Home Investing News Could your smart doorbell cost you more than you think? The GDPR at your home

Could your smart doorbell cost you more than you think? The GDPR at your home

by

This week, a judge at Oxford County Court handed down what is believed to be the first judgment of its kind in the UK relating to the use of the ‘Ring’ doorbell, a popular smart doorbell system that is sold by Amazon.

Smart doorbells use video and audio recording to alert users when someone is at their door, using an app. The ‘Ring’ model alone is thought to be used by more than 100,000 people in the UK.

The claimant successfully brought a claim against her neighbour for harassment and breach of data protection legislation owing to his use of a network of smart doorbells. It has been widely reported in the press that compensation of up to £100,000 may be payable, although the judgment itself does not give any figure for damages.

The case has resulted in speculation about the legality of smart doorbells, and whether their continued use could put homeowners at risk of being sued by everyone from neighbours, passers-by and even delivery staff. Fortunately, much of this is hyperbole. Smart doorbells are not specifically prohibited by data protection law, and their ordinary use should not put individuals at risk of compensation claims. But, as with any other electronic device that automatically collects information about other people, homeowners do need to take care with their use and consider the rights of others.

Data protection law applies to the processing of ‘personal data’, which means information that relates to identified or identifiable individuals. However, it doesn’t apply where that processing is for purely personal or household activities. Otherwise we’d all be obliged to comply with data protection law every time we took a photo of our friends on our phones or started a group chat on WhatsApp. So if your smart doorbell is only recording on your property for household activities, then data protection law may not apply at all. This argument wasn’t considered by the court in the Oxford case, perhaps because at least two of the cameras in question were directed onto public areas, a shared car park and driveway, and the defendant stated that the devices were for crime prevention purposes.

Where data protection law starts and stops is a matter of open debate. The Oxford case suggests it can apply to smart doorbells. But does it apply to images collected by dash-cams? What about other smart electronic devices? These are not straightforward issues. Our current laws derive from European law and, in a recent opinion on a Dutch case, the Advocate General at the European Court of Justice expressed serious doubts about the increasingly wide scope of data protection law. He argued that an overly wide interpretation was turning data protection law into one of the most disregarded legislative frameworks in the EU, because so many individuals are “blissfully unaware” that their activities are subject to it. That could well apply to smart doorbell owners, at least before the recent publicity.

Assuming that data protection law applies at all, what should the homeowner need to do? Well, firstly they must have a lawful basis for processing the images and audio data from their smart doorbell. In the Oxford case, the judge ruled that the processing of video data from the smart doorbell mounted in the doorway was necessary for the homeowner’s legitimate interests (and these interests overrode the privacy rights of any visitors whose data was captured). But this lawful basis did not apply to the additional devices that were facing the driveway and the car park. For those cameras facing public areas, the privacy rights of other individuals overrode any potential legitimate interests of the homeowner. There was no valid lawful basis for the processing.

Smart doorbells record audio as well as video. The judge decided that audio recording was intrusive and breached the ‘data minimisation’ principle (that personal data must be adequate, relevant and not excessive). This was the case even for the audio data captured by the device in the doorway. The judge ruled that the homeowner had therefore breached data protection law and the claimant was entitled to compensation.

We should be wary of reading too much into the Oxford case. It was an unusual case where the neighbours had fallen out spectacularly and the devices in question were used for much wider and more intrusive surveillance than most users would contemplate. Nevertheless, homeowners with smart doorbell devices should be careful to ensure their devices are set up to only capture the minimum information that is necessary. That means carefully positioning the cameras and only capturing relevant video and audio material. And try not to fall out with your neighbours!

Jon Belcher

Jon Belcher is a specialist data protection and information governance lawyer at Excello Law.

Related News