Smart doorbell use found to breach data protection laws in the EU and UK
This article was co-authored by Sarah Hitchcock, Trainee Solicitor, London.
Recently, Oxford County Court has held that the owner of a ‘smart’ doorbell and other CCTV cameras has violated the UK’s data protection laws. The claimant was compensated and an order made to prohibit the defendant from any future breaches.
This case has the potential to have a significant impact on manufacturers and retailers of analogous products, in particular smart doorbells or any products with CCTV or surveillance functions, for example.
Although this matter addresses a breach of UK data protection laws, those laws are analogous to EU-wide laws on this topic and therefore have implications for all of Europe.
Where such products are marketed for use in the way that has now so clearly been prohibited, and consumers purchase the products for that prohibited use, retailers could be exposed to claims in respect of implied contractual terms in respect of fitness for purpose or similar. Recovery by retailers, who are pursued for that claim, will take place against manufacturers.
The neighbour of an owner of a smart doorbell, Dr Mary Fairhurst (the claimant), brought a claim against her neighbour, Mr Jon Woodward (the defendant). The claimant alleged the defendant’s use of his Ring Video Doorbell camera and other CCTV camera systems constituted harassment and breached her rights under the UK’s data protection law, the Data Protection Act 2018. She also claimed that her privacy was “unnecessarily and unjustifiably” invaded. She alleged that because of these breaches of her rights she was required to leave her home.
In resisting the allegations, Mr Woodward explained that his aim was to ensure the safety of his car after an attempted theft in 2019. He also contended that some of the CCTV cameras were ‘dummy’ deterrents, used only as motion sensitive spotlights.
The court held that:
- The footage captured by the doorbell was classed as personal data and therefore subject to the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).
- The defendant had not handled the claimant’s personal data in a “fair and transparent manner”, as is required by these laws.
- Mr Woodard “actively” misled the claimant regarding what was recorded by the cameras, with particular reference to the camera’s audio range, which was not considered to be “reasonable for crime prevention”.
The court issued a substantial fine, as well as an order to prevent the defendant from continuing the breach of the claimant’s rights in the same or similar ways in the future. Injunctive relief was also granted for the removal of some of the cameras, including the smart doorbell.
The court ruling creates difficulties for owners of smart doorbells in considering the implications of the Data Protection Act.
The case also has a bearing on retailers and manufacturers who are under an obligation to ensure that their product is fit for purpose.
This includes ensuring consumers are able to use the camera and audio device installed in the doorbell device. Manufacturers therefore need to consider the legalities behind the device to avoid creating and marketing a product that is contrary to the law.
As a result of this case, moving forward manufacturers need to be aware of the responsibilities placed on consumers and ensure that the intended use of the product is not undermined by data protection laws. Manufacturers will be subject to continuing obligations to remain up to date with the latest developments surrounding privacy law, and continue to review the position in each county their product is sold in.
Manufacturers may also wish to place limitations on devices or enable consumers to have more control over the capabilities of the device. For example, by limiting the scope of the audio or video recording to cover only the property of the owner. However, doing so could give rise to competition claims if there is vast disparity between availability of products at the same price point in different jurisdictions. The legal risk profile for various approaches therefore needs to be not only considered per country, but also as a part of an international strategy for product sales.