EU Court Ruling Means Civilian use of Drones in Public Must Comply with Data Protection Laws
Hobbyists and other individuals using remotely piloted aircraft systems, or ‘drones’, to capture images in public will be required to ensure that the activity complies with EU data protection laws in future, in light of an EU court ruling.12 Dec 2014
The Court of Justice of the EU (CJEU) last Thursday ruled that “video surveillance” by individuals that is carried out “even partially” in a public space is subject to the EU’s Data Protection Directive, even if the camera capturing images of people is “directed outwards from the private setting of the person processing the data”.
The CJEU was ruling in a case referred to it from the Czech Republic where a Czech journalist had contested decisions by the country’s data protection watchdog and a court in Prague which held that his use of a CCTV system at his home had failed to comply with data protection laws.
The CJEU said that the Czech journalist could not claim that the processing of personal data involved in using his camera fell within the ‘household exemption’ to data protection laws. This is because the camera was capable of identifying individuals walking on a public footpath outside of his home, it said.
EU data protection rules generally govern the collection, processing and retention of personal data but do not apply where personal data is collected “in the course of a purely personal or household activity”.
“The operation of a camera system, as a result of which a video recording of people is stored on a continuous recording device such as a hard disk drive, installed by an individual on his family home for the purposes of protecting the property, health and life of the home owners, but which also monitors a public space, does not amount to the processing of data in the course of a purely personal or household activity, for the purposes of that provision,” the CJEU ruled.
Data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, said the judgment could have implications for the caseload of EU data protection authorities, such as the UK’s Information Commissioner’s Office (ICO).
“On one hand the judgment is unhelpful because it broadens the household exemption and could meant that UK’s Data Protection Act, and by extension, the ICO, becomes involved in disputes between two individuals,” Wynn said. “This would detract from the real raison d’etre of the Act and underlying EU Data Protection Directive, which is to protect the way data is processed by organisations for commercial exploitation or overly intrusive surveillance.”
The CJEU said that the household exemption had to be “narrowly construed” and that whilst individuals’ use of surveillance cameras in public was subject to data protection rules, their use of the technology in some cases could be justified without the need for them to obtain the consent of people they capture footage of.
“The application of [the Data Protection Directive] makes it possible, where appropriate, to take into account …legitimate interests pursued by the controller, such as the protection of the property, health and life of his family and himself, as in the case in the main proceedings,” the CJEU said.
Wynn said: “Although the judgment is unhelpful in one regard, it does confirm that the ‘legitimate interests’ test will be met where the processing is for the purposes of protection of property. This provides clarity for businesses where CCTV inadvertently captures images in a public space which has an impact on that person’s property. However, it appears from the judgment that the footage captured would need to record something tantamount to criminal behaviour to justify businesses not displaying any information to the public about the filming they are conducting, particularly where the filming captures off-premises footage.”
The CJEU’s judgment had been identified by deputy UK information commissioner David Smith, at a recent parliamentary hearing, as one which could set a legal precedent on the extent to which data protection laws should be applied to the use of surveillance cameras by individuals.
At the time, Smith said that the Information Commissioner’s Office (ICO) viewed the “domestic use of CCTV” camera on a person’s house to be “outside the scope of data protection law” even if the camera “overlooks the public area into street”.
However, the CJEU’s ruling has now confirmed that this is not the correct legal approach.
Smith told Out-Law.com that the issues addressed by the CJEU also apply “in relation to private individuals using drones with cameras attached”.
The judgment means civilian operators of drones in public places will have to adhere to ‘fair processing’ requirements if capturing images that can identify individuals and may, in many cases, require them to obtain individuals’ consent to the capturing of such footage, among other data protection rules that apply.
“Clearly this is a significant judgment, and is a case we’ve been following closely,” an ICO spokesperson said. “We’ll be studying the judgment in detail before deciding what steps we need to take in response to it.”
It was already the case that organisations using drones to capture images, such as media organisations, construction companies and the police, have to ensure that they comply with data protection laws when using the technology, something the ICO made clear earlier this year.
Ingen kommentarer:
Legg inn en kommentar
Merk: Bare medlemmer av denne bloggen kan legge inn en kommentar.