Blog » HOW TO INFORM DATA SUBJECTS ABOUT CCTV SURVEILLANCE IN A GDPR-COMPLIANT WAY?
HOW TO INFORM DATA SUBJECTS ABOUT CCTV SURVEILLANCE IN A GDPR-COMPLIANT WAY?
24 July 2019
Operating video surveillance in a GDPR-compliant way can be a real challenge for data controllers in Hungary. A key aspect of the compliance with the GDPR is how the controller informs the data subjects (e.g. employees or customers) about the CCTV surveillance. Luckily, the European Data Protection Board which is the data protection authority of the EU has recently published a guideline on this issue. Read our short summary so that you know what to include in your camera privacy notice.
1. Layering is the key
Based on the GDPR the data subject shall be provided with several details of the data processing. Considering all factors, it is not always easy to provide all the necessary information and be transparent at the same time.
That is why the European Data Protection Board (EDPB) emphasizes that in relation with CCTV surveillance the layered approach of the information is particularly important.
That means that in practice the controller should use two layers: firstly, a warning sing which contains the most important information and secondly, a more detailed privacy notice with supplementary information.
2. First layer – Warning sign
As proposed by the EDPB controllers must install a warning sign preferably with an icon of a camera so that the data subject can understand easily that CCTV surveillance is operated on the premises.
This warning sign shall be positioned in such a way that the data subject (e.g. your customer) can easily recognize it and will be able to gather all the basic information before entering the monitored area.
A further requirement with the positioning of the warning sign is that it shall make clear for the data subjects which area is under surveillance exactly. For example, if you operate CCTV system in your whole headquarter building it is wise to put the warning sign before the main entrance and state that CCTV operates in the whole building.
3. What to include on the warning sign?
As mentioned, the warning sign is the place for the most basic information in relation with the data processing. That is particularly the purposes of the processing (e.g. property safety purpose) and the identity of the data controller (including your contacts details).
Further, you shall mention on the warning sign that the data subject has several data protection related rights such as right to access and right to erasure.
Last, but not least given that the warning only contains the most basic information you must include a reference to the more detailed privacy notice and where the data subject can get access to it.
4. But first – Surprising information
Besides the basic information you shall put information on the warning sign that could “surprise” the data subject.
The EDPB considers as such the storage period of the records as in the lack of providing the storage period the data subject can expect that there is only a live monitoring (without recording).
Similarly, the fact that the controller transmits the recordings to third parties can be considered as a surprising information which should be put on the warning sign.
5. Second layer – Detailed privacy notice
While in ideal case the warning sign about the CCTV surveillance contains every basic information mentioned earlier to be GDPR-compliant you shall provide the data subject with some additional information. For example, if you operate the CCTV based on your legitimate interest, you shall inform the data subject clearly about those interests.
Further, on the one hand, it is crucial that the detailed privacy notice is available at the site, e.g. on the reception or on a poster in the lobby.
On the other hand, the EDPB recommends that the second layer information is accessibly digitally that is without entering the surveyed area. You can provide a link to your website where the privacy notice is available or even a QR-code.
Based on the above we propose to check and if necessary, update your camera surveillance related privacy notices so that their inappropriate quality or format do not jeopardize your compliance with the GDPR.
IS AN EXECUTIVE FIRED UNLAWFULLY ENTITLED TO DAMAGES WITHOUT EVIDENCE IN HUNGARY?
According to the Labour Code, if the executive unlawfully terminates his employment, the employer is automatically entitled to damages equals to twelve months’ absentee fee without proving the actual damage. Can this rule be applied in an opposite situation? We explain the recent decision of the Curia which answers to this question.Read more »
BACK TO COURTROOM? NEW RULES IN CIVIL LITIGATION FROM 1ST JUNE 2020
In the emergency situation due to COVID-19 the rules of the civil litigation were modified: the most important change was that courts did not held court hearings at all or only through electronic telecommunication channels. Because of the moderation of the epidemic, from 1st June 2020 the civil litigations can return to “normality” with a few slight changes. In our short article we summarize the new rules.Read more »
WHEN THE EMPLOYEE IS CONSIDERED EXECUTIVE? – RULING OF HUNGARIAN SUPREME COURT
Is the employee considered as an executive employee if though the parties qualify the employee as executive, but refer to the wrong provision of the Labour Code? Does the will of the parties or their contractual declaration matter in this case? We analyse the latest decision of the Curia in our short article.Read more »