« Chancellor Gordon Brown further extends his financial snooping powers | Main | A couple of good opinion pieces in media »

Parliamentary Written Answer about "privately-owned closed circuit television systems" and data protection

David Drew MP for Stroud (Labour) has asked the Department for Constitutional Affairs a Parliamentary Question about private CCTV surveillance

Parliamentary Written Answer 18th October 2006:


Mr. Drew: To ask the Minister of State, Department for Constitutional Affairs what status privately-owned closed circuit television systems have in relation to data protection; and what rights individuals filmed on public footpaths have to ask (a) to see and (b) to destroy video tape of themselves. [94795]

18 Oct 2006 : Column 1214W

Unfortunately, the Government's Written Answer gives a misleading impression, by neglecting to mention the role of the under resourced Office of the Information Commissioner:

Vera Baird: The Data Protection Act 1998 covers all processing of personal data by automatic means, including those close circuit television (CCTV) systems in public places, or on premises where members of the public may have access, where it is possible for the operator to identify distinct individuals from the film footage. The Act does not apply to CCTV filming purely within a private house/garden, but where the camera's field of operation extends beyond the private property, individuals caught on the film—where it is possible for the operator to distinctly identify them from the footage—have a right of access to the film under s7 of the Act. There is no automatic right to insist on destruction of the film, but individuals have a right, under s10 of the Act, to object to any processing likely to cause damage or distress where such damage or distress is, or would be, unwarranted and this could involve destruction, in appropriate circumstances.

This is a misleading Answer, because it gives the impression, that if, as we hear examples of cases every month, your neighbour buys one of the ever cheaper CCTV camera systems, and fits it at home, overlooking, say, his parked motor vehicle, but does not bother to consult with you or the other neighbours about the field of view of the camera, that you can do something about it legally.

We get examples every month where people really do object to not having been consuilted, especially where such CCTV systems take pictures of their comings and goings from their own properties, and / or which capture images of their children.

The Codes of Practice about the siting of CCTV systems by public authorities do call for such consultations, but they do not apply to private citizens, and they are not legally enforcable.

Under-secretary of State Vera Baird's weasel worded Answer neglects to mention that nobody apart from the Information Commissioner, has the power to prosecute anybody under the Data Protection Act 1998, so it is no use complaining to the Police or to the Local Council or trying for a private prosecution.

How many such Prosecutions are there by the Information Commissioner every year ?

There is a vast range of potential Data Privacy breaches, in all fields which the Information Commissioner is supposed to regulate, and given the fact that there is a deliberately curtailed enforcement budget i.e. even if the Information Commissioner wins a case in Court, and is awarded legal costs, the money goes back to the Treasury, and is not available to help prosecute the next case, then it should come as no surprise that the Information Commissioner brings only about a dozen prosecutions a year - that is for all data protection issues, not for CCTV at all.

So far as we know, they have never prosecuted a case involving CCTV data protection abuses under section 10 of the Act, as mentioned in the Government's Answer above. The Information Commissioner has certainly never ordered, nor got a Court to order, the destruction of any CCTV footage whatsoever.

The Information Commissioner has chosen to interpret the legal precedent of "Durant versus the Financial Services Authority" (.pdf), a case which has nothing to do with CCTV per se, in such a way, that they no longer requre small scale, unsophisticated CCTV systems, without Pan, Tilt, Zoom tracking capabilities, such as are likely to be installed at home, to be Registered on the Register of Data Controllers.

See the ICO 's Obligations towards CCTV systems web page.

Even if you do have such a sophisticated system, then simply patyng an annual fee of £35 and Registerng a "data use" in the Register of Data Controllers, is sufficient to invoke the "coach and horses" exemptions to the Data Protection Act e.g. typically "for the purposes of the detection or prevention of crime", This means that the major legislative weapon in the armoury of the Information Commissioner, is effectively useless in protecting the public from being snooped on by private CCTV cameras, or any other technology.

You cannot write to the "Data Controller" to serve them with a a "data subject access request" under Section 7 Right of access to personal data, or a "data subject notice" under Section 10 Right to prevent processing likely to cause damage or distress , if they are not offically on the Register of Data Controllers ! You can only complain to the Information Commissioner that the CCTV opeartor should be on this Register but is not, and, the Information Commissioner will then, effectively ignore you.

Remember also, that the Data Protection Act does not prevent a CCTV camera operator from taking the images of you or your children in the first place, and that the operator, not you, owns the Copyright of the images.

We seriously hope that someone can persuade their Local Authority to issue an Anti-Social Behavior Order on a truculent CCTV touting neighbour, but altough several people are considering this, there have, as yet, not been any successful applications.

What the Department for Consitutional Affairs should be doing, is publically consulting on a Privacy Act, which would cover CCTV and other snooping by private citizens and companies, and which would also require the Licensing of CCTV systems and Operators.

Such Licensing, would mean that there are fewer, but better run , properly maintained and less privacy abusive CCTV systems in the UK, which would waste less Police time in major investigations e,g, missing children, murder or terrorism cases etc, where the length of time needed to simply to find out if any there is any relevant CCTV coverage or not, and who to contact to get hold of a copy of it, would be drastically reduced.


With regards to CCTV-crazed neighbours:

Although citizens can't prosecute anyone under the DPA, you can still claim damages, performance and injunctive relief (i.e. have the cameras taken down) under the DPA. If the cameras are invading your right to a private life (suppose they're able to look into your garden) there may be a case under the HRA.

...if they're able to look into your windows, this might be of use.

@ Anonymong - only if you are rich enough to be able to take someone to the High Court - the Police and your Local Authority will not help you to do so.

Under the Sexual Offences Act section 57 Voyeurism it would have to be proven, beyond reasonable doubt, that the cameras were installed or were being used for "sexual gratification" and not for the usual excuses of "for the prevention or detection of crime".

Even the Building Regulations allow up to 16 external cameras, 4 per side of a building, each of a size about that of a microwave oven i.e. no modern CCTV cameras would ever fail to comply.

@ wtwu: You can do DPA performance stuff through the Small Claims Track so are protected from costs.

For practical purposes, perhaps contacting the police and invoking the Sexual Offences Act in a letter would get the cameras removed, especially if you have children (i.e. accuse them of being a paedophile).

Whatever the case: the fact my neighbour can lawfully point a cctv camera through my window is deeply offensive.

@ Anonymong - are there any examples of this in the Small Claims Court ? There was the case of the UK based email spammer who got taken to court for a nominal sum.

However, with small scale CCTV systems, which by virtue of "Durant verus the FSA" the Information Commissioner is not interested in Registering, then it is going to be hard to make any sort of claim against an unregistered Data Controller i.e. sending them a "data subject notice" and waiting 21 days for a reply, which they can then ignore.

If even rich and famous people have not managed to use the Small Claims Court against, say, paparazzi photographers, then it is unlikley that normal people will succeed either.

Remember that the Data Protection Act does not prevent images from being taken in the first place, it only deals with "personal data" afterwards, Not all CCTV images contain this data, so "taking down cameras" does not seem to come within its scope.

If your neighbour is a child molestor, then CCTV is the least of your problems regarding the safety of your children,

Making false accusations about someone and accusing them of being a child molestor, if they are not, is hardly the correct moral thing to do, and may well backfire legally on you for "wasting Police time" or, it may lead to an action for libel.

@wtwu: I'm not aware of any CCTV-related cases gone or going through small claims. I know of a few DPA performance cases going through small claims in relation to the DPA and financial data. It relates to banks charging 'penalty fees', with the bank customers serving s.7 notices to get their financial data (i.e. details of the charges).

At the data protection area of the Consumer Action Group folk regularly take cases through small claims when banks have failed to supply them with s. 7 disclosure requests. Related to this is a document from the ICO on how to take DPA performance matters to court.

I do not understand how the ICO, on the basis of the Durant case, can say CCTV cameras with 'pan and tilt' are covered by the DPA and those without these features are exempt. They used to say any CCTV system with a rewind button was covered.

re molesting, forgive me for not being clear enough. I'm not advocating people call their neighbours paedophiles but asking your neighbour why he/her insists on taking video footage of your young family would have an effect in the current climate. And with the Labour Partei's amendments to PACE, you could lawfully get your neighbour nicked with a sympathetic & overzealous police officer.


In unrelated matters, can you think of any reason why this job requires: "Police Vetting procedure to ‘anti terrorism level', the post holders will also be required to sign the Official Secrets Act."

@ Anonymong - the difference between Section 7 requests to Banks is that they are all Registered on the Register of Data Controllers, and small scale CCTV systems almost certainly are not.

How the Information Commissioner's Office works is a bit of a mystery, Why the ICO is taking this attitude over the Durant versus FSA case probably has as much to do with pragmatism caused by a lack of enforcement budget, as with any legal principles.

@ Anonymong - one reason why a CCTV employee of the Nottingham Council's Housing department would need to undergo

"Police Vetting procedure to ‘anti terrorism level', the post holders will also be required to sign the Official Secrets Act."

would be because they are to be granted access to the Police National Computer, and possibly other local Police intelligence databases.

It does seem that Nottingham Council already uses ther CCTV systems to look up vehicle license plates and to send penalty notices to the registered keeper's address, but not yet directly.

Press releases

Monday, October 16, 2006


On days when police are not enforcing the restrictions, CCTV footage is being used by Nottingham City Council to identify vehicles which are illegally entering the Turning Point zone. Letters are being sent to the registered owner / keeper of offending vehicles warning that if they are caught in the future committing an offence they risk being prosecuted. Their details are then being passed to Nottinghamshire Police.

Hoowever, perhaps they actually mean a Counter Terrorist Check (CTC) which used to involve checking against the MI5 Security Service and Police databases, and grading people according to whether they have an Irish grandmother, but perhaps, now, just the name Mohamed is enough to cause suspicion.

However, according to the Defence Vetting Agency, this lowest level of security clearance:

Counter Terrorist Check (CTC) is required for people who will be working in close proximity to public figures, or who will have access to information or material vulnerable to terrorist attack, or whose work involves unrestricted access to certain government or commercial establishments. A CTC does not allow access to, or knowledge or custody, of protectively marked assets and information.

So maybe it is just for when the Queen or the Prime Minister vist Nottingham, and the CCTV system is used to police the crowds.

Note that Nottingham Council specifically have a policy of only asking for an Criminal Records Bureau Enhanced Disclosure for people working with Children or Vulnerable adults, and such a check is not the same as a CTC, and does not appear to be required for these CCTV jobs.

Neither does there appear to a restriction on membership of the "BNP or similar organisation", which is clearly stated on the standard Nottinghamshire Police job application and vetting form.(.pdf)

Police jobs are exempt from the the ability not to declare "spent convictions" under the exemptions to the Rehabilitation of Offenders Act 1974, but Local Council jobs are not.

None of these bureaucratic checks are required for private citizens who operate their own CCTV spy cameras.

@wtwu: So if you want s.7 disclosure or an s.10 notice to prevent further collection of images, and the CCTV operator did not consider him/herself a data controller for the purposes of the DPA, you would have to first argue in court they were a data controller and go from there.

The chances of that being done on a small claims track are pretty small.

So the answer to the MP's question is:

"On the recommendations of the ICO, your constituents have no right to either see or destroy the data collected, nor can he/she ask for the camera to be taken down. They could take the camera operator to court, at great expense, but the chances of winning are slim given the ICO's interpretation of Durant. Your neighbour pointing a CCTV camera through your window is completely lawful provided they don't 'gratify' themselves over the collected footage"!!

Have you pointed this out in an email (drewd@parl....uk)?

Thanks for the info on CCTV.

@ Anonymong - just so.

Remember also that the CCTV camera operator owns the Copyright of all the images, and can stream them onto the internet if they want to.

Even more bizzarely, one does not need special planning permission to install up to 16 external CCTV cameras, but it is required to display even one CCTV Warning Sign, so the deterrent effect against casual criminals is almost non-existant.

CCTV "evidence" is almost never actually of any use for identification purposes in Court, where, for serious offences, it would be challenged by any comptent barrister e.g. does that grainy image of someone in a baseball cap and hoodie really identify the defendant beyond all rreasonable dooubt, or the usual lack of a tamperproof evidence trail (certainly for small scale cheap CCTV systems) would also be challenged. It is mostly used to get a suspect to confess to the crime when confronted.

There is also an unwarranted assumption on the part of home owners that the Police will actually bother to look at CCTV footage when "investigating" a minor crime such as vandalism or even burgalry.

"A case of Can't Cope TV - Police do not have time to analyse video of burgalry"

According to David Drew's TheyWorkForYou entry, he seems to be an experiemced Labour MP, but one who somestimes rebels against New Labour, who has asked an above average number of Parliamentary Questions, so he is probably not surprised by the weasel words from the Government.

It's a tricky issue. Before long I think we'll be living in a situation where everybody is watching everybody else. When I was writing my own camera surveillance software (http://sluggish.uni.cc/security/security.htm) I was well aware that such a system might be used for questionable purposes. For the stuff I was doing the resolution of the cameras was really too low to be able to recognise specific individuals, but probably in a few years webcams and IP cameras will have higher resolution and it will be possible.

I'm not too sure if it's 1st April but here's a story we are all surely interested in.


Oh, that we may dream of privacy once more.

Rochdale MBC installed a CCTV with remote wireless access that overlooked houses and their bedrooms in the suburb of Norden - this was done in total ignorance of the DPA Codes of Practice. Very tardily they erected the required warning notice.

Whilst they initially claimed they had consulted residents (which was untrue) , pressure through local councillors resulted in the removal of the camera a few months after installation.

2 years later the warning sign remains.

...oh crimes detected by the use of the camera ...Zero.

The postscript is, RMBC also installed in the same area, a Mosquito (TM) device to annoy youths which emitted irritating sound inaudible to adults. Again pressure applied by Local Councillors resulted in the fairly swift removal under Health and Safety Grounds.

Post a comment