M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on E-TIPS™ For Deeth Williams Wall LLP on October 27, 2021.
On October 12, 2021, the County Court at Oxford (the Court) released its decision in Fairhurst v, Woodward (Case No: G00MK161), holding that the Defendant, Jon Woodard, breached the United Kingdom’s Data Protection Act 2018 (the DPA) and the European Union’s General Data Protection Regulation (the Regulations) in his use of surveillance equipment around his property. The surveillance equipment was purchased from the Amazon-owned company, Ring, and included security cameras and a doorbell with audio and video recording capabilities.
To prevent crime around his property and the shared neighbourhood private parking lot, the Defendant installed surveillance equipment that captured audio and video recordings of these areas. The equipment could be remotely accessed by the Defendant via a mobile app with footage sent directly to his mobile phone or smartwatch. The presence of the surveillance equipment and its ability to capture information beyond the Defendant’s property alarmed the Defendant’s neighbor, Mary Fairhurst (the Claimant). The equipment captured aspects of the Claimant’s property, including her side gate, garden and car parking spaces. After the parties failed to informally resolve the matter, the Claimant brought a case before the Court claiming numerous causes of action, including the Defendant’s breach of applicable privacy laws.
Under Section 2 of the DPA, the privacy of individuals is protected by the Regulations. The Court found that the matter fit within Article 4 of the Regulations, with the images and audio captured from the surveillance equipment constituting personal data; the transmission of recordings to the Defendant’s mobile devices and onwards considered the processing of personal data; and the Defendant’s involvement in the surveillance making him a data controller. Given that the Defendant was collecting data outside his property, he had to demonstrate that his data processing was necessary for achieving the purpose of crime prevention and sufficient to override the Claimant’s right to privacy under the Regulations.
Although the Court found that the limited video data collected from the doorbell struck the correct balance between the Defendant’s interest and the Claimant’s right to privacy, the Court objected to the use of a security camera that was positioned to collect data outside the Defendant’s property, including images of the Claimant’s residence. The Court also found that the audio data collected from the Ring surveillance equipment was offside the Regulation’s data minimization principle because the range at which the devices capture audio is far greater than is necessary for the purpose of crime prevention. Instead, the Court noted that the Defendant could still achieve his objective by restricting the collection of audio data or not capturing it at all.
For these reasons, the Court found that the Defendant’s use of his Ring surveillance equipment breached the DPA and the Regulations.