This area is monitored by CCTV cameras

In a fast-moving world where technology has taken centre stage, video-surveillance cameras are all over the place. You walk into a public building, into a bank, wait in a queue or even stand in the street and you see cameras trained all over you. And,...

In a fast-moving world where technology has taken centre stage, video-surveillance cameras are all over the place. You walk into a public building, into a bank, wait in a queue or even stand in the street and you see cameras trained all over you. And, yet, security threats do not seem to be getting any lower.

So are all these cameras truly necessary? Who operates them? Who gets to see you? Are your images recorded and are they transferred to anyone else? Should you be informed that you are being seen? And can security cameras at work be used to check your performance?

Many of you have often approached me with these questions and concerns over closed-circuit-television systems, or CCTV. Now, whereas CCTVs have become commonplace, this does not mean you have no right to privacy.

Earlier this year, the European Data Protection Supervisor published a set of video-surveillance guidelines on how EU institutions and agencies should deal with video surveillance in public buildings. Although the guidelines are not legally binding, they set high standards and constitute an authoritative interpretation of EU law. It is, therefore, wise to take them well into account.

The guidelines generally apply to security cameras used in or around public buildings to monitor designated areas and which can obtain personal data, including facial images or even number plates. Even before installing security cameras, people’s privacy should be taken into account and an impact assessment may be necessary to establish why a CCTV system is necessary and whether other systems that are less intrusive may be used.

Thus, you should consider a system where there have been instances of, for example, unauthorised physical access, theft of personal belongings, car break-ins and physical attacks. But one should not install cameras in the communal kitchen at work simply to detect those who help themselves to food left in the fridge by others.

Moreover, privacy-friendly technology that allows encryption and scrambling of images should be preferred. And consultation with stakeholders is also recommended, including with workers’ representatives and, for instance, with parents whose children attend childcare facilities in the building.

Once the system has been installed, the guidelines list a number of dos and don’ts regarding its operation. Here are some of them:

Firstly, cameras installed for security purposes should not be used to check on employees, such as for how well they perform or if they arrived on time. Nor should cameras be used to continuously monitor the cashier at a cash point as this would go beyond the limits of proportionality. Such practices undermine trust at the workplace and performance can be gauged in less intrusive ways.

Secondly, one has to be careful on the positioning and configuration of cameras. Thus, for example, a camera that is installed on the building’s rooftop should not accidentally capture the terrace or, worse, the bedroom window, of an adjoining private property. Likewise, factors such as the number of cameras, the times of monitoring and the resolution and image quality are also important to consider from a privacy point of view.

Thirdly, the system may not be used to capture special categories of data that relate to the racial or ethnic origin, political opinions, religious beliefs, trade union membership and data concerning health or sexual inclination. Thus, a camera in a clinic waiting room or outside the office of the union’s representative is most certainly likely to breach the guidelines.

Fourthly, areas under “high expectations of privacy” should not be monitored. These include individual and open-plan offices, canteens, waiting rooms and, obviously, toilets, shower and changing rooms.

Fifthly, secret surveillance without the knowledge of whoever may be filmed should also be avoided because this is highly intrusive and is normally used to entrap people. Not only, but communications must be clearly displayed to inform everyone concerned that video surveillance in being used.

Sixthly, the data that is captured may not be stored for a long time. Except in cases where footage is required for specific investigations, the guidelines suggest retention periods ranging between just 48 hours and one week. After that, footage must be erased.

Finally, only a small number of clearly identified individuals may have access to images captured on film and only on a “need-to-know” basis and not simply out of curiosity. Likewise, the transfer of captured footage to third parties may only be done in very limited cases.

The personnel who may view, operate, copy, download, delete or alter footage must be specifically trained for the purpose. This is particularly relevant when security operations are outsourced to security companies since, ultimately, the data protection responsibility remains with the entity responsible for the building.

A copy of the EDPS video-surveillance guidelines can be ob­tained by clicking at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Supervision/Guidelines/10-03-17_Video/surveillance_Guidelines_EN.pdf .

www.simonbusuttil.eu

Dr Busuttil is a Nationalist member of the European Parliament.

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.