The Team

Does your door bell fall foul of the Data Protection Act?
Does your door bell fall foul of the Data Protection Act?

In a case decided in Oxford County Court, the Judge decided, amongst other things, that data recorded through the use of a Ring doorbell and other video cameras was a breach of the data protection legislation and the General Data Protection Regulation (GDPR).

The case involved Dr Mary Fairhurst who raised proceedings in Oxford County Court against Mr Jon Woodard. You can read the full case here. Dr Fairhurst had raised a claim for compensation and injunctive relief against Mr Woodard in relation to his use of multiple video cameras at his property which overlooked Dr Fairhurst’s property and a communal parking area.

Dr Fairhurst claimed harassment, nuisance and a breach of her privacy. Whilst the judge agreed that the actions of Mr Woodard constituted a nuisance and were in breach of the Data Protection legislation and the GDPR, the did not consider his actions to constitute a nuisance.

What is the issue in relation to Data Protection?

We are approaching this case from the standpoint of data protection due to the fact that in the harassment elements of the case there is reference to English statute law which has no bearing in Scotland. In addition, the case is not considered binding.

However, from a data protection perspective, whilst this element of the case was included in the claim, a complaint about the breach of privacy could just have easily been lodged with the Information Commissioner in the form of a complaint. In that case, however, it is likely that the outcome would have resulted in the defendant being fined rather than a compensatory award being made.

Mr Woodard had installed a number of cameras at his property and he could monitor them from his mobile phone. In addition, he could record audio for a more extensive distance than the camera view could capture. The Claimant, Dr Fairhurst, claimed that the collection and storage of her personal data was in breach of her privacy and constituted a data protection breach.

The balance between legitimate interests and right to privacy

Mr Woodard claimed it was his legitimate interest to process this data because he feared for his security and the security of his property. There is some evidence that thieves attempted to steal his car at some point. However, for legitimate interests to be successful as a justification for processing personal data, it must be processed fairly and transparently and that it must not be to the detriment of the privacy of the data subject (in this case Dr Fairhurst). As the cameras recorded video and audio that extended beyond the boundaries of Mr Woodard’s property and into Dr Fairhurst’s property. The judge said, in relation to Mr Woodard’s reliance on legitimate interests for the camera that looked into Dr Fairhurst’s garden “I consider that such interests are overridden by the Claimant’s right to privacy in her own home, to leave from and return to her house and entertain visitors without her video personal data being captured”.

In summary, Her Honour Judge Melissa Clarke, said, in relation to the data protection breaches: “I am satisfied that the Claimant’s claim that the Defendant has breached the provisions of the DPA 2018 and the UK GDPR succeeds. She is entitled to compensation and orders preventing the Claimant from continuing to breach her rights in the same or a similar manner in the future.”

As millions of people up and down the UK now have video cameras and door bells installed, some of which can record audio, it is important to understand where the line is drawn. Whilst this case deals with the wider elements of harassment and nuisance, it does give a very clear indication of where the line might be drawn between legitimate interests and the right to privacy.

As you might expect, the Information Commissioner has detailed guidance on the use of CCTV and you can read that advice here.