Sunday, April 28, 2013

Does Use of CCTVs to Protect Your Home From Offenders Fall Outside of EU Data Protection Laws?

This is how we could rephrase a new preliminary reference by the Czech Administrative Supreme Court. 

Journalist and former publisher of local newspapers Mr. Ryneš had persisting problems with unknown offenders who attacked him six times and several times damaged his house. Czech Police never found out who they were. Mr. Ryneš thus decided to protect his family and property, and installed a CCTV on his house. One fixed CCTV was covering entrance to his and his neighbour's house and the street. System was installed by a professional firm and designed in a way that after hard disk limit was reached, the old data were rewritten by new data. No monitor was installed and only person with the access was Mr. Ryneš and his family. 

During one October night, house of Mr. Ryneš was damaged again. Unknown offenders broken his windows with a sling shot. This time, CCTV captured two suspects. One of them decided to defend by submitting a complaint with Czech Data Protection Office (CDPO) alleging that CCTV system of Mr. Ryneš was installed contrary to several provisions of Czech data protection laws. Several weeks later, CDPO fined Mr. Ryneš with 1.500 Kč (approx. 60 euros) because he did not notify the Office and was processing without consent the personal data of persons walking on the street and entering his neighbours house. 

Mr. Ryneš took things to the court arguing inter alia that Czech data protection laws do not apply because his CCTV was installed 'in the course of a purely personal or household activity' (art. 3(2) of Directive 95/46/EC, lists what falls outside of the scope of the Directive).

First instance court, City Court in Prague (9Ca 41/2009), disagreed with Mr. Ryneš and uphold the fine. Mr. Ryneš then appealed to the Czech Administrative Supreme Court. This Court now decided to stay proceedings (1 As 113/2012) and ask CJEU following:

CZ: Lze provozování kamerového systému umístěného na rodinném domě za účelem ochrany majetku, zdraví a života majitelů domu podřadit pod zpracování osobních údajů „prováděné fyzickou osobou pro výkon výlučně osobních či domácích činností“ ve smyslu čl. 3 odst. 2 směrnice 95/46/ES (Úř. věst. L 281, s. 31; Zvl. vydání 13/015, s. 355), třebaže takovýto systém zabírá též veřejné prostranství?

EN: Does processing of personal data by operation of the CCTV system on a private house with purpose of protecting property, health and life of its owners fall within the scope of art. 3(2) of Directive 95/46/EC, even if this system also covers public space?

Art. 3(2) reads: 'This Directive shall not apply to the processing of personal data .. by a natural person in the course of a purely personal or household activity'
Czech Administrative Supreme Court points out that praxis in Members States is not coherent in this respect. According to the decision, Spain, Austria and Belgium consider these kind of scenarios as falling within the scope of the data protections laws, whereas UK and Ireland are reported to take opposite views. The Court refers to following part of the UK Information Commissioner’s Office opinion:

„The use of cameras for limited household purposes is exempt from the DPA. This applies where an individual uses CCTV to protect their home from burglary, even if the camera overlooks the street or other areas near their home.“ (CCTV code of practice, Revised edition 2008, s. 5, www.ico.gov.uk)
Let's see what CJEU has to say about this. Though I am bit sceptical that CJEU would want to go for an extensive reading of Art. 3(2) of Directive 95/46/EC.

No comments: