Damages awarded for distress caused by CCTV surveillance
A court in Scotland recently awarded £17,268 in damages to a couple in a civil claim that they brought for “extreme stress” caused by the “highly intrusive” use of CCTV and audio recording systems by the owners of a neighbouring property – the judgement can be found here.
The couple who brought the case lived in a flat above a guesthouse whose owner had installed CCTV (and audio recording equipment) to the building. The CCTV cameras covered the couple’s private property and the property owner’s husband taunted the couple as he said that he could listen to private conversations in their garden – the couple feared that their private conversations inside their flat were also being recorded (two audio boxes had been installed immediately below front bedroom windows) .
The court ruled that the owner had breached three principles of the UK Data Protection Act 1998 (DPA 1998) and determined the data processing to be intrusive, excessive, highly visible, extravagant, unjustified and “an effort to oppress”. By way of legal basis the judge referred to the 2015 UK Court of Appeal case of Google -v- Vidal-Hall (which we reported on here) that established a right to damages for “distress” only for breaches of the DPA 1998.
The judge accepted the couple’s calculation of damages which was based on a sum of £10 per day for each of them multiplied by the number of days the data processing had taken place in breach of the DPA 1998, deducted by one month to account for when the couple were likely to be away from the property.
This case demonstrates a trend for claims brought for damages for infringements of data protection legislation, which we expect to continue and increase – although this sum which might appear modest it actually shows an increase in comparison to previous cases in the amount awarded for this type of claim. As regards whether damages will be calculated in reference to a daily sum (as in this case) or as a lump sum, watch this space. The case is also interesting for many reasons, not the least being that four Subject Access Requests were made and the defendants consistently delayed their responses or failed to respond, and, in correspondence with the ICO (the UK data protection regulator) the defendants wrongly claimed their property was a private residence and that exemptions applied, which the ICO rejected, and the failure to keep data retention policies were also noted by the judge.
The EU General Data Protection Regulation (GDPR), which is fully applicable as from 25 May 2018, emphasises compensation for breaches of the GDPR. We have written FAQS and a Glossary about the GDPR which can be found here and here.
Last but not least, don’t forget that if you have installed CCTV/surveillance systems you may be subject to various data protection legislation obligations including registration as a data controller, and, don’t forget Data Privacy Impact Assessments also apply in this area.
We have written FAQS and a Glossary about the EU General Data Protection Regulation (GDPR which can be found here and here. We have also designed a product to assist with compliance with the GDPR called Navigator – for more about this please see here. We frequently write about data protection issues – for more articles see here.
For more information please contact Jonathan Armstrong or André Bywater who are lawyers with Cordery in London where their focus is on compliance issues.
|Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH||André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH|
|Office: +44 (0)207 075 1784||Office: +44 (0)207 075 1785|