CCTV and UK Law: The Legal Considerations

CCTV cameras. They’ve quickly become one of the most important security measures for home and business owners over the world. In fact, there are five million security cameras watching over the UK alone (BSIA), with an expected one camera for every 14 people - the highest number in Europe.

But, where any filming is taking place, there's an expectation for the privacy of those caught on camera. That’s not to say video surveillance of the public is illegal. It simply means guidelines must be followed to protect personal data.

Jump To

• What Is UK CCTV Law?
• Is it Legal to Use CCTV at Home?
• How Can I Use Home CCTV Responsibly?
• What Are the Rules and Regulations for Using CCTV in a UK Business?
• What Are the Consequences of Breaking CCTV Law?
• Final Thoughts

Whether in a home or business, as a CCTV operator it’s your job to legally manage any personal information that your system records. This can be a daunting task.

This blog will offer a 101 guide to CCTV law in the home and business environment. We’ll walk you through the thoughts needed to ensure your surveillance system is above-board and legally compliant.

What Is UK CCTV Law?

In the UK, the rules for private CCTV use fall under the Information Commissioner’s Office (ICO). It’s their mission to make sure that the nation's cameras comply with two key data protection laws: The General Data Protection Regulation (GDPR) and the Data Protection Act 1998 & 2018 (DPA).

Video footage and audio recordings of people count as personal data - that’s the bottom line. Recording this data is simply unavoidable for any CCTV system in a public setting. For this reason, The DPA and GDPR apply to every single camera in a public space or outside of private property.

These laws are designed to ensure CCTV systems are used responsibly, and with respect for privacy always in mind. They also give people the right to see the content that’s stored about them. Whether that be private documents or indeed video surveillance footage.

Under data protection law, CCTV footage must be:

• Processed fairly and lawfully
• Recorded for specific, outlined purposes
• Accurate and up to date 
• Kept for no longer than necessary
• Secured against accidental loss, destruction or damage
• Processed in line with the rights of the person

Failure to keep to the above rules may result in punishment from the ICO. This could include fines or legal proceedings by affected individuals. In short, you need to take care to ensure your system meets GDPR compliance and data standards.

Is it Legal to Use CCTV at Home?

Not all domestic CCTV systems need to comply with GDPR and DPA laws. These laws don’t apply to systems that only cover the homeowners’ property.

As long as the camera records footage within the boundary of your property - including front porches and back gardens - your system will be legally above-board and compliant.

However, when the cameras are in a position to record images beyond the property, the DPA and GDPR laws will apply. Think: such as a neighbour’s garden, public footpaths or the street outside. For example, if you have a camera which slightly captures another person’s private property, they may have the grounds to make a claim against you.

This doesn’t naturally mean you’re breaking the law. It simply means that you’ve become a data controller, so must comply with the legal requirements to protect that person and their privacy. This includes ensuring that your CCTV system is sufficiently protected against hackers.

Any CCTV camera that captures images beyond your own property needs to be justifiable. Off-the-cuff spying isn’t allowed by UK law. If questioned by the ICO, you’ll need to have a well-founded reason for doing this.

How Can I Use Home CCTV Responsibly?

Installing a CCTV camera on your property can cause tension with your neighbours. It’s generally good practice that you inform them of your plans before having the system installed. Though it’s equally important to understand your own rights.

A neighbour, visitor or member of the public has no right to stop you from installing a surveillance system or CCTV recording device on your property, unless they can show that their own privacy will be intruded on.

To make it easier to understand the data protection laws, the ICO has created a checklist for responsible CCTV use. Before installing a system on your property, you should ask yourself:

• Do I really need CCTV to protect my property?
• What areas do I want to monitor and why?
• Will my cameras intrude on neighbours’ property or any shared, public space?
• Is there a good reason to film outside of the property boundary?
• Do I need to record the images, or will a live feed do?
• Have I informed my neighbours of CCTV usage and considered their response?

CCTV systems are an excellent deterrent against trespassing and antisocial behaviour, and usually, the law simply comes down to camera positioning. As we’ve mentioned, with home CCTV law, it’s generally a case of respect for the privacy of those surrounding your home. 

With a professional installation, you’ll be better able to understand how cameras may be placed to offer full monitoring and coverage of your property... without filming neighbours or the public. This keeps your home both physically and legally secured. 

What Are the Rules and Regulations for Using CCTV in a UK Business?

Video surveillance in a business must always comply with GDPR and DPA laws.

Whether being used to record members of the public in a retail store or members of staff in an office block, people’s private data is always at stake in the work setting. There’s a reasonable expectation for privacy and camera identification.

As a rule, one person in the company should be responsible for storage, video reviews, maintenance and protection of your footage. Video footage of the public still counts as private data. Care must be taken to make sure it is protected from illegal access or unexplained loss. 

1. Register as a data controller and notify the ICO with an outlined purpose for CCTV surveillance in the workplace.
 
2. Notify employees that they’re being recorded through clear and visible signs in areas where surveillance is active. Signage should define: who is responsible for the video monitoring, why it’s being recorded and how individuals can access their footage. 
 
3. Ensure cameras are not installed in private areas of the building where there is an adequate expectation of privacy, like toilets or changing rooms. Failure to comply with this is a blatant breach of the Voyeurism Act 2019.
 
4. If an individual asks to see the recorded footage featuring them (a "Subject Access Request" or SAR) - be this customer or member of staff - businesses must comply with this request. This does not apply to footage that doesn’t feature the individual. 
 
5. Footage retention times are clearly outlined and identifiable. By law, video data should be kept no longer than absolutely necessary for use in legal proceedings, insurance claims or any other authorised, ICO-approved purpose. Irrelevant data should be regularly checked and cleared out. 

Discover more about commercial CCTV systems in our complete guide: Everything You Need to Consider About CCTV Systems. 

What Are the Consequences of Breaking UK CCTV Law?

Data privacy laws are taken very seriously by the ICO. Breach of these laws could result in fines of up to £500,000, or even criminal charges. 

In addition to legal punishment, breaching data privacy laws can also have a damaging impact on a business’ relationship with its staff and customers. If you installed a CCTV system without notifying members of staff, this could lead to reduced employee trust. 

Similarly, a lack of signing around monitoring zones may also tarnish the reputation of a business amongst customers and visitors. Essentially, it’s crucial that wherever CCTV is in shared spaces, this is recognised, displayed and obvious. Covert surveillance is generally seen as spying.

If your cameras are naturally intrusive or placed in areas where there is a reasonable expectation of privacy like a bathroom or changing room, you are infringing on the natural rights of your employees. Opening up the scope for even further legal action. In this scenario, they’ll be able to take you to court under the Human Rights Act 1998, Data Protection Act or even the Voyeurism Act.

Final Thoughts

As CCTV surveillance systems become commonplace in our home setting, it’s easy to underestimate the importance of sound data protection practice - but this can be a costly, regrettable afterthought. 

Effective CCTV positioning is JUST as important as proper usage. If your CCTV cameras are infringing on private property, you’re making yourself vulnerable to legal claims and potential privacy violations from those bordering your premises.

If you care about the security of your home or workplace, and equally want the peace of mind that your system adheres to the relevant data law, our CCTV experts are here to help.

At Chris Lewis we specialise in fully operational and GDPR-primed CCTV system installations. Our team is fully trained in the latest CCTV technology and data regulation practice, and perfectly aligned to support the maintenance, upgrade, extension or rejuvenation of your CCTV system.

Don’t get caught out. Get in touch with our security experts today.

Submit the form below and our team will be in touch shortly.