CCTV or IP cameras outside your home, and the (UK) GDPR. It's easier than you think

I was tagged into an interesting thread on Twitter, in which someone wanted to put CCTV/IP cameras to record a public place, because of ongoing criminal activity in that area.

The question was essentially “doesn’t the GDPR stop me from doing this?”.

And my answer was “no, the GDPR does not stop you from doing it. It just says how you need to do it”.

I gave some suggestions about how to do it consistently with the GDPR, and I’m putting them here, with a few additional comments.

IP cameras / CCTV cameras, public spaces, and the (UK) GDPR

This isn’t legal advice, and it’s mostly (I hope) common sense.

Other points

No. Consent is one of the lawful bases. It’s not the only one, and, in this case, it is not the appropriate one.

But the GDPR doesn’t apply to individuals?

No. It does. Some processing by individuals is out of scope - processing of personal data by an individual in the course of a purely personal or household activity - but that’s a derogation from the fact that it does apply.

There are plenty of things which are likely to fall within that derogation, but the situation here is not one of them.

But what about that recent case where someone was successfully sued because of their cameras?

I’ve written about that on my work blog.