Is the use of CCTV camera a breach of data privacy?

0
Is the use of CCTV camera a breach of data privacy?

As the world becomes increasingly interconnected, the deployment of Closed-Circuit Television (CCTV) surveillance systems has become a norm, especially in public institutions, they serve various purposes; ranging from deterring criminal activities and aiding law enforcement investigations. YEJIDE GBENGA-OGUNDARE reports that the widespread use of CCTV cameras continues to spark a critical ethical debate on the line between privacy and security as well as the challenges of striking the right balance.

Security cameras are not only installed and used in public places but also in various locations such as inside convenience stores as part of efforts to prevent crime and keep records. And while security cameras are useful in terms of crime and disaster prevention, the use gives rise to issues of risks of privacy infringement.

The primary goal of CCTV installation is usually to enhance security and deter crime; aid investigations by allowing footage which is instrumental in solving crimes by providing valuable evidence and helping law enforcement identify suspects and in advanced societies, monitor traffic flow, assist in accident investigations, enforce traffic laws and also aid emergency responders during disasters as well as, protest other critical situations to enhance public safety.

However, over time, the spread in use of CCTV surveillance has raised significant ethical concerns, primarily centered on the volatile discussion of privacy breach and need for security. It has been argued that when surveillance cameras capture individuals’ movements and actions in public spaces, it potentially infringes on their right to privacy and proliferation of cameras can create a sense of constant monitoring, eroding the feeling of anonymity in public.

Also, storage of surveillance footage raises questions about how long the data should be retained and who should have access to it, especially at this period when there are cases of mass abuse of data from retention sites, including unauthorized access to footage or the use of surveillance data for purposes other than security.

The need to strike a balance had been the major concern for stakeholders on both sides of the argument; privacy versus security.  The ethical dilemmas surrounding CCTV surveillance are complex and multifaceted, reflecting the broader debate about privacy and security in the digital age. But as societies grapple with these challenges, stakeholders advocate the crucial need to engage in open and informed discussions that consider the ethical implications of surveillance while recognizing the legitimate need for security.

 

Fact about CCTV use

While there is diverse information; both facts and myths about CCTV use, there are facts that are incontrovertible. Below are some of the facts:

The use of closed-circuit television (CCTV) camera in a business, residential or public space is regulated by law.

The use of CCTV camera may constitute a breach of data privacy.

The lawful use of CCTV camera requires that certain conditions must be met which include the fact that; there must be a clear and legible notice of the use of CCTV put up in the building with contact details for inquiries, the policy guiding the use of the CCTV must be easily accessible and the purpose for the use of the CCTV must be communicated.

Also, the CCTV must only process data which is necessary for the specified purpose. Individuals must be given a right of access to the footage containing their personal data and may request for erasure or correction if inaccurate and the footage must only be retained for the period necessary to fulfill its purpose.

In addition, there must be restricted access to the CCTV footage and any individual can lodge a complaint for unauthorized processing of their image to the Nigeria Data Protection Commission.

If found culpable, the company or individual that wrongfully processes a person’s image may be fined, cautioned, prosecuted for crime or ordered to cease and desist from further breaches.

 

Previous rulings on CCTV breach of privacy

While there is no notable case in Nigeria, a Kenya High Court had given ruling on the issue when it gave a major decision on the issue of privacy vs security on CCTV use in a case tagged Kennedy Ondieki vs. Hellen Maeda (Petition E153 of 2022), which bordered on whether privacy has been breached. The High Court held that installation of CCTV cameras in a residential area is a violation of a person’s constitutional right to privacy.

Maeda had installed CCTV cameras on its premises for security purposes but aggrieved by the action, Ondieki who lives in an adjacent building, lodged a petition claiming that the CCTV camera installation breached his constitutional right to privacy, arguing that the cameras were positioned in a manner that could spy, monitor and record the images of his property. He had averred that he had tried to resolve the issue amicably but the respondent was not co-operative.

He had consequently put up a barricade to block the camera but the respondent uninstalled and reinstalled the cameras above the barricade and continued to spy, record and monitor his compound.

But in response, the respondent averred that the CCTV cameras were installed for her family’s security which was informed by the breaking into their premises by thieves earlier in the year.

In determining the matter, the High Court stated that the right to privacy is envisaged under article 31 of the Constitution of Kenya, 2010, and is operationalized by the Data Protection Act, 2019 (the Act).

Article 31 of the Constitution of Kenya, states that: “Every person has the right to privacy, which includes the right not to have their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily required or revealed; or the privacy of their communications infringed.”

Section 25 of the Act states that: “Every data controller or data processor shall ensure that personal data is processed in accordance with the right to privacy of the data subject…”.

 

Analysis

The Court held that as per the Act, the Respondent was deemed a data controller processing personal data through her CCTV of the Petitioner as a data subject. As such, the Respondent was required to be registered with the Office of the Data Protection Commissioner (the ODPC) and ought to have sought the Petitioner’s consent to collect data through the CCTV cameras. Ultimately, the High Court, in allowing the claim made a declaratory order that the actions of the Respondent violated the Petitioner’s rights under Article 31 of the constitution and his rights as a data subject under the Act and ordered the Respondent to uninstall the CCTV camera accessing, spying, monitoring, and recording images in the Petitioner’s property.

The Court failed to acknowledge the exemptions for processing personal data by an individual during a personal or household activity under the Act. Section 51 (2) (a) of the Act stipulates that individuals processing personal data during a personal or household activity shall be exempt from complying with data protection principles relating to lawful processing, minimisation of collection, data quality, and adopting security safeguards to protect personal data.

Additionally, the Court relied on consent as the only lawful basis for processing personal data by a data controller or data processor and ignored indirect collection of personal data by the Respondent as prescribed in Regulation (6)(1)(c) of the Data Protection (General) Regulations, 2021.

 

Stakeholders call for balance

As the issue rages, stakeholders have emphasised the need for a balance between privacy and security, describing it as a delicate task. According to Tobi Lawal, a data analyst, it is important to ensure that our increasingly monitored world remains just, secure, and respectful of individual rights, adding that certain steps will ensure that the thin line between privacy and security is not blurred.

“It is a major issue that can however be resolved with just few steps and commitment to making things right. The most important ingredient in resolving this impasse is transparency; there needs to be transparency on the part of organisations about the presence and purpose of surveillance cameras. Clearly visible signs can help inform the public. And authorities must invest in strong data protection measures to safeguard the collected footage from unauthorized access or misuse because what we have now is below standard and acceptable levels,” Lawal said.

He added that striking the right balance will require ongoing dialogue, legal frameworks and responsible deployment of surveillance systems, emphasizing that “due to the fact that CCTV captures images of people which can be used, stored, manipulated and disseminated, those who operate the systems need to be aware of how to manage privacy issues.”

Also speaking, Moyo Adekilekun, a software engineer, stated that “there is a need to implement clear policies for the retention and disposal of surveillance data, ensuring it is not stored longer than necessary while strict guidelines should be put in place to oversee the ethical use of surveillance data basically for the primary purpose for security. It is also a necessity to establish mechanisms for accountability, including oversight, audits and accountability for any misuse of surveillance data.”

To navigate the thin line, experts advocate that all organisations considering using CCTV need to be mindful of their obligations under the Privacy Act 2020 and should only collect personal information if it is for a lawful purpose connected with their functions or activities.

READ ALSO: Drama as Jigawa commissioners, SAs clash over seats

link

Leave a Reply

Your email address will not be published. Required fields are marked *