Monitoring on the property and the provisions on the protection of personal data

Monitoring on the property

In the era of the development of various electronic devices, we can easily set up monitoring on the premises of our property. While this gives us a sense of security, it can also cause us many legal problems, especially if our monitoring devices violate someone else's privacy.

What is monitoring for?

Monitoring is primarily intended to protect property and residents of a given property, and should generally only be used for such purposes.

Important! It should be borne in mind that monitoring is a form of personal data processing.

What is personal data?

This is any information relating to an identified or identifiable natural person.

Consequently, as the owner of the monitoring system, you are the controller of this data and you have the obligations referred to in the following points.

As a data controller, you must therefore remember that:

1. The data should be kept for no longer than is necessary for the purposes for which the data are collected;
2. Data should be stored in a manner ensuring their appropriate security;
3. The data must be processed in accordance with the law, reliably and transparently for the person they relate to (the recorded person has the right, for example, to ask for their data to be made available);
4. Data must be collected only for specific, legitimate purposes.

What legal provision is the basis for the processing of personal data obtained through monitoring?

This is Art. 6 sec. 1 lit. f of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation) (GDPR), which reads as follows:

"Processing is lawful only in cases where (...) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (...)". Ensuring the safety of persons and property in the monitored area should be considered as the legitimate interest of the data controller.

We should also remember to place in a visible place information that the facility is monitored. Monitoring should only cover places where an incident or a potential incident may occur, or a threat to the safety of people and property.

Importantly, surveillance cameras cannot be hidden and should only record the image itself, without sound.

Another interesting issue is the possibility of using dummy cameras. Although it is legal, it is not advisable to use them because of misleading people as to ensuring the safety of their property and property (which is actually missing), as well as they are misleading as to interference with their privacy. However, dummy files do not violate the provisions of the GDPR in any way.

It should also be borne in mind that the President of the Personal Data Protection Office may at any time inspect the monitoring system. If violations are found, it may impose a financial penalty.

When applying monitoring, the privacy of neighbors should be respected. Cameras may include the entrance to the property or the adjacent pavement and road, however, the range of the cameras may not extend beyond the areas justified by safety issues.

Advocate Pamela Opoczka