As any local solicitor can tell you, some of the most bitter legal disputes originate from disagreements between neighbours. Whether it’s property boundaries, loud music or parking spaces, what might initially be minor irritations can gradually lead to a full-blown court battle.
A relatively recent development in neighbour conflicts are clashes centred on home surveillance products, such as CCTV cameras and smart doorbells. These technologies, which may capture footage beyond the householder’s property, can pit householders against neighbours who feel their homes and private lives are being unfairly spied upon.
Indeed, a UK judge recently ruled that a man’s home security system invaded his neighbour’s privacy, and he now faces having to pay potential damages of up to £100,000. So what are the privacy implications of this technology, and what do people need to know if they have, or are considering installing, a smart doorbell?
The use of surveillance technologies is governed by a range of measures. Some provide advice and guidance, like the surveillance camera code of practice, which sets out principles for operators to follow. Others are legal requirements, such as the rules for collection and processing of personal data under the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).
These measures aim to ensure that any use of surveillance technologies is for legitimate purposes, proportionate, and compliant with relevant legal obligations. A key concern is that surveillance should, as far as possible, be with the informed consent of those surveilled.
Where do smart doorbells fit in?
Purely “domestic use” of personal data by a private individual is exempted from the data protection legislation – for example your list of addresses for sending Christmas cards. But it’s well established that home surveillance systems, including CCTV and smart doorbells, are subject to UK data protection legislation.
A key case in 2014 looked at the use of a home CCTV system by a Mr Ryneš in the Czech Republic. The Court of Justice of the European Union (CJEU) held that while Ryneš’ CCTV system was installed for a legitimate purpose – the protection of his property and personal security – the data collection went beyond that permitted solely for domestic use. This is because it collected personal data from a public space, including a footpath and the entrance to his neighbour’s house opposite.
With this ruling, the CJEU confirmed that domestic surveillance systems fall within the scope of the data protection legislation where they capture data beyond the boundaries of the homeowner’s property. This interpretation remains applicable under UK law for now, although the UK government could potentially alter the scope of the “domestic exemption” now that the UK has left the EU.
While this case and others that have followed since didn’t involve smart doorbells specifically, the principle is the same. The case of Fairhurst vs Woodard in the English County Court in October 2021 reinforces the view that the courts are likely to take a dim view of those who fail to use home surveillance equipment in a way that respects the rights of other people, including their neighbours.
Woodard installed a range of surveillance technology, including CCTV cameras and a smart doorbell, for home security purposes. But these could record video and audio well beyond the boundaries of his property. He then actively misled his neighbour, Fairhurst, as to how and when the cameras operated. The court found Woodard to have breached his data protection obligation to process data in a lawful and transparent way, and to have collected personal data without a specified or lawful purpose, as required by the Data Protection Act 2018 and the GDPR.
Read more: What does GDPR mean for me? An explainer
The court did recognise that home security could be a legitimate purpose for collection of data that would otherwise breach a neighbour’s right to privacy, if the collection was reasonable and proportionate for that purpose. For example, in relation to Woodard’s Amazon Ring doorbell, the court held that capture of incidental personal data (such as video of Fairhurst walking past) was permissible. However, the capture of audio at a significant distance exceeded what was reasonable for the purposes, as did the fact the system’s viewing range recorded large areas of Fairhurst’s property, including her side gate, garden and parking space.
It’s worth noting that Woodard’s use of his home surveillance system, and his interaction with Fairhurst concerning that use, also led to a successful action for harassment against him.
If you’re considering installing a home surveillance system, such as a smart doorbell, you should:
identify a clear and justified purpose for your use of CCTV, such as home security;
when purchasing a system, consider the scope of data it can capture, whether this is reasonable for your intended purpose, and if the system can be tailored to protect other people’s privacy rights. For example, with some systems it’s possible to disable audio, and to set “privacy” zones which are not recorded;
ensure there is signage stating recording is taking place, and why;
keep all data collected secure and accessible only to those who need it, and delete it when no longer needed;
comply with requirements of the Data Protection Act 2018 and the GDPR, such as responding to requests from individuals about data you may hold on them, and deleting data if requested to do so.
The Information Commissioner’s Office has also produced some helpful advice for people installing home CCTV systems.
Pleasingly, providers are becoming more aware of the risks and requirements of home surveillance technologies and are building in new features which may encourage lawful use. For example, Amazon has recently added end-to-end encryption to its smart doorbell technologies. This aims to keep personal data captured secure against misuse by third parties by restricting access to video and audio streams to specified devices and permitted users.
Correction: this article originally said that a man faced a £100,000 fine from a UK judge. This should have said damages instead of a fine, and has now been changed.