CCTV in Taxis – Privacy rights and councils responsibilities
CCTV has become a fact of life in today’s connected world. Most of us now go about our daily business without paying too much attention to the prying eyes of unseen watchers.
The cameras can serve as an effective solution across many applications… security and crime prevention being the most common. But whichever way you look at it, capturing and recording an individual’s movements is intrusive. Thankfully, these images are now subject to strict data protection laws, enshrined in the GDPR.
GDPR Data Protection laws state that users of this technology need to carefully consider the personal privacy implications… before implementing any kind of surveillance system.
Most of the population accept the legitimacy of CCTV cameras in our towns and cities. However, the growth of CCTV cameras in taxis is considered by some to be an entirely different kettle of fish.
Local Authorities across the United Kingdom have installed CCTV cameras in licensed taxis as a way to combat crime. Also to protect taxi drivers and their vulnerable passengers. And while this may be considered a perfectly reasonable and responsible action, there are some clear privacy concerns.
It transpires that many of these CCTV systems are active whenever the vehicle is running. The cameras operate continuously, even when the driver is using the taxi privately. This means the camera is recording when drivers are picking up their children from school, going shopping with the family, or travelling whilst on holiday. Just like the rest of us, taxi drivers are entitled to privacy. And that right is now enshrined in GDPR law.
CCTV in taxis? – is it even legal?
The GDPR clearly states that the processing of personal data be for a specific purpose and proportionate. Therefore, if the taxi is used by the driver for private or domestic purposes, it is likely to be unlawful.According to the ICO, unlawful, unfair and excessive under data protection legislation and in breach of Article 8 of the Human Rights Act 1998.
It is not only the continuous recording that can cause discomfort and public concern. There is a much bigger issue to consider…
… Who controls the processing of this data?
In most situations, the council that instructs CCTV systems to be installed in taxis are responsible for the data recorded. Consequently the council is the Data Controller and not the taxi driver. Local Authorities need to ensure that they understand there responsibilities in this area of GDPR law.
The Information Commissioner’s Office has the power to stop the processing of personal data and to take action against any organisation that is found to be breaking the law.
With this in mind the ICO has put together the following three key points for councils
1) Start at the beginning
- Considering installing CCTV in taxis? First, revisit the start of your project and think carefully about the issue you are seeking to address. Is your proposed CCTV system a necessary, justified and effective solution?
- Take into account other potential solutions that may be less intrusive, yet can achieve the same goal.
- Is the use of CCTV a proportionate response to the problem?
2) Conduct a Data Protection Impact Assessment (DPIA)
Data protection law has changed significantly since May 2018. The new GDPR legislation states that Data Protection Impact Assessments (DPIAs) must be carried out before any roll-out of intrusive surveillance systems. CCTV in taxis is highly likely to be one of these systems. Therefore you need demonstrate that you have conducted a DPIA to the ICO.
See more information on DPIAs on the ICO website.
If you decide that a CCTV system is required, then a ‘privacy by design’ approach should be considered when making decisions about which equipment to purchase. You should identify which equipment is the most appropriate to meet the need and purposes it is required for.
3) Read the ICO’s Code of Practice for Surveillance Cameras and personal information
This is an excellent guide which explains how you should be operating your CCTV system. It also highlights potential problem areas, plus the fact that your CCTV system must be registered with the ICO. Council’s have a statutory duty under the Protection of Freedoms Act to consider the Home Secretary’s Surveillance Camera Code of Practice
Source: ICO blog
Also read: CCTV in shopping malls tracking shoppers