Considerations for Camera Controllers

Whether installing a new security camera system, or inheriting an existing system, it is important to review and document the steps you take to comply with relevant regulations regarding privacy and data.

Disclaimer: The below editorial piece is intended to highlight some pertinent considerations when installing a Camera System in a Communal Garden. No information contained on this page should be considered Legal Advice. If in doubt, please seek Qualified Legal Advice.

Camera Systems and Data Protection

The use of Security Camera systems in public or workplace environments is subject to the UK General Data Protection Regulation (GDPR). Whilst these regulations broadly do not apply to domestic security camera systems on individual properties , it is widely assumed those exemptions do not apply to multi-residence facilities, including Communal Gardens.

Security Camera Systems in multi-residence environments should only be installed/operated in conjunction with an Information Commissioners Office Registration, and a written policy outlining how the system is used /governed.
Garden Committees are already likely to be processing personalinformation about keyholders / ratepayers (for example, validating votes /memberships at elections, pursuing delinquent ratepayers, validating newkeyholders), and therefore should consider registering with theInformation Commissioner’s Office regardless of whether they intend toinstall a Security Camera system or not.

ICO registration for Tier 1 firms (turnover under £640k and less than 10employees) costs £40 a year. It is the Data Controller, who oversees thedata protection policy, who needs to register – in most cases this will bethe Garden Committee. The Data Controller is also responsible forensuring any Data Processors (those handling personal data) commit toabiding with the established policy (see below).

Justification

..for maintaining a Security Camera System, as means of deterring ortaking-action against culprits, with typical issues-for-tackling including:

  • Crime: Garden Squares are intended to be a safe and private spac efor the residents that maintain the Garden. However they are all too-often subject to criminal and anti-social behaviour, including trespass, breaking-and-entering, fly-tipping, and behaviours that outage public decency (defecating in public, etc).
  • Access Abuse: Garden Squares rely on those with access to the Garden covering a fair proportion of those costs. Though as wecover in our
    Access Abuse section, it is all too easy for the keys/fobsused by the majority of Gardens to be copied/cloned, allowing unauthorised users to gain access without paying for the privilege, undermining the entire model by which garden is maintained/paid-for.
  • Rules Breaches: The majority of Garden Squares are governed according to a contract that will in some cases, contain its own rules, and in almost all cases, authorise the Garden’s Management, to set Rules / Bye-Laws to maintain a pleasant environment for all residents. Garden Committees are expected to enforce these rules consistently across all residents, as failure to do so benefits the rule flouters, to the detriment of the rule followers.
  • Insurance Invalidation: incidents like unauthorised events, unaccompanied access by non-keyholders, use of the garden by unaccompanied children, etc – might compromise or in the worst instances, invalidate, the Garden’s insurance policy.
  • Cost Effectiveness: Whilst there are alternatives ways to police the Garden (such as employing a security Guard, or 24/7 monitoring centre), the costs of such alternatives are disproportional to the annual budget of a Garden Square (typically under £100k/yr).

Any justification behind a system should be regularly reviewed, and wherepossible, evidenced.

Fairness

..of the Security System, which can be subdivided into:

  • Purpose Limitation: only capturing video and audio that is necessary for the justified purpose, typically including:
    • Cameras to be placed away from enjoyment areas of the Garden, and positioned/masked so not to capture Private Property
    • Audio Recording to be disabled in any location that may intrude on residents / neighbours privacy
    • Captured footage to be automatically deleted / overwritten after a reasonable amount of time
  • Storage Limitation:
    not storing the footage for longer than is necessary to meet the justified purpose.
  • Data Minimisation:
    including:
    • Not recording unnecessary footage (e.g. 24/7 recording of alocation likely to see only sporadic activity)
    • Only downloading / circulating footage where absolutelynecessary (to pursue a behavioural issue / criminalcomplaint)
    • Taking steps to make it easy to retrieve and delete anycirculated footage – e.g. sharing footage in a standaloneemail (separate to any email discussing the related incident)with a tag in the subject and body of the email, such as
      ###CCTV#Footage#Do#Not#Retain###
  • Removal-on-request:
    Those captured in footage are empoweredto request that the footage of them is removed/deleted. Unlessthere is specific need to retain the footage (such as apotential/ongoing legal/criminal matter) data controllers /processors should comply with such requests.
  • Consistent / Uniform Application
    – Camera Systems should wherever possible, encompass all residents consistently. Any deviation from this approach (e.g. covering only gate access, in a Garden where some users have Direct Access) should be clearly justified and communicated to all Garden Users, which brings us to the next section..

Transparency

..regarding the system, how it is controlled, operated, and ultimately used. Minimum expectations typically involve:

  • Messaging all Garden Users ahead-of or on the system beinginstalled explaining the policy for the cameras (Justification,Fairness, Transparency, Accountability)
  • Putting up adequate signage regarding the system, viewable by anyone who may be captured by the system – such signage must include details of how to contact the Data Controller for further details / a footage removal request (a link to a GDPR-minded sign has been provided on the prior image)

If your Garden operates a website, you might wish to publish a link to adedicated page on the website explaining your security camera policy.

Accountability

of “Data Processors”, i.e. the Committee Members with access to thesecurity footage, to handle the data responsibly:

  • Not to download / store footage from the system unless necessary
    for pursuing action (e.g. criminal complaint / rules enforcement breach), and in those instances, delete the footage at the satisfactory conclusion of the action. NB: Where the camera system detects behaviour that might evidence the ongoing justification of the camera system (e.g. overnight trespassers), the Data Controller and Data Processors might agree, on a case-by-case basis, to retain footage for a longer period (up to 7 years) to evidence the necessity of the system.
  • Not to share any captured footage other than with other established “Data Processors”
    , relevant authorities, or the individuals in question
  • To assist with deleting footage of individuals
    where one of said individuals asks for the footage to be removed

Responding to Challenges

It should be noted that as with any Rule or Policy with a Garden Square, the deployment of cameras is open to challenge. The primary protection against challenge is to have a robust policy that can be communicated transparently, combined with proactive engagement with any concerned resident.

Under a sustained objection to Cameras, Data Controllers should consider taking qualified legal advice, and whilst awaiting that advice, take precautionary measures such as:

  • Restricting access to the Camera Footage to a third-party /managing agent (only)
  • Temporarily disabling / removing the cameras

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts