Smart doorbell usage may breach data protection regulations, court finds
Smart doorbell usage may breach data protection regulations, court finds
A recent ruling by a judge at Oxford County Court may have major implications for the use of smart doorbells in the UK. The ruling highlights the fact that motion-enabled recordings – of the kind allowed by many of the most popular smart doorbells – can lead to invasions of privacy. What is more, the ruling stresses that, by using such recording devices, you may be liable for fines under the UK’s data protection regulations.
In this post, we’ll discuss the details of the case and look at the implications for smart doorbell owners. We’ll also consider how the UK’s data protection regulations – particularly the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) – help to safeguard individual privacy, and the steps you can take if you feel your personal data has not been used appropriately.
The case
The popularity of smart doorbells has increased significantly in recent years, with safety concerns acting as a major incentive for many customers. Indeed, Amazon-owned Ring doorbells are sold as offering “peace of mind” and “smart security”. This is an attractive prospect in a world in which we are not only increasingly used to remote monitoring, but also have growing concerns about our personal safety. Indeed, the prospect of being able to see who is trying to get access to our home when we’re not there is, in many respects, a deeply reassuring one.
Yet such doorbells have major implications for another matter of growing concern: data protection and privacy. Most smart doorbells will record any video or audio it captures when it is triggered by nearby movement. In the case of Ring doorbells, these recordings can be shared with – as the Ring website itself stresses – “anyone”.
Thus, the peace of mind that such doorbells may bring has to be weighed against the fact that, as they become more common, you may increasingly find yourself being recorded without your knowledge or permission.
The potential implications of such automated recording have come to light this month after a neighbourly dispute over home surveillance ended up in court. The dispute between Dr. Mary Fairhurst and Jon Woodard centred on a number of recording devices Mr. Woodard had installed outside his home, including a Ring smart doorbell. Because of their positioning, these devices were able to capture video and audio recordings of Dr. Fairhurst’s property.
Judge Melissa Clarke found that Mr. Woodard’s “excessive” use of a range of recording devices constituted an invasion of Dr. Fairhurst’s privacy. Judge Clarke found that the audio recording capacity of the Ring doorbell was particularly problematic, as the range of the audio recording was greater than that of the video. As a result, as Judge Clarke noted in her judgment, “personal data may be captured from people who are not even aware that the device is there, or that it records and processes audio and personal data.”
Smart doorbells and data protection regulations
Most significantly, Judge Clarke concluded that Mr. Woodard should be viewed as a “data controller”, and that his actions could therefore land him with a fine under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
The Data Protection Act and GDPR, both introduced in 2018, have substantially strengthened the UK’s data protection rules – and not a moment too soon. As the rise of smart doorbells has shown, the increasingly digital and networked nature of our society means ever-greater risks to our privacy. It also highlights the need for both companies and individuals to take their responsibilities seriously when it comes to safeguarding personal data.
A “data controller” under the terms of these regulations refers to a person who, as the Information Commissioner’s Office explains, “exercise[s] control over the purposes and means of the processing of personal data”. A data controller has the “highest level” of responsibility for complying with the GDPR.
From Mr. Woodward’s perspective, this would mean adhering to a range of principles that govern the processing of personal data under the GDPR. This includes the “data minimisation” principle, which states that data collected should not exceed what is necessary for the specified purpose.
As Judge Clarke noted in her judgment, the audio recordings provided by Mr. Woodard’s Ring doorbell clearly violated this principle. After all, Mr. Woodard’s claim that his recordings were for the purpose of crime prevention does not justify his collection of audio as well as video, especially when the range of the former was substantially larger than the latter. Judge Clarke noted that “[a] great deal of the purpose could be achieved without audio at all.”
What does this mean for smart doorbell owners?
While the ruling, in this case, does not set a legal precedent, it does suggest some potential implications for those with smart doorbells, as well as those considering getting one installed.
The first thing to stress is that the issues you may face would only relate to recording that captures either someone else’s property or a public space. So, if you are installing a smart doorbell and its range and positioning do not result in it capturing data outside of your property, you are unlikely to encounter problems. However, it’s worth remembering that, as Judge Clarke noted, the range of audio recording will likely exceed that of video.
For this reason, you should consider the settings you use for any smart doorbells or other recording devices you install on the outside of your home. At the time of the dispute, Ring doorbells did not allow audio recording to be disabled; a subsequent firmware update has changed this. It’s worth checking whether your current smart doorbell or one you are considering purchasing, gives you adequate control over the data you will be collecting, including disabling audio recording if necessary.
This is particularly true if your smart doorbell will be capturing any video or audio of the street outside your home or parts of your neighbour’s property. While the ruling, in this case, acknowledged that crime prevention can be a legitimate justification for gathering data that might otherwise constitute an invasion of privacy, you need to be careful that you don’t fall foul of the GDPR’s specific limitations, as Mr. Woodard did.
HNK Solicitors are experts in data protection claims
The ruling, in this case, suggests potentially significant developments for smart doorbell users, and for anyone considering taking steps to improve their home security using recording devices.
But it also shows how vital the GDPR and the Data Protection Act 2018 are to safeguarding our privacy and ensuring that our data is treated appropriately and with care. In an environment where most of us are constantly sharing our personal data with a wide range of companies and organisations, this is particularly important. After all, the consequences of our personal data being misused – including it being gathered without our consent – can be significant.
Here at HNK Solicitors, we have extensive experience in holding organisations that misuse personal data to account. If you have been impacted by a company’s failure to properly safeguard your data, we can help – especially if this failure had financial consequences or led to emotional distress.
We offer free consultations, so if you have been the victim of a breach of data protection regulations, get in touch today. Our team of expert data protection solicitors will be able to discuss the details of your case, and advise you if you may be eligible to claim compensation. To arrange your consultation, fill out the form on our website to request a callback. Alternatively, call us on 0151 203 1104 or email us at enquiries@hnksolicitors.com.
Recent case studies
2 October 2024
HNK Client Successful in £28,000 Sexual Misconduct and Misfeasance Case Against The Chief Constable of Sussex Police