GDPR vs Ring Doorbells. Infringement of Privacy or reasonable safety precautions?
Do you have a ring doorbell? Do you have CCTV on your property? A recent case, Fairhurst v Woodard, from October last year provides some interesting and useful guidance on the position the courts may take when interpreting GDPR 2018 regimes in practice and where the line between safety precautions crosses over to become an infringement of privacy for others. See below for issues you may need to consider.
GDPR, what is it? What is Personal Data? And what does it mean for me?
Personal data is information that relates to natural persons where they can be identified or an identifiable individual.
The UK GDPR applies to the processing of personal data that is:
- wholly or partly by automated means; or
- the processing other than by automated means of personal data which forms part of, or is intended to form part of, a filing system.
Anyone or business who assumes responsibility for using personal data has to follow strict rules which have been put in place by the Data Protection Act 2018 called the ‘data protection principles’. These principles ensure that your data and personal information is:
- Accurate and up to date
- Use of which, is specified
- Kept for no longer than necessary
- Handled securely, including protection against unlawful or unauthorised processing.
- Used fairly
- Used transparently
- Used lawfully
There are seven key data protection principles, but the following are the ones most relevant to this case:
- Lawfulness, fairness and transparency
- Purpose limitation- keeping within the legitimate and explicitly specified purposes.
- Accuracy- Does not go beyond what is necessary for the purposes, in keeping with the relevant data.
If you would like to read more about your rights and GDPR, please click here.
CCTV, along with other forms of audio or visual surveillance technology, are increasingly becoming more complex and sophisticated. This includes the methods for gathering, sharing, storing or analyzing personal data and how this data is collected. If a residential camera system comes under the UK GDPR provisions the data protection principles must be complied with.
Fairhurst v Woodard- What happened?
Last year, on the 12th of October 2021, the Oxford County Court saw a landmark legal dispute between two neighbors over the use of cameras for security purposes. The claimant, Dr Fairhurst, was alarmed at the defendant, Mr Woodard’s use of surveillance cameras and disrespect for others privacy. Several incidents occurred which were cause for concern.
Some examples include:
- The defendant lied to Dr Fairhurst about his use of the cameras and claimed some were not operational when they were.
- The defendant threatened to set up concealed cameras along his property.
- The defendant had set up a floodlight and sensor, a video and audio surveillance camera with an integrated motion sensitive spotlight. A [ring] doorbell with video and audio surveillance system, a security camera and a second spotlight camera pointing down the driveway.
Dr Fairhurst claimed that Mr Woodard consistently failed to be honest about his use of these devices and that they invaded her privacy without justification or necessity. She claimed his use of these cameras had intimidated her and amounted to harassment and nuisance and a breach of the claimant’s rights under the DPA 2018. The claimant sought damages and injunctive relief.
What was the judge ruling?
- Data protection
HHJ Melissa Clarke held that Mr Woodhard’s behavior amounted to harassment under the Protection from Harassment Act 1977.
The nuisance claim failed on the basis that the claimant and defendants’ houses were both in town, where night-time lights are standard and overlooking from one property to another is not cause of action in private nuisance.
- Data Protection
It was found that the images and audio files the defendant collected of Dr Fairhurst were her personal data within the UK GDPR. Mr Woodard’s use of these images constituted processing of personal data which meant Mr Woodard was a data controller and must comply accordingly to the data protection principles [as above].
Held that Mr Woodard had not been transparent and had actively tried to mislead Dr Fairhurst about how and when the cameras were operating.
Specific findings in relation to the Ring Doorbell
Mr Woodard collected data outside his property’s boundaries. So, it was on him to satisfy to the court that the purposes of processing this data was necessary for his legitimate interests.
The Judge ruled that the processing of data from the front doorbell did find the right balance between the interest of parties as any video personal data was likely to only be incidentally collected if Dr Fairhurst walked past.
The judge decided differently on the question of the Ring’s doorbell’s audio recording capabilities. The Claimant presented evidence to the Court suggesting that the camera was able to capture audio from over 60ft away, which was found to be unreasonable for crime prevention purposes and disproportionate to the needs of protecting the Defendant’s home. The microphone range meant that personal data could have been captured from people who were unaware from outside the boundaries of the defendant’s property that they were being recorded, and their identities could have been revealed from the data itself, and they could certainly be identified with both the audio and video data used together. The security needs of the home can be adequately served by the doorbell camera video, no audio capabilities were necessary.
The Court found that the driveway camera that captured both visuals and audio was unlawful and used without justification. There were other less intrusive ways that the Defendant could keep his cars safe.
Amazon (the parent company of Ring LLC) issued a statement to Ring customers following the judgment:
“We strongly encourage our customers to respect their neighbours’ privacy and comply with any applicable laws when using their Ring product”
They further laid reference to their privacy settings on its devices and pointed towards their “audio toggle” feature in order to alert users to the ability to turn on or off sound recording.
You can further review Ring’s Privacy notice here.
Ruled: Dr Fairhurst was entitled to compensation and orders preventing Mr Woodard from continuing to breach her rights in the same way or in a similar manner in the future.
In this context, the case of Fairhurst v Woodard is example case law of interest which shows how courts are likely to interpret and apply regulatory regimes of GDPR 2018 in practice. It is important to note that reasonable and transparent use of a ring doorbell or CCTV on your property is acceptable, so long as it does not breach data protection laws. Dr Fairhurst’s claim was primarily arguing for relief from feeling harassed by the overuse of domestic cameras.
If you would like to read more on the best code of practice in relation to the use of CCTV, the ICO have published a helpful guide here.
This case was decided by the County Court and therefore is not a binding authority.
If you feel your rights under the DPA have been infringed, contact our lawyers. They are always happy to discuss your concerns. Feel free to call them on 0207 632 4300.