At what point does CCTV go from being an acceptable security measure to harassment and a breach of another’s privacy?
Fairhurst v Woodard (Case No: G00MK161) (12 October 2021)
This is noted as being the first reported ruling relating to Ring video doorbells and security cameras, and given how common these are now becoming and how sophisticated they can be, is a case that will be of interest to many people who have such installations and who are wondering whether they could find themselves facing a claim for harassment and breach of Data Protection/GDPR.
The claimant, Dr Mary Fairhurst, and the defendant, Mr Jon Woodard, were neighbours. The claimant issued proceedings against the defendant for installing a ‘Ring’ video doorbell and security cameras at his property which pointed towards a driveway which ran along the claimant’s boundary and down into a car park which backed on to the rear gardens of both properties asserting these were forms of nuisance, harassment and a breach of the Data Protection Act/GDPR.
The defendant had installed a camera on the wall pointing to the driveway after thieves attempted to steal his car in April 2019. When the claimant contacted the defendant and asked to discuss this, he informed her it was a dummy camera. There followed a number of interactions between the claimant and the defendant about the use of this and other security cameras including the video doorbell resulting in the claimant issuing proceedings claiming that the defendant had failed to be open and honest with her and had unnecessarily invaded her privacy by using them and had intimidated her when he was challenged.
The claimant claimed that the defendant’s conduct and behaviour amounted to:
- A nuisance caused by loss of privacy or light from the driveway camera.
- Breach of the Data Protection Act 2018 (DPA) and UK GDPR
- A course of conduct designed to harass the claimant contrary to the Protection from Harassment Act (PHA).
As remedy, the claimant sought damages and injunctive relief which included removal of the installed devices.
Melissa Clarke J rejected the claim for nuisance but upheld the claims for a breach of the DPA and harassment under the PHA.
Despite the defendant pleading a defence that there was no harassment because his actions were for the purpose of preventing and/or detecting crime (and therefore considered reasonable), the judge found that the defendant had engaged in a course of conduct which amounted to harassment over a series of events. Various threats had been made to the claimant which had caused alarm and distress including threats to install more cameras, lying to the claimant about her image having been sent to the police and informing her that the cameras were dummy cameras. The judge considered whether a reasonable person in possession of the same information would consider it amounting to harassment and was satisfied that they would based on the fact that the defendant had lived in the neighbourhood over 20 years without issue and that the displayed behaviour towards the claimant was unusual and alarming.
Breach of DPA and UK GDPR
The parties agreed that the images and audio files collected by the defendant was personal data. Their transmission to his phone and computer and their retention and onward transmission to others (e.g. the police, and the cloud for storage) constituted processing of personal data. This meant that the defendant was a data controller and accordingly must comply with the principles set out in UK data protection law.
Whilst the judge acknowledged that the defendant had a legitimate interest in using the cameras to prevent crime he tried actively to mislead the claimant about how and whether the cameras operated and what information they captured. The judge accepted that the Defendant had breached the DPA 2018 and UK GDPR by unlawfully processing personal data of the claimant contained in images and audio files via the cameras and was in breach of the first three data protection principles under Article 5(1) of the GDPR. The defendant was unable to show the processing was based on one of the grounds set out in Article 6(1) of the UK GDPR and, because he was found to have misled the claimant about how and why the cameras operated, he was also held to have failed to process personal data fairly and transparently. Article 5(1)(c) was also breached due to the extent that audio data had been collected by the defendant via the Ring Doorbell and other cameras, beyond the boundaries of his property.
Each case is determined on its own facts and whilst this case was about the use of these devices, the court’s findings were not based on the general use of such a device. This case was largely about the defendant’s actions and behaviour once the claimant had complained about the devices including his threats to call the police and install more cameras.
If you have CCTV or a video doorbell you should check that the range of your footage does not extend beyond the boundary of your property. Please contact us if you are unsure about your position or are currently involved in a neighbour dispute and require advice and assistance to resolve it.
For any help or advice please our expert Amanda Nudds – [email protected] or call her on 01328 852804.