Site icon Insights Blog

ICO publishes video surveillance guidance as CCTV usage continues to grow

CCTV camera in front of screen showing surveillance footage

It is fair to say that surveillance is big in the UK. We have one of the world’s highest concentration of CCTV cameras. There are over 5.2 million used by consumers, businesses and public authorities – compared to just over one million in France, a country 2.3 times bigger than the UK. There are also over 11,000 Automatic Number Plate Recognition (ANPR) cameras watching UK roads and car parks – by far the largest number compared to any EU country. This vast network has clearly helped prevent crime over the years and actually forms a key pillar in UK crime prevention strategy.


Surveillance continues to grow and evolve. Camera technology has improved to the extent that it is much more cost effective and as a result is commonly used by consumers more to protect their property and vehicles. Cameras have also been combined with new identification technologies such as facial recognition software which offer various applications. It is no surprise therefore that the data regulator – Information Commissioner’s Office (ICO) – has recently published new video surveillance guidance. The guidance clarifies how cameras and other surveillance equipment should be used by organisations and how the data they collect should be handled.

What does the guidance cover?

The ICO outlines its key data principles and provides some useful case studies applying these to surveillance, as well as covering the importance of data governance. We summarise the key areas below:


The ICO has also published specialised guidance covering the use of surveillance technologies other than CCTV. Most of this is relevant to the public authorities and enforcement firms that use this type technology. One of these is ANPR, which is a useful tool for combatting crime (especially vehicle crime). When a vehicle is reported stolen the police record this as a crime in the Police National Computer (PNC), which is connected to the ANPR network of cameras found across the UK’s roads. Each time a camera identifies a stolen vehicle, by recognising the vehicle’s registration mark (VRM), it generates a notification to police forces. The stolen vehicle data the police record is shared with Total Car Check and other vehicle check providers and this leads to our vehicle check products flagging up if a vehicle has been reported as stolen.

There are very strict rules for the use of PNC and ANPR, not just from a GDPR point of view but to ensure the integrity and credibility of the system and safety of the public. GDPR is relevant here not just because of the fuzzy images of people in vehicles that the cameras may take, but because the VRM is considered to be a personal identifier e.g. when made available to third parties, along with other types of data, it can lead to the identification of individuals. All organisations must, from a default position, treat the VRM as personal data.

Why is the guidance important?

The very fact the regulator has produced this guidance suggests that it has seen some issues in the market and it may signal closer monitoring of this area in future. For the automotive sector CCTV is used extensively in motor retail, auction and storage sites, so for firms operating in these sectors compliance with the rules is crucial. Balancing the interests of security against privacy should not present difficulties, but it does require governance and compliance to ensure the data principles are being met. The actions firms take should be proportionate to the risks. But as with many regulatory requirements – policies and processes must be written down so they can be communicated to staff and demonstrated!

Exit mobile version