GDPR - Dashcams

[Audidothat]

Hello all

Does anyone know whether the soon to be law, GDPR, will effect owner/operators of Dash-cams?

Especially those that publish the footage of drivers to evidence poor driving (in their opinion) rather than operate a cam to protect themselves, should the situation arise.

I understand the implications toward organisations but am unsure on ‘private’ individuals who are either controllers or processes of data.

[MikkiJayne]

I don't think it applies since you're only recording publicly available information (ie in plain sight) rather than personally identifiable data such as name and address.

[pete-p]

To elaborate a little on what MJ said; there is no “reasonable expectation of privacy” on public roads. However if it's a commercial vehicle then signage may be required for people to know how to get in touch if they are on a recoding and want a copy or if it's facing/recording inside the vehicle where some privacy would be expected.

I think there is also something about it not being a permanent recording as it overwrites after a time but I can't remember how that worked.

[snapdragon]

GDPR only applies to businesses with more than 250 employees, although some of the principles still apply to employers with fewer. They do not apply to private individuals but if you use your car in the course of a business, I suppose you should look at whether or not to incorporate it into your procedures and policies.

[Conquistador]

As MikkiJayne says, it's all in a public space so GDPR doesn't apply if you're talking about a dashcam in your personal car. Additionally, GDPR covers CCTV systems which are defined as focusing on monitoring a specified area. A dashcam is essentially no different to getting your phone out and taking a picture of a public road, so there is no requirement to register with the ICO. You can carry on uploading videos to Youtube to your heart's content.

The rules are slightly different for commercial vehicles and hugely different once you start looking at inward-facing cameras in vehicles such as minicabs and buses.

[funkmiester]

To keep it simple, Dashcams are not affected, You can stop reading now if that's all you want to know!!!
they do not hold private information. The registration plate is not a piece if personally identifiable information in itself. The DVLA database that contains you name and address associated with the registration is and anyone who uses that info (I.e the parking Nazi's who apply for your details via an ANPR camera). So the DVLA and the parking Nazi's, the repo men etc who hold your reg AND you personal details have to work under GDPR.
It applies to all businesses, regardless of the number of employees, the 250 employee limit just means you have to have a data protection officer.
The rules have been in place for years under the data protection act 1988. All this does is make the rules clearer and the fines bigger as it has become more and more of a problem. Not a week goes by without a data "breach" meaning someone, somehere stole whole bunch of personal information (name, address, credit card no, date of birth etc).
So if you are a small business and are bamboozled by this. Keep it simple, look at all your files, records etc and anything you have a record of credit card nos or other personal information (eg which sex toy they ordered and where it went) then you probably need to look at deleting some of that data. You will still need to keep records for your business but 1) encrypt it 2) separate it (so names and addresses separate from orders).
Use only as you need and don't use it outside it's core purpose (eg fullfilig an order or forum login), don't trade the info, delete when you don't need it.
There is plenty help on the information commissioners office (ICO.gov.uk) site to help. It's there to protect us, the normal people, from the likes of facebook. I could rant long about facebook and Cambridge Analytical (CA) (I do analytics as part of my job, I have more than an passing interest in machine learning). Suffice to say if Facebook gave all it's data, wittingly or (nudge nudge) unwittingly to CA after May 25th this year they would both be in contravention of several key elements (including post processing information, drawing additional insights from passive data (eg profiling)), Just to give you some idea, the size of the fine that FB would face would be so big, even zuck couldn't pay it and would probably mean FB pulling out of the UK. So that is how big the teeth of the ICO have now and how big a fubar FB's was. For normal people and small business, it's nothing to fear, treat customers personal information a bit like cash. Don't wave it around, don't tell people how much you have on you and keep it in secure, safe place. Simples

[MikkiJayne]

DVLA and the parking companies could shape up to be an interesting case, since at no point did we give DVLA permission to share our data with them. These are private companies so there's no legal requirement for them to share the data like there would be with, say, a council who have parking byelaws, so on what basis can they justify selling our data?

I might ask my colleagues about that one, since we make ANPR software...

[funkmiester]

Now that is an interesting case,
Based on the mandatory training I've just done, I agree.
The DVLA can hold the data but we have not given permission for it to be secondary processed by a private company. There is a bit about disclosure for legal compulsion but I don't see how a private parking company falls into that category. Their endpoint is not upholding the law it's commercial exploitation of an asset (or on behalf of the asset holder) and that isn't a legal compulsion.
Have the accidentally outlawed parking Nazis? I'll be first in line to challenge it if I get one from now on. I won't count on motorways or via the traffic cops but the private man in a van is an interesting situation as is the private ticket companies.

[funkmiester]

https://www.whatdotheyknow.com/reque...data_protect_3

Seems like someone is there before us.
However the reply includes a copy of the relevant pages in the Registration and licensing regulations 2002 which basically say "cos we want to we can give it to anyone we want" which seems to be in complete contradiction with both new GDPR and the data protection act of 1998!
This may develop into something interesting, however I'm sure they will just say "DVLA is GDPR exempt" at some point.
Their reply is funny as well, "as the information is confidential we can neither confirm or deny that we hold it"! but we will sell that same information to someone else!

[HPsauce]

Interesting, on the basis of the above and similar information read elsewhere I, as a private individual, have very recently asked for contact details of the registered keeper/owner of a vehicle with a specific registration.

My reasons seem good to me and are "reasonable" but fall within the "other" category on the forms they ask you to use. It will be interesting to see what the reply is!

The reply linked to above says

Quote:

Regulation 27 of Road Vehicles (Registration and Licensing) Regulations 2002
allows vehicle keeper details to be disclosed to third parties who can demonstrate
that they have a reasonable cause to receive it. This Regulation provides a legal
gateway for the release of information and is not based on the consent of the data
subject.

Of course "reasonable" is not defined, and to a cynic may be seen as "makes money for DVLA".