CCTV use by churches

In March 2018 we posted CCTV in Churches – windows into men’s souls? which noted the encouragement given to churches to install Closed Circuit Television (CCTV) as an aid to the security of their contents and personnel and in relation to hate crime and terrorist threats. The consistory court judgment Re St Mary Chartham [2017] ECC Can1 addressed the use and storage of CCTV footage, data protection, and recommended what criteria might be adopted in the future.

Subsequently, the General Data Protection Regulation (GDPR) came into force on 25 May 2018 under the Data Protection Act 2018; this superseded the previous 1998 Data Protection Act, and implemented UK-specific components of the General Data Protection Regulation (EU) 2016/679 (GDPR). The Church of England’s Parish Resources website reviewed the requirements of the UK provisions, Data Protection: Parishes and the “GDPR”.

The Church of England web pages provide advice on the installation and use of CCTV, including a GDPR-compliant template policy document and signage “that will allow churches and cathedrals to govern the installation and operation of all CCTV cameras within their church or cathedral buildings or any separate building or land that are owned and controlled by them”.

The recent case involving the “smart” doorbells and cameras, Fairhurst v Woodwardat the Oxford County Court, has raised further issues of privacy and data protection.

Fairhurst Woodward

Summary

The case was widely, if inaccurately, reported by many publications. Important (factual) aspects of the judgment are:

  • this was a civil claim, not a criminal prosecution by the Information Commissioner’s Office. As such, the Court may order injunctive relief against the Defendant rather than imposing a “fine”;
  • as a County Court judgment, it is not binding on other courts;
  • three aspects of the claim were considered by the Court, infra, of which one was specific to the conduct of the Defendant whilst the other two related to the operation of the cameras and the processing of the data received;
  • it was not the “smart” Door Bell per se that was the cause of the action, but the use by the Defendant of both video and audio information from this and from other devices;
  • at the time of writing, the quantum of damages was yet to be determined; further submissions on the basis on which the Claimant seeks damages for breach of data protection legislation and harassment using the measure of damage for loss of amenity are to be heard. [141] and [143].

Background

The 2-day trial concerned the Claimant Dr Mary Fairhurst’s action in harassment, nuisance and breach of the Data Protection Act 2018; this arose as a consequence of the Defendant Mr Woodard’s use of several security cameras and lights at and around his property in Thame. At the Oxford County Court on 12 October 2021, HHJ Melissa Clarke upheld the claim of Dr Fairhurst that the devices installed on the house of neighbour Jon Woodard broke data laws and contributed to harassment.

The Claimant’s case [12] was that the Defendant had consistently failed to be open and honest with the Claimant about the Cameras, had unnecessarily and unjustifiably invaded her privacy by his use of the Cameras and has intimidated her when challenged about that use, and that this amounts to:

  • a nuisance; and
  • breach of the Data Protection Act 2018 and Regulations thereto (“DPA 2018”); and
  • a course of conduct designed to harass the Claimant contrary to the Protection from Harassment Act 1997 (“PHA 1997”).

The legislation associated with these is summarized at [107] to [124]. The Claimant’s case was that the actions of the Defendant had caused her such distress that she left her home on 29 April 2019 and has not been able to return to reside there again. She is seeking damages, and injunctive relief against the Defendant inter alia mandating the removal of the “Ring Doorbell” and “Shed Camera” and forbidding the installation of further surveillance cameras” [13].

Consideration by the Court

Further to the earlier analyses of the use of CCTV &c for places of worship, FairhurstWoodward raises additional issues for those who use theses types of security device. Whilst the media comment focussed on the “smart” doorbell, the Defendant had installed a number of different devices, the operation of each was considered by HHJ Clarke: “The Driveway Camera”, [101]; “The Shed Camera”, [102, 3]; “The Ring Doorbell”. [104]; and “Windowsill Camera”, [105]”. The court considered the operation and coverage of the video and audio signals from each device and where this extended beyond the curtilage of the Defendant’s property.

With regard to audio function of the cameras, in the circumstances of the case some were found to have a range beyond the boundary of the Defendant’s property. Rudimentary but acceptable tests suggested that under the conditions of the instant case, one detector had a limit of reliable capture of 16m and another of 20.7m [89] to [99]. With such a range, the issue of whether it was possible to disable the audio function was examined. In relation to the personal audio data collected by three of the devices, HHJ Clarke observed:

“[137]. … A great deal of the purpose could be achieved without audio at all, as is the case with the bulk of CCTV systems in use in public places in this country, or by a microphone that only picks up sound within a small diameter of the device. That finding means that I am satisfied that the processing of such audio data by the Defendant as data controller is not lawful.”

Harassment

The claim of harassment related to the conduct of the Defendant, for which the question was whether, taken together and without deconstructing them into individual acts, all these facts and findings cited in [125] amounted to harassment for the purposes of the Act. Applying the tests in Hourani v Thomson & Ors[2017] EWHC 432 (QB) the judge found that the claim in harassment succeeded entitling the Claimant to damages for distress [126] to [127].

Nuisance

On the claim in private nuisance, the judge noted  [129]:

“the Court of Appeal decision in Fearn and Ors v Board of Trustees of the Tate Gallery[2020] EWCA Civ 104 is against the Claimant’s case, and it is authority which binds me. The Court of Appeal held that mere overlooking from one property to another is not capable of giving rise to a cause of action in private nuisance”.

For the nuisance caused by light from the “Driveway Camera”, the question was one of degree – what was and was not reasonable according to the ordinary usages of man living in a particular society [130]. The judge did not consider that it was an undue interference with the Claimant’s use or enjoyment of her property, or that the amenity value of the property was materially reduced for the period during which the “Driveway Camera” light was operating. Nor did she consider that it was reasonably foreseeable by the Defendant that the Claimant would leave her property and live elsewhere because of it. For all those reasons, the claim in nuisance failed.

For completeness, it should be noted that there was no claim in statutory nuisance, Part III Environmental Protection Act 1990 in relation to the floodlights used. Although normally brought by a Local Authority, claims may also be raised by individuals. There are no set levels for light to be considered a statutory nuisance, (as with noise nuisance from church bells), although there is government guidance in these areas (see HC Library Nuisance Complaints).

Data Protection

The Claimant’s pleaded case was that:

“[131] … images and audio files of the Claimant are personal data within the meaning of Article 4(1) of the General Data Protection Regulation 2016/679 (“the Regulations”); that the Cameras collected such personal data, that the transmission to the Defendant’s phone or computer or other device, the retention of any such images or sound on such a device and their onward transmission to others (whether neighbours, the police, or the cloud for storage) are processing of personal data within the meaning of Article 4(2) of the Regulations; that the Defendant as the person determining the purpose and means of that personal data is, and was at all material times a data controller within the meaning of Article 4(3) of the Regulations, and accordingly must comply with the principles set out in Article 5(1) of the Regulations.”

The judge noted the that the Information Commissioner had provided Guidance on the GDPR Regulations which included the meaning of ‘transparently’, viz. “Transparent processing is about being clear, open and honest with people from the start about who you are, and how and why you use their personal data”. She said [italicization in original]:

“[134]. My findings that the Defendant collected data outside the boundaries of his property, particularly by way of the Driveway Camera but also in respect of the other Cameras, means that it is for him to satisfy the Court that such processing of data “is necessary for the purposes of the legitimate interests of the controller… except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject” (Article 6(1)(f)). …

… I consider that the balance between the legitimate interests of the Defendant and the right of the Claimant to privacy and a home life are met in relation to the processing of video personal data from the Ring Doorbell, and I am so satisfied. That is because any video personal data of the Claimant is likely to be collected only incidentally as she walks past, unless the Claimant stands on the Defendant’s door and rings his doorbell, and I consider that his legitimate interest in protecting his home whether he is there or not are not overridden by her right to avoid such incidental collection on a public street, albeit in the vicinity of her home. However I consider the processing of audio personal data from the Ring Doorbell to be problematic…”

[135]. In relation to the Driveway Camera…it is not legitimate for the Defendant to carry out video and audio surveillance of a road leading to a car park used by others in which he maintains two parking spaces, when his cars and property could be protected in a lesser way that does not sacrifice the privacy of the Claimant and the other users of the Driveway…If I am wrong about that, I consider that such interests are overridden by the Claimant’s right to privacy in her own home, to leave from and return to her house and entertain visitors without her video personal data being captured. Again, the audio personal data collected and processed by means of this Driveway Camera is even more problematic and detrimental than video data in my opinion. For those reasons I am satisfied that the Defendant’s processing of the Claimant’s personal data by means of the Driveway Camera is not lawful.

[136]. In relation to the Windowsill Camera, I do not have any evidence that it processed personal data of the Claimant during the period it was in operation and so I will not consider it further.

[137]. In relation to the audio personal data collected by the Shed Camera, Driveway Camera and Ring Doorbell, I remind myself of the third principle, that personal data “shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. This is the data minimisation principle. I am satisfied that the extent of range to which these devices can capture audio is well beyond the range of video that they capture, and in my view cannot be said to be reasonable for the purpose for which the devices are used by the Defendant, since the legitimate aim for which they are said to be used, namely crime prevention, could surely be achieved by something less. A great deal of the purpose could be achieved without audio at all, as is the case with the bulk of CCTV systems in use in public places in this country, or by a microphone that only picks up sound within a small diameter of the device. That finding means that I am satisfied that the processing of such audio data by the Defendant as data controller is not lawful.

[138]. For all those reasons, I am satisfied that the Claimant’s claim that the Defendant has breached the provisions of the DPA 2018 and the UK GDPR succeeds. She is entitled to compensation and orders preventing the Claimant from continuing to breach her rights in the same or a similar manner in the future.”

HHJ Clarke indicated that she wished to hear further submissions on the basis on which the Claimant seeks damages for breach of data protection legislation and harassment using the measure of damage for loss of amenity; also whether the “Ring Doorbell” and “Shed Camera” as now installed are able to be utilised without audio recording [140]. The Claimant’s claims in harassment and breach of the DPA 2018 succeeded [141] but those in nuisance were dismissed [142]. The quantum and consequential matters were to be determined at the handing down of the judgment.

Comments

As cautionary note, although the dispute culminated in the court hearing, the Claimant and Defendant appeared to have a “somewhat remote but perfectly civilised neighbourly relationship before the events which have brought them to Court” [35].

On 12 September 2021, we reported that the DCMS issued an open Consultation, Data: a new direction: on the future of data processing regulations.

Cite this article as: David Pocklington, "CCTV use by churches" in Law & Religion UK, 18 October 2021, https://lawandreligionuk.com/2021/10/18/cctv-use-by-churches/

 

Leave a Reply

Your email address will not be published. Required fields are marked *