Body Worn Video Steering Group
The latest issue of Privacy This Week recently reviewed the UK Information Commissioner’s Office (ICO) issued update to its
code of practice (‘COP’), under the Data Protection Act 1998 covering the use of CCTV. The new COP expands its coverage to the use of Automatic Number Place Recognition (ANPR), body worn video (BWV), unmanned aerial systems (UAS), and other systems that capture information of identifiable individuals or information relating to individuals.
Hazel Grant and Brian Davidson, Partner and Privacy & Information Advisor respectively at Fieldfisher, said,
“The COP is to be welcomed as it addresses the challenges presented by the rapid developments in surveillance technologies that have taken place since the original COP was produced back in 2000, particularly privacy challenges presented by drones […] Despite such new technologies, the code emphasises that organisations must still remember their obligations around more ‘traditional’ data protection concepts such as effective ‘notice’ on the use of such systems and being ready to fulfil subject access requests etc. This will require creative thinking by organisations as they grapple with how to handle these issues.”
According to the ICO, ‘Surveillance cameras are no longer a passive technology that only records and retains images, but is now a proactive one that can be used to identify people of interest and keep detailed records of people’s activities.’ The COP provides particular focus on BWV and UAS, noting that the use of such devices have a high potential for collateral intrusion by recording images of individuals unnecessarily. Consequently, the ICO reiterated the concepts of ‘proportionality’ and ‘necessity’ throughout.
“Despite such new technologies, the code emphasises that organisations must still remember their obligations around more ‘traditional’ data protection concepts.”
Sue Gold, Lawyer and Consultant at Osborne Clarke, says,
“It is certainly helpful that the guidance has been expanded to cover new technologies such as UAS and BWV. Of key interest are the comments concerning having technology which can easily be turned on and off including separating the use of audio from video. The ICO reminds developers that they should consider privacy in their design.”
The COP also discusses retention periods generally, advising that retention should reflect the organisation’s purposes for recording purposes. Gold added,
“This is always a difficult area although the examples are helpful. They are also a good reminder that just because the technology allows for a specific retention period that does not mean information has to be retained for that period and an assessment must be made.”
On the impact of the COP on organisations, Grant and Davidson concluded,
“Whilst developers and vendors of these new systems may not be ‘data controllers’, the COP strongly suggests that they should be aware of and build in data protection principles […] The COP identifies that extra focus is required from organisations when drafting and implementing data-sharing contracts, data retention policies and effective data security practices.”