Gaining access to CCTV images is far more difficult than the legislation suggests it ought to be

Under the 1998 Data Protection Act, citizens have the right to access CCTV images of themselves. One researcher, Keith Spiller, sought to test out how easy it actually is to gain access to the footage, and sought to deliberately stand in site of CCTV cameras for two minutes at a time. He found it far more difficult to gain access to the images than the legislation suggests it ought to be.

Recently I rang the telephone numbers displayed on CCTV signs in order to gain access to my CCTV data. After all, this is my right. However, only 6 of the 17 organisations approached provided my data.

I have been researching in the area of surveillance and surveillance studies for a number of years now and I have a deep interest in how laws governing aspects of surveillance actually work, as well as how people react and live with surveillance. CCTV is probably one of the most recognisable aspects of surveillance; indeed, it is the symbol that most often accompanies any mention of surveillance in the media. So, what better system to examine just how the regulations work in an urban setting.

The control of CCTV in the UK falls under the remit of the Data Protection Act (1998) and Article 8 of the European Convention on Human Rights. Cameras monitoring private and public spaces for security purposes must adhere to the regulations set out in the Act.  Specifically CCTV operators and data managers must notify people that they are being recorded, must store images with ‘integrity’ and must provide data to anyone requesting their images.

On a mild November morning I walked around the centre of a south of England city and deliberately stood under visible CCTV cameras, in an effort to get myself caught on CCTV.  In total 17 cameras recorded my movement at 2 shopping malls, 3 department stores, 4 banks, 1 stadium, 1 railway station, 1 bus station, 1 university, 1 open street system, 1 town hall, 1 government building and 1 museum.

The standard way of asking for CCTV images is to submit a Subject Access Requests (SAR) and this is what I did, writing to all 17 organisations. However, before I wrote I needed their contact details and 7 of the cameras had no visible information on their signs (which they are supposed to have) and of the 10 that did, 4 of the telephone numbers displayed were dead or produced no response. I then resorted to the organisation’s webpages and this proved more fruitful; yet even when telephone contact was made, staff often did not have the correct information to hand or where unsure how to deal with my requests; for example not knowing who I was supposed to write to or on another occasion asking for £20 plus VAT to process the request, even when the fee an organisation can charge is only £10.

Despite the difficulties in making requests I did receive some curious responses, on 4 occasions I did not appear on the footage, this despite standing for up to 2 minutes under each camera. My SARs on two occasion got ‘lost’ as the organisations had no record of receiving them, my images were also deleted on a number of occasion as systems automatically erased files after 7 days –  this despite making my request within 24 hours of standing under the cameras.

What remained clear to me throughout the research was the un-practiced nature of how organisations and staff deal with CCTV SARs. This may of course be due to a double incompetence in that those whose images are caught by the cameras rarely, if ever, request their CCTV footage, which in turn may be because they do not know that they have a right to request personal data. Or more simply most people do not care, need or want that information. As a result it would appear requests are infrequent and organisations are often ill-prepared when requests are made.

Making the request and remaining persistent may have been aided by my role as a researcher because I knew where to find SAR templates – these are available on the Information Commissioners Office website – and I had some idea of my data protection rights. Equally, after making a number of requests and dealing with similar responses from organisations, I became well practiced in how to make requests – an advantage a person making a lone request would not have.  Despite this I was careful not to disclose my position as a university researcher to the organisations as this may have eased access – however I do suspect, judging by the marked increase in traffic to my academia.eu and researchgate webpages, my name was searched online.

More pressing in what I found is the lack of clarity often presented by organisations in their CCTV signage and indeed in the lack of accuracy of the information displayed. Organisations are expected to display the contact details of their data controllers or managers, but in my experience finding this information was less than straightforward. For some companies there has obviously been a concerted effort to take their data controlling responsibilities seriously as the organisation who did provide my data were efficient and professional in dealing with the requests. Yet, evident is the poor responses of organisations when tasked with requests for CCTV images or simply they don’t want the hassle, or quite possibly the cameras are not on.

Nevertheless, what has become clear is the ease of access to CCTV images is certainly not as straightforward as the legislation would like it to be.

Note: For more detail on this research please see ‘Experiences of accessing CCTV data: the urban topologies of subject access requests’ published in Urban Studies. This post represents the views of the author and not those of Democratic Audit UK or the LSE. Please read our comments policy before posting. 

profile Picture1Dr Keith Spiller is a Researcher at the Open University. His research focuses on the social consequences of surveillance and monitoring and other surveillance issues. His academic profile can be found here.

Similar Posts