Privacy & Cybersecurity Law Blog

On October 12, 2021, the Oxford County Court determined that a homeowner had breached the Data Protection Act 2018 (“DPA”) and UK General Data Protection Regulation (“UK GDPR”) by using Ring security cameras around his property. In Dr Mary Fairhurst v Mr Jon Woodard, Fairhurst claimed harassment, nuisance and breach of UK data protection law based on her former neighbor, Woodard’s, use of security cameras and lights around his property. While the claim in nuisance failed, the judge found for the claimant on the claims of harassment and breach of data protection law.

The cameras collected data outside the boundaries of Woodard’s property, with Woodard claiming that this was for the purposes of crime prevention, constituting a legitimate interest under the UK GDPR. Fairhurst claimed that her right to privacy overrode Woodard’s interests. The judge agreed that while Woodard had a legitimate interest in crime prevention with respect to surveillance of his own property, for areas outside of his property (including the claimant’s property, garden and parking spaces), the claimant’s right to privacy was overriding, and Woodard’s aim could have been achieved in a less intrusive manner.

The judge also determined that Woodard had sought to actively mislead Fairhurst about how the cameras around his property operated, including what data the cameras captured. The judge held that this violated the transparency requirement of the fair and lawful processing principle under Article 5(1)(a) of the UK GDPR. Further, the judge found that Woodard had infringed the purpose limitation principle under Article 5(1)(b) of the UK GDPR, having failed to collect the audio and visual data for a specified or explicit purpose. The judge also found that Woodard violated the UK GDPR’s data minimization principle by capturing audio data of Fairhurst, which was not necessary for the purposes of crime prevention and was collected at an excessive distance from the cameras.