Community CCTV schemes raise concerns over data protection

Fears about crime has seen huge growth in camera systems in rural towns

Under community CCTV schemes the local authority must agree to be the ‘data controller’. Photograph: Istock

Under community CCTV schemes the local authority must agree to be the ‘data controller’. Photograph: Istock

 

Community CCTV schemes, mostly funded by the Department of Justice, have expanded enormously in recent years, particularly in response to fears about crime in rural areas.

The formal community CCTV scheme funded by the Department of Justice made €1 million available for such schemes last year, with a similar budget expected for 2018 and 2019.

Under such schemes, the local authority must agree to be the “data controller”, which places a legal burden on an organisation because it is processing people’s personal information.

The Garda Commissioner may authorise the installation and operation of CCTV under such schemes for the “sole or primary purpose of securing public order and safety in public places”.

But newer CCTV cameras and connected systems can do much more than collect images for future use if a crime is committed – they can be linked to other systems and data, and they may capture detailed information about people’s lives and movements even where no crime is suspected.

Concerns were raised by privacy campaigners last year after a substantial CCTV system involving automatic number plate recognition (ANPR) cameras went live in the small village of Duleek in Co Meath. The scheme, involving more than a dozen hi-tech CCTV cameras, was more extensive than one in the village of Royston in the UK, previously found by the authorities there to have been illegal because of its scope.

Data protection

Meath County Council said this month it was reviewing and revising its existing data protection policies, in order to comply with the new EU data protection regulation.

It said that while the benefits of a CCTV scheme from a policing point of view were well known, the role of data controller could “be an onerous and costly burden on an organisation”.

Pending the completion of data protection impact assessments, and the outcome of the review of its CCTV policy, the council was not in a position to accept the role of data controller on new community-based CCTV schemes, it said.

The Garda Modernisation and Renewal Programme (MRP) published in 2016 includes plans for “expansion of the automated number plate recognition technology and its integration into the centralised storage system to allow for wider access and analysis”.

Policy review

An Garda Síochána has informed the Policing Authority that an internal committee is currently focused on four projects: the CCTV investigation process; centralised storage and analytics technology; live feeds; and body-worn cameras.

In November, the authority told The Irish Times it had been advised by An Garda Síochána in July 2016 that work on reviewing and revising a 2009 Garda policy document on CCTV was at an “advanced stage”.

It said it had requested any updated/new material in relation to CCTV as a result of the work being done on reviewing and revising Garda policy on the topic in May 2017.

“We received information in reply on the work being done in relation to the CCTV management strategy under the MRP. We recently have requested a further update specifically in relation to the 2009 policy document but, as of today, not received a response.”

As of last week, the authority said it had “no update” on the matter.