Use of video cameras for security in the domestic sphere: how does it affect data protection?
The security of our homes is a priority, and video cameras have become an essential tool to protect our properties. However, it is essential to consider how the use of these cameras affects privacy and the protection of personal data.
Registration and processing of images
The use of video cameras implies the processing of personal data, that is, the capture of images that identify or can identify people. The Spanish Agency for Data Protection (AEPD) establishes that this processing must comply with the principles and obligations of data protection regulations.
Location of cameras:
- If the cameras only record the interior of your home, it is considered a personal or domestic activity, and data protection regulations are not applicable.
- If the cameras capture images of the public highway, entrances, facades, or neighboring properties, data protection regulations would apply.
The obligations if recording outside the home:
- It is necessary to place a visible sign indicating that the area is being video-monitored. The sign must include the identity of the controller, the purpose of the recording, and how to exercise the rights of access, rectification, suppression, etc.
- The cameras should only record what is strictly necessary for the security of your property. You have to avoid capturing images of the public highway or neighboring properties beyond what is essential.
- Make sure the cameras only record what is adequate, pertinent and limited in relation to the purposes for which they are processed, in accordance with the principle of minimization of damages collected in article 5.1.b) GDPR.
- The images must be deleted within a maximum period of one month, unless they are necessary to investigate a crime or infraction.
- It is necessary to implement security measures to protect the recordings from unauthorized access, loss or alteration.
What happens if I have a person employed in the home?
If you have a person employed in the home, the situation changes. It is no longer considered a purely “personal or domestic” sphere, and it is necessary to be even more careful with data protection.
Can I record my employee?
In principle, no. The installation of cameras to control an employee is a disproportionate measure and violates their right to privacy. However, there are exceptions:
- Well-founded suspicions of a crime: if there are serious and justified suspicions that the employee is committing a crime (theft, for example), cameras could be installed, but only in the areas where it is suspected that the crime is being committed, and during the strictly necessary time. It would be necessary to inform the employee of the existence of the cameras.
- Express consent: if the employee consents freely and informed to the recording, you could install cameras. However, this consent must be very clear and specific, and the employee must be able to revoke it at any time.
The employee could not be recorded in rest areas or bathrooms, nor could the employee be recorded continuously and without any of the above justifications.
Possible security and privacy breaches
Video cameras, especially “IP cameras”, can be vulnerable if adequate precautions are not taken. To avoid security breaches, the following is recommended:
- Change the default passwords. That is, do not use the passwords that come from the factory. It is important to create secure passwords and change them periodically.
- If the camera offers encryption, it is recommended to activate it to protect the recordings.
- It is important to install the security updates offered by the camera manufacturer.
- If you access the cameras remotely, it is recommended to use a secure connection (VPN) and two-factor authentication.
Application of data protection regulations
The regulations that must be taken into account in the domestic video surveillance sector are the General Data Protection Regulation (GDPR). This regulation establishes the principles and obligations that must be complied with when processing personal data. In Spain, the Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) complements the GDPR.
The essential principles of the GDPR are found in Article 5 of the regulations:
- Transparency: it is important to inform in a clear and accessible way about the processing of data.
- Limitation of purpose: collect data only for specific and legitimate purposes.
- Data minimization: collect only the necessary data.
- Accuracy: keep the data updated and accurate.
- Limitation of the retention period: keep the data only for the time necessary.
- Integrity and confidentiality: protect data from unauthorized access.
- Proactive responsibility: implement measures to ensure compliance with the GDPR.
At Letslaw we are experts in digital law, so we can advise you on everything you need.
María comenzó su contacto con el derecho de las nuevas tecnologías en la carrera en la Universidad Complutense de Madrid. Actualmente se encuentra cursando el Máster Universitario en Derecho de las Telecomunicaciones, Protección de datos, Audiovisual y Sociedad de la Información en la Universidad Carlos III de Madrid, con el objetivo de certificarse como DPO.
More from my site
Can the company monitor my activity through video surveillance cameras in the workplace?
Video surveillance in the workplace and data protection
Real-time video surveillance
Volkswagen fined 1.1 million euros for using a vehicle with cameras
Drone use and privacy
Can you request recorded images of a parking lot if your vehicle has been damaged?