ICAEW.com works better with JavaScript enabled.

Case law: Neighbour's CCTV and audio equipment breached data protection law

Property owners and occupiers who install CCTV and/or audio recording equipment must comply with data protection laws or risk significant penalties, especially if their equipment monitors 'public space' outside their property, a ruling makes clear.

Legal Alert

This update was published in Legal Alert - March 2017

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

Two neighbours fell out, and one had installed both CCTV and audio recording equipment. She had set her CCTV to monitor the entrance to the other's property and parts of their garden, and the audio equipment so she could eavesdrop on conversations in her neighbour's garden and, potentially, inside her neighbour's property. She was recording both images and sound for 24 hours a day, and the system automatically retained recordings for five days.

She did not give the other party notice or consult with him about installing her system, or tell him the extent of its coverage. There was no signage alerting her neighbour's visitors that their actions and speech were being recorded. However, the neighbour could see where her cameras were pointed and he and his family and visitors were unable to properly enjoy their garden knowing they were being recorded. When he first asked for copies of the recordings the second neighbour refused.

Under UK data protection law, an individual can ask a 'data controller' (a person responsible for deciding how personal data held on them will be 'processed', ie. stored, etc) to see and have copies of the personal data held on them, and must be told how it is being processed and who is entitled to see it. There are also rules requiring data controllers to register with the Information Commissioner's Office (ICO).

The court ruled that the second neighbour had breached data protection law:

  • she had not registered as a 'data controller' until two years after installing the CCTV;
  • she had not processed her neighbour's personal data fairly and lawfully, her actions were 'extravagant, highly intrusive and not limited in any way' and their effect on her neighbour was 'profound and destructive';
  • her justification that the CCTV and audio equipment were pointing at her neighbour's property so she would have a record if the dispute erupted into an argument was not an adequate justification;
  • she had kept the recorded data longer than necessary.

There is an exemption from data protection law if personal data is only being processed for purely personal or household activity, but that did not apply in this case because the monitoring was of a 'public space' (a place outside the boundaries of the second neighbour's property), and it had not been justified.

She was also in breach of recommendations in the ICO's Code of Practice, In the picture: A data protection code of practice for surveillance cameras and personal information.

The court awarded the first neighbour compensation of around £17,000.

Operative date

  • Now

Recommendation

  • Property owners and occupiers who install CCTV and/or audio recording equipment should:
    • ensure they comply with data protection law and the ICO Code of Practice or risk significant penalties, especially if they are monitoring any 'public space' outside their property
    • check the ICO's Code of Practice

Case ref: Woolley & Woolley v Akbar or Akram [2017] SC EDIN 7

Disclaimer: This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.