Last October, the Daily Mail reported that: ‘A female doctor could be paid more than £100,000 by her neighbour after a judge ruled that his Ring smart doorbell cameras breached her privacy, in a landmark legal battle which could pave the way for thousands of lawsuits over use of the Amazon-owned device.’ The story was published after a judge at Oxford County Court ruled that Jon Woodard’s use of his Ring cameras amounted to harassment, nuisance and a breach of data protection laws. The Daily Mail said in its ‘legal analysis’ that: ‘Yesterday’s ruling is thought to be the first of its kind in the UK and could set precedent for more than 100,000 owners of the Ring doorbell nationally.’

Ibrahim hasan

Ibrahim Hasan

Before Ring doorbell owners rush out to dismantle their devices, let us pause and reflect on this story. This was not about one person using a camera to watch their house or protect their motorbike. The defendant had set up a network of cameras around his property that could be used to watch his neighbour’s comings and goings. Careful reading of the judgment leads one to conclude that the legal action brought by the claimant, Dr Mary Fairhurst, was really about the use of domestic cameras in such a way as to make a neighbour feel harassed and distressed. She was primarily arguing for relief under the Protection from Harassment Act 1997 and the civil tort of nuisance.

Let us examine the privacy angle. The UK General Data Protection Regulation (GDPR) regulates the processing of personal data, including by public CCTV cameras. It can, in some cases, also apply to domestic CCTV and door camera systems. After all, the owners of such systems are processing personal data (images and even voice recordings) about visitors to their property, as well as passers-by and others caught in the systems’ peripheral vision. However, on the face of it, a domestic system should be covered by Article 2(2)(a) of the UK GDPR, which says the law does not apply to ‘processing of personal data by an individual in the course of purely personal or household activity’. Recital 18 explains further: ‘This regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities.’

Collected data

The judge in this case concluded that the defendant’s camera system had collected data outside the boundaries of his property and that a specific camera ‘had a very wide field of view and captured the claimant’s personal data as she drove in and out of the car park’. This would take the system outside of the personal and household exemption quoted above, as confirmed by the Information Commissioner’s CCTV guidance: ‘If you set up your system so it captures only images within the boundary of your private domestic property (including your garden), then the data protection laws will not apply to you.

‘But what if your system captures images of people outside the boundary of your private domestic property – for example, in neighbours’ homes or gardens, shared spaces, or on a public footpath or a street? Then the [GDPR] and the Data Protection Act 2018 (DPA18) will apply to you, and you will need to ensure your use of CCTV complies with these laws.’

Once a residential camera system comes under the provisions of the UK GDPR, then of course the owner has to comply with all the Data Protection Principles, including the obligation to be transparent (through privacy notices) and to ensure that the data processing is adequate, relevant and not excessive. Data Subjects also have rights in relation to their data including to see a copy of it and ask for it to be deleted (subject to some exemptions).

In the present case the judge said the defendant had ‘sought to actively mislead the claimant about how and whether the cameras operated and what they captured’. This suggests a breach of the First Principle (lawfulness and transparency). There were also concerns about the amount of data some of the cameras captured (Fourth Principle).

Let us now turn to the level of compensation which could be awarded to the claimant. Article 82 of the UK GDPR does contain a freestanding right for a data subject to sue for compensation where they have suffered material or non-material damage, including distress, as a result of a breach of the legislation. However, the figure in the Daily Mail’s headline of £100,000 seems exaggerated even for a breach of harassment and nuisance claim, let alone the UK GDPR on its own. The court will have to consider evidence of the duration of the breach and the level of damage and distress caused to the claimant.

This judgment does not mean that Ring door camera owners should remove them before passing dog walkers make compensation claims. But it does require owners to think carefully about the siting of cameras, adequacy of notices and the system’s impact on their neighbours’ privacy.

 

Ibrahim Hasan is a solicitor and director of Act Now Training