EU data privacy rules.

The ruling related to an incident publicly disclosed in early 2019 where a security glitch had made some users’ private tweets public, and Twitter failed to send a breach notification to the DPC within 72 hours of its discovery, as is required under GDPR.

It was the first major fine issued by the regulator to a US tech giant for a breach of GDPR. 

Dixon said the legal analysis behind this case was “much more significant” than the fine itself. 

“I think what will truly deter and guide organisations to not falling into the same issues as Twitter did, is by reading the legal analysis in the decision, just as much as the fine will act as a deterrent.

A lot of people commenting on it appear to have misunderstood that the significance of that Twitter decision is the fine and of course, it’s not particularly.

“The fine is just an end result of the much more significant legal analysis and infringements that are in the decision.”

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel