JOIC logo

CCTV and Surveillance at Work and at Home

  1. Video surveillance is the most privacy intrusive form of data processing undertaken presenting the greatest risk to data subjects. It should only be used to address real and serious threats to health, safety or the protection of property and only as a last resort, where other less intrusive approaches have failed. It is essential that any organisation using surveillance technology do so in a way that is lawful, fair, transparent and that individuals rights and freedoms are protected.

  2. This guidance note covers:

  1. the processing of personal data by CCTV and other surveillance systems by public and private sector organisations; and
  2. processing that is in the context of personal or household activities, such as home CCTV systems (including doorbells) that capture images within the boundaries of private property.

  1. This guidance does not cover covert surveillance techniques or processing for specific criminal law enforcement purposes by competent authorities under Schedule 1 of the DPJL 2018.

  2. When we talk about surveillance systems, this includes traditional CCTV, Automatic Number Plate Recognition (ANPR), Body Worn Video (BWV), Drones (UAVs), Facial Recognition Technology (FRT), dashcams and smart doorbell cameras, workplace monitoring and livestreaming. As surveillance systems become more sophisticated, they can involve AI systems, which can process more sensitive categories of personal data.

  3. Footage or images containing identifiable individuals captured by CCTV systems are personal data for the purposes of data protection law and organisations using surveillance systems that process the personal data of identifiable individuals need to comply with the DPJL 2018.

  4. We receive many complaints about neighbourly disputes and the use of CCTV. Whilst many of these complaints fall outside our jurisdiction to investigate (we can’t get involved if the CCTV only covers the user’s own property) we hope that the following guidance is useful to businesses and home owners alike.

  1. This part of our guidance note is split into two sections. The first section is an easy read for organisations to help you understand your obligations under data protection law and what you need to do when you’re thinking about putting in CCTV or using some other type of surveillance technology.

  2. The second section of this part of the guidance is about CCTV at home. It gives advice for homeowners and neighbours and explains when the law will or will not apply. We will also explain what we can and cannot do when we receive a complaint about someone using CCTV at home.

CCTV/Surveillance systems for businesses/organisations.
  1. This part of our guidance note will help you if you want to use CCTV/a surveillance system as part of your business. This is an overview; more detailed guidance can be found in the technical section below.
What is a surveillance system?
  1. We don’t have a definition of surveillance system in Jersey law, but when we talk about surveillance systems we use this to cover all the following things that collect footage (and can be recorded or live stream):
  1. CCTV or automatic number plate recognition systems
  2. Body Worn Video
  3. Drones
  4. Facial Recognition Technology
  5. Dashcams and smart doorbell cameras

  1. All the above are types of surveillance technology and can be used to monitor and record individuals (including their movements, and how they behave). This is likely to be personal data under the DPJL 2018 and this means that you need to comply with the law when you put CCTV or any other surveillance system in place.

  2. Personal data means any information that can identify you, such as your face, voice, movements or anything else the CCTV/surveillance system can pick up about you. What do you need to think about before installing a CCTV/surveillance system

  3. Types of surveillance systems, the reasons for using them, and the personal data processed vary and so not all parts of this guidance will be relevant in all cases.

  4. In all cases you must assess the level of risk, and you must consider the likelihood and the severity of any impact on individuals. High risk could result from either a high probability of some harm, or a lower possibility of serious harm.

  5. BEFORE installing a CCTV system you must consider the following questions:

  • Why do you want to install CCTV? What is your** purpose** and why is it necessary? E.g. is it to monitor cash registers? Is it to stop shoplifting?
  • Where do you want to install/use the CCTV?
  • What is your lawful basis for installing CCTV? Which part of Schedule 2, Part 1 or Part 2 of the DPJL 2018 are you saying applies to your using CCTV?
  • Is your use of CCTV proportionate?
  • How will you keep any images/recordings safe and secure?
  • How long will you keep the images/recording for and why?
  1. We have a checklist available that will help you decide whether you need to use a surveillance system and, if you do, to make sure you use it in accordance with the law.
Where can I install CCTV?
  1. CCTV shouldn’t be running in areas considered private e.g. toilets and changing rooms. Using CCTV here wouldn’t usually be fair or proportionate, meaning it wouldn’t be compliant with data protection law. In exceptional cases (such as when dealing with repeated serious antisocial behaviour) it may be necessary to have surveillance in private areas. You’d need strong justification for this and should make it clear that people are being filmed in these areas.

Example

A gym uses CCTV in its reception, corridors, and main workout areas to promote safety and prevent theft. It does not place cameras in toilets or changing rooms because these are private areas, and filming there would not normally be fair or proportionate. However, the gym experiences repeated incidents of serious vandalism and harassment occurring specifically in a small changing-area entrance. After trying other measures (such as increased staff presence and access controls) the behaviour continues. In this exceptional situation, the gym installs a temporary, tightly focused camera aimed only at the entrance area, avoiding any place where people might undress. It records only what is strictly necessary. Clear signs are displayed to inform users that CCTV is in operation and explain why. The gym also documents its justification and reviews the need for the camera regularly, removing it once the issue is resolved.

Record keeping 18. If your surveillance system is processing the personal data of individuals who are identified or are identifiable, you must register with us (including paying a fee unless exempt).

  1. You are responsible for what you do with the personal data you collect and use and you need to be able to show how you comply with the law. Specifically under Art.14(3) of the DPJL 2018, some organisations must keep a record of all the processing activities taking place. This applies to both controllers and processors that use surveillance systems. In any event, you usually need to be transparent with people about the fact you are recording them ad tell them what footage you are capturing, and why.

  2. The records you keep must set out.

  • The name and contact details of the controller and any joint controller, representative of the controller or data protection officer.
  • Why you are processing the information.
  • Descriptions of the categories of data subjects and personal data processed.
  • A description of who you are sending (or want to send) the personal data to.
  • Where it is envisaged that data will be sent outside Jersey (which includes using software/servers based in another country), the name of that country or organisation, and where required, the appropriate safeguards that are/will be in put in place to safeguard the personal data.
  • Where possible, how long you will be keeping the personal data for; and
  • Where possible, a general description of the technical and organizational measures implemented in respect of the processed data.
  • How are you going to tell people that you are using CCTV? Is it in an internal policy? Do you have signs?

Risk assessments and DPIAs

  1. In all cases involving CCTV (or any other surveillance system) you should carry out a Data Protection Impact Assessment (DPIA) which is a type of risk assessment done before you install any equipment. If you use video surveillance in a limited way but you wish to use your surveillance system for something new or different, you must carry out a new risk assessment before you start using the surveillance system in this new way.

Example

Company A has a CCTV system in the reception for safety and security purposes. It wants to start using that CCTV feed to monitor employee attendance in the building so it can monitor desk availability and resourcing. This would be using existing surveillance for a new purpose, so a new risk assessment would need to be carried out.

  1. You must carry out a DPIA for any processing that is likely to result in a high risk to individuals. This includes:
  1. Processing special category data.
  2. Monitoring publicly accessible places on a large scale.
  3. Monitoring individuals at a workplace.

  1. You should assess whether your use of surveillance is appropriate in the circumstances. As part of your assessment, you should also take into account the reasonable expectations of the individuals whose personal data are processed and the potential impact on their rights and freedoms.

  2. You must record your considerations and mitigations in a DPIA prior to any deployment of a surveillance system that is likely to result in a high risk to individuals. If high risks cannot be mitigated, you must consult with us. More information about what DPIAs are and how to do one, can be found in our guidance note here. We also have a template available for you to use here.

Home CCTV systems (including fixed cameras and smart doorbells)

  1. This part of our guidance note will help you if you want to understand what data protection law says when someone is using home CCTV at home. This includes the use of fixed cameras and smart doorbells. CCTV can help protect a person’s property, but there are some rules that owners should follow.

  2. Some users of domestic CCTV will need to comply with the DPJ 2018 it depends on what the camera can see. If a CCTV system captures images of people outside the boundary of their private domestic property – for example, from neighbours’ homes or gardens, shared spaces, or from public areas, then they will need to comply with the DPJL 2018. The DPJL 2018 won’t apply, however, if the cameras only cover the user’s private property and it doesn’t capture images beyond their boundaries. It’s not a breach of the law for people to have CCTV, they just need to comply with the law when it applies to them and when it does, respect the data protection rights of those whose images they capture.

Position of cameras

  1. When cameras are installed, their area of vision should only cover a person’s own property. If this isn’t possible and the CCTV covers other areas e.g. someone else's property, a public area or communal space, then data protection law applies. This is because CCTV can capture images and voices of other people, and this counts as their personal information.

  2. People may install CCTV on their property which could cover communal areas. If this captures images from a communal area then the law will apply to them.

Example

Your neighbour has become increasingly concerned about the security of their home due to reports of car tampering in the area. As a deterrent, they decide to install CCTV on their door. Their CCTV covers a communal area where their car is parked and not just their property. Your neighbour tells you why they want to install the CCTV, and there’s no way of only recording their own door without also recording a section of the communal areas. They also explain that they believe that the intrusion to your privacy will be low as the CCTV does not continuously record – it is only motion activated. In this instance it’s likely that your neighbour has a legitimate reason for using CCTV, however they do still need to follow the law because they are capturing footage that is on public areas (not just their own home and boundary).

What should I do if I want to install CCTV?

  1. Your neighbours may be concerned when they see cameras and may be worried about what the cameras are capturing and whether they look into their homes or gardens or cover public/communal areas. We encourage you to have a discussion with them before you put up any cameras and explain what areas the cameras will be covering. We have a draft letter you can use to send them here.(You will need to adapt it to make sure it sets out all the relevant information.)

  2. You should check:

  • That the CCTV only captures your property
  • Where footage is stored (e.g. Jersey, EU, UK, US).
  • Whether audio recording is on by default and if so, turn it off.
  • Whether “community sharing” is enabled, meaning clips may be shared automatically or uploaded to a neighbourhood app.
  • How to adjust motion zones to avoid neighbours’ property.
  • How long the app stores recordings for and whether this can be reduced.
  • Whether video previews or snapshots are uploaded to the cloud even when recording is off.
  • Users should disable any features that are not required and only record what is necessary for your purposes and no more.
  • What should I do if I am concerned about a CCTV camera or I’m unhappy about being recorded?
  1. In most cases, we suggest you start by talking or writing to the CCTV owner. You should:
  • Ask why they’re using CCTV – people usually install CCTV to monitor and protect personal property. It can make the person and their family feel safe. If you understand why they’re recording, it may put your mind at ease.**
  • Explain your concerns – the CCTV owner may not understand why you’re worried about being recorded. If you explain your reasons, they may reposition the cameras.
  • Ask if they are using filters or privacy blockers – the CCTV owner might be using filters or privacy blockers to reduce the intrusion to your privacy. This could mean that public spaces and other people’s property might be blurred out of the image.
  • Ask to see what they’re recording – the footage captured by the camera may not be as intrusive as you think. Seeing an example of what the camera records may make you feel less concerned.
  • Explain what you hope to achieve – if you want to achieve something specific, then politely explain your expectations to the CCTV owner. They might agree or work with you to find a middle ground.
  1. We have a letter that you can use to start the conversation.

What should I do if I have a neighbour dispute and/or feel harassed?

  1. If you have an ongoing dispute with your neighbour, you may wish to:
  • Try solving the problem informally by talking to them.
  • If your neighbour is a tenant, you could contact their landlord.
  • Consider using a mediation service, if raising the issue informally does not work. Citizens Advice Jersey may be able to help with this and have a Community Mediation service available to use free of charge.
  • Contact the States of Jersey Police, if your neighbour is breaking the law by being violent or harassing you. (We can’t get involved in those situations.)
  • As a last resort, you can take legal action through the courts.

What can I do if I think someone is recording my children?

  1. In most cases we suggest that you start by talking to the person doing the recording. The majority of people install CCTV to protect their own property, but sometimes capture images past the boundary. If you think this is the case you should speak to your neighbour first and you can raise a concern with us.

  2. If you are worried that the person is recording your child inappropriately, then you should contact the police.

Is my consent needed if I’m recorded on CCTV?

  1. Consent is not usually required for someone to install home CCTV. In many cases, the CCTV owner will have one or more ‘legitimate reasons’ to collect personal information through CCTV. Often, this will be to protect themselves, their family and property. This means that they don’t need the consent of anyone that is recorded by the camera. However, the CCTV owner must be able to demonstrate that their own interests outweigh any invasion of privacy for others.

Example

Your neighbour installs CCTV at the front of their property to deter criminals from breaking into their home. The neighbour doesn’t intend to access any recordings unless a crime has occurred. Despite carefully considering where to place the CCTV, the camera records a small part of a public street and, on occasion, it records people walking by. In this case, it’s likely that your neighbour’s interests outweigh any invasion of your privacy.

Can I object to a CCTV owner recording, even if they have a legitimate reason?

  1. You can object but that doesn’t necessarily mean that the CCTV owner must stop recording or reposition their camera. You have the right to object to the use of your personal information. To exercise this right, you must contact the CCTV owner to object to their use of your personal information.

  2. The CCTV owner must then think about whether they should be collecting or using personal information. If after receiving your objection they decide to continue using footage or sound, they should give a very strong reason to justify why. An example could be for crime prevention.

  3. If they can’t justify collecting the personal information, then they must stop recording or reposition the camera. However, we are unlikely to take steps to force a CCTV owner to move their camera unless we consider that the CCTV owner falls within the definition of data controller under the law, and that the circumstances are such that formal enforcement action is required. These situations are likely to be rare.

Example

You notice that your neighbour recently installed a CCTV camera at the back of their house. The position of the camera means that they’re also recording part of your property and you therefore decide to write to your neighbour to object to being recorded. After receiving your objection, your neighbour considers the reasons why they installed the CCTV and the intrusion to your privacy. Whilst they can justify recording their own property to prevent crime, they decide that recording your property is excessive. As a result, your neighbour repositions their CCTV camera to ensure they are no longer recording your property.

What are the rules?

  1. The DPJL 2018 says that where people capture images or audio recordings from outside (that go beyond) their property boundary must:
  • Have a clear reason for using the CCTV.
  • Make sure the CCTV doesn’t capture more than needed.
  • Let people know CCTV is being used (e.g. by displaying a sign).
  • In most cases, provide some of the recordings if asked by a person whose image or audio, or both, the CCTV has captured.
  • Delete the footage regularly or automatically, or both.
  • Stop recording a person if they object to being recorded and there’s no legitimate reason to continue recording them.
  1. If you want to use CCTV in your home, please see our checklist which will help you decide whether you actually need it and, if so, how to operate it in line with the law.

What rights do I have?

  1. You have a number of data protection rights under the DPJL 2018.
  • You can request a copy of the CCTV footage that you’re in from the CCTV owner. This is known as a subject access request (DSAR). Seeing this footage may make you feel less concerned as it may not record where you think it does.
  • You can request the CCTV owner deletes the footage you’re in. This is known as the right to erasure. You should explain why you would like them to delete the footage.
  • You can object to the CCTV owner using CCTV to record you. This is known as the right to object. You should contact the CCTV owner and explain that you object to being recorded. The CCTV owner must have a strong reason to continue recording you when you have objected to being recorded and they will need to be able to tell you why they need to keep recording.
  • In most instances, the CCTV owner should provide a response to your request within four (4) weeks.

What will the JOIC do if I make a complaint?

  1. You can complain to us if you think a CCTV owner isn’t following the rules and is recording images/audio outside their boundary. You can do this here. We also offer an Amicable Resolution process here. This is less formal than a complaint and may be better suited to this type of issue. When you raise a concern with us, you will need to tell us:
  • What your concerns are
  • What CCTV system is being used (e.g. make/model of camera)
  • What evidence you have that the camera is active and capturing images of you in your property/garden or in a communal area/public space. You can send us pictures or videos if you have them.
  1. We will usually write to your neighbour asking them to resolve things (e.g. put up an appropriate sign or respond to your requests or narrow the field of vision of their cameras). If you haven’t been able to tell us, we will also ask for information about the make and model of the camera including whether it’s actually in operation (sometimes people use decoy cameras that aren’t actually operational).

What can’t we do?

  1. If a homeowner is using CCTV within their own boundaries and we don’t have evidence that it’s capturing images or audio of public areas we cannot:
  • Remove a person’s CCTV camera;
  • Force a person to reposition or remove their CCTV;
  • Retrieve CCTV footage from a CCTV owner on your behalf;
  • Force a CCTV owner to delete recordings of you; or
  • Take court action on your behalf, or assist you with taking court action against a home CCTV owner.

This is because the DPJL 2018 doesn’t apply to the processing of personal data for domestic purposes and where it does, we have no remit to investigate.

  1. There are steps we can take if we have evidence that (on the balance of probabilities) shows that processing is taking place outside the homeowner’s boundaries but any action we take will depend on what processing how intrusive the CCTV is and the available evidence.

  2. If we are satisfied that the camera is being used appropriately (either because it’s only capturing images from within the boundary or that it’s capturing images outside the boundary, but the user is complying with the law) we will write to you and let you know about our findings.

For further information, read about what to expect when you’ve made a complaint.

*CCTV use by businesses and organisations. * 48. The collection, use, disclosure and retention of personal data, including images, film footage and voice recordings, are all subject to the requirements of the DPJL 2018 and this guidance is intended to assist owners and occupiers of premises, in particular those that are workplaces or are otherwise accessible to the public, to understand their responsibilities and obligations regarding data protection when using CCTV or other surveillance systems.

  1. Any person or organisation that collects and processes the personal data of individuals will be a data controller and any use of a CCTV/surveillance system must be considered in light of the obligations imposed by data protection legislation on data controllers, and implemented in accordance with the principles of data protection.

  2. The use of CCTV systems has expanded significantly in recent years, due to the increased sophistication of the technology and its affordability. CCTV systems have legitimate uses in securing premises, supporting workplace safety management, and aiding in the prevention and detection of crime. However, unless CCTV is used proportionately, it can give rise to legitimate concerns of unreasonable and unlawful intrusion into the data protection and privacy rights of individuals and that excessive monitoring or surveillance may be taking place.

  3. The DPJL 2018 requires data controllers to adhere to the principle of data protection by design and default. This means that you must build data-protection considerations into the way your CCTV/surveillance system is planned, set up, and operated, rather than treating them as an afterthought. You should configure the system so that it collects only the minimum amount of personal data needed for your stated purposes, and that stronger privacy-protective settings are enabled by default. This includes choosing equipment and software that allow you to limit what is captured, restrict who can access it, and apply safeguards such as automatic deletion, masking or blurring, and disabling audio unless it is strictly necessary. Designing and configuring your system in this way helps ensure that privacy risks are reduced from the outset and that your ongoing use of CCTV remains compliant with the law.

What are surveillance systems?

  1. This guidance covers the processing of personal data by video surveillance systems and we use the term "surveillance system" to cover traditional CCTV systems, Automatic Number Plate Recognition (ANPR), Body Worn Video (BWV), Drones (UAVs), Facial Recognition Technology (FRT), dashcams and smart doorbell cameras. These tools are grouped together because, despite their differences, they all fundamentally operate by capturing and processing images or related data in a similar way, and therefore raise comparable data-protection considerations.
  • Are images captured by surveillance system personal data?*
  1. Footage or images containing individuals who are identified or identifiable captured by surveillance systems are personal data for the purposes of the DPJL 2018. This includes footage or still images where a person can be recognised from:
  • Their face or body.
  • Distinctive clothing or behaviour.
  • Context (e.g., recording location and time).
  • Combination with other information you hold.
  1. If you are able to obscure or de-identify individuals from CCTV/surveillance system footage, the footage or images are still considered personal data if you are able to re-identify the individuals at some point in the future. Further, if footage or images are initially captured in an identifiable form and then irreversibly de-identified, the DPJL 2018 will still cover the processing up to the point of anonymisation.

Is audio captured by a surveillance system personal data?

  1. Audio recordings that capture any information relating to an identifiable person are personal data. This includes:
  • Their voice
  • Conversations
  • Background speech
  • Sounds linked to specific individuals (e.g., a child crying, someone laughing)
  1. Because voices are unique and may reveal identity, emotions, health, political views or other sensitive information, audio processing should be treated as high-risk and requires strong justification. In most routine CCTV/surveillance system settings, audio recording is not justified and should be turned off by default and triggered only in exceptional circumstances (e.g. in the case of threatening behaviour).

Accountability.

  1. Under the DPJL 2018, you must implement appropriate technical and organisational measures and to show that you have considered and integrated the principles of data protection law into your processing activities. It is also important that you identify an appropriate lawful basis, and justify any processing to be fair, necessary and proportionate.

  2. If you are a controller, and your surveillance system is processing the personal data of identifiable individuals, you must register with us and pay a fee to us unless exempt.

  3. The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles and you must be able to demonstrate your compliance with the law (Art.14(1)(a) and (b)). You must have appropriate measures and records in place to be able to demonstrate your compliance and these obligations continue throughout the life of the processing. Specifically, under Art.14(3) of the DPJL 2018, organisations are required to maintain a record of the processing activities taking place. Whilst this is not required for organisations of less than 250 people unless the processing:

  • Is likely to result in a risk to the rights and freedoms of data subjects.
  • Is not occasional.
  • Includes special category data or relates to criminal convictions or related security measures. It may apply to organisations using surveillance systems where the above criteria are fulfilled (Art.6(3)). The records you keep should cover areas such as the purpose(s) for the lawful use of surveillance, any data sharing agreements you have in place and the retention periods of any personal data.
  1. In many premises, such as multi-occupancy office buildings, or shared residential blocks, more than one organisation may be involved in deciding why and how CCTV/surveillance is used. In these cases you should clarify, in writing, who is the data controller, whether any parties are joint controllers, and which organisation is responsible for signage, handling rights requests, responding to complaints and liaising with JOIC. This allocation of responsibility should be reflected in your records of processing and in any contracts or agreements you put in place.
Considerations before installing a surveillance system
  1. Before installing/deploying any CCTV/surveillance system, the following questions will help you to determine whether you are acting in compliance with the law and we have a checklist available to help you.
  1. What is the purpose for the installation of the CCTV/surveillance system? What are you trying to observe taking place and why?

  • Art.8(1)(a) of the DPJL 2018 requires that personal data are “collected for specified, explicit and legitimate purposes and once collected, not further processed in a manner incompatible with those purposes”. This means that personal data must not be collected “just in case” – there must be a clearly identified purpose (reason) for the processing.

  • Clarity of purpose is essential as it ensures everyone understands what and why you are ‘collecting’ personal information. You must be clear about why you need to install the CCTV/surveillance system and be able to explain the reasons to the people whose data you are collecting.

  • Is the personal data captured only to be used for the stated original purpose? For example, if you tell employees that you are installing CCTV to prevent thefts, you cannot then use the footage for another reason (to monitor employee attendance, for example). If are you collecting the personal information for more than one purpose? Can you justify the other purpose(s)?

  1. What is the lawful basis you are relying on for processing?

  • As with any other processing of personal data in addition to your purpose, you must be able to identify a lawful basis for the processing and be able to say which of the processing conditions under Schedule 2 of the DPJL 2018 you are relying on.

  • It is essential that these purposes are identified at the outset and before any processing takes place.

  • There are a variety of lawful bases available under the law and you must choose the basis that most closely fits your particular requirements. Consent is unlikely to be a suitable lawful basis in these circumstances because it will likely be very difficult to obtain the freely given consent of everyone likely to be recorded (including in an employment context due to the inherent imbalance of power in the employer/employee relationship).

  • Owners or occupants of a site often use CCTV/surveillance systems to protect their property, safeguard goods, and ensure the safety of people on or around their premises. These aims can constitute a legitimate interest that permits the processing of personal data, as long as those interests are balanced against (and do not outweigh) the rights and freedoms of the individuals being recorded.

  • When a data controller relies on legitimate interests to operate CCTV, they must be able to show that the surveillance genuinely supports their stated aims, is necessary for those purposes, and does not impose an excessive or unfair impact on the people whose data is captured.

  1. Is the use of CCTV proportionate?

  • You need to be able to show that using CCTV/surveillance system is genuinely necessary for your stated purpose and that its impact on the people you record is proportionate. “Necessary” means more than CCTV being useful or convenient and you must explain why it is required for the purpose you have identified, and how the situation leading you to install CCTV/surveillance system supports that conclusion.

  • When assessing necessity, you should keep the data-minimisation principle in mind: you should only process the minimum amount of personal data needed, and avoid processing personal data entirely if the purpose can be achieved in another way. If other steps (such as on-site supervision or the use of security staff) have already been tried and have not worked, this may support the view that CCTV is a proportionate response.

  • Proportionality requirements mean that you must consider whether the scale and design of your CCTV system are reasonable for the aims you are trying to achieve. Think about how large an area you want to cover, how many cameras you intend to use, and how intrusive the monitoring may be. In workplaces, you should consider how many employees may be affected, how closely they will be monitored, and whether the circumstances justify any level of staff surveillance. In public areas, you should assess how much of the public will be recorded, whether children or vulnerable people may be affected, and what level of privacy individuals can reasonably expect in the spaces you plan to monitor.

  • Depending on the scope of the system, you may need to carry out a more detailed assessment. If your plans involve large-scale or systematic monitoring of publicly accessible areas, a Data Protection Impact Assessment (DPIA) will likely be required. Completing a DPIA means consulting relevant stakeholders (i.e. those who will likely be affected by your intended processing) and your data protection officer/lead. We have further guidance on DPIAs that can be found here.

  • You should also consider ways to limit the impact of CCTV on individuals. For example, you might operate cameras only outside business hours to protect property or ensure that cameras are not placed in locations where people reasonably expect a high level of privacy, such as toilets or changing rooms.

  1. Are you able to keep the footage safe and secure?

  • You need to put appropriate technical and organisational safeguards in place to keep CCTV footage secure and to prevent unauthorised access, accidental loss, or misuse. For CCTV systems, this usually means limiting who can view or handle the footage, protecting storage devices with strong passwords or encryption, and avoiding shared or generic login details that make it hard to track misuse. You should also ensure that the storage media are kept in a physically secure location and that you maintain (and regularly review) an access log so you can confirm that only authorised people have viewed the recordings.

  • Effective governance requires you to maintain comprehensive audit trails. These should document each time footage is viewed, any instance where clips are exported or shared, all system or configuration changes, and any failures, downtime or suspected misuse. Audit logs must be stored securely and reviewed periodically so that inappropriate access or misuse can be identified and addressed.

  • If your system allows remote access (such as viewing footage on a mobile phone) you must think carefully about the extra risks this creates. Remote access can be useful for monitoring empty premises outside working hours, but it also increases the chance of unauthorised disclosure if not properly controlled. In workplace settings, live remote viewing can raise further concerns if staff feel they are being continuously monitored. Using remote surveillance as a substitute for normal supervision is rarely justifiable from a data-protection standpoint.

  • Whatever security measures you adopt, you should support them with clear internal policies and procedures to ensure they remain effective. Access controls should be reviewed and tested regularly, and you should upgrade or strengthen your security arrangements whenever necessary.

  1. Are you only going to keep it as long as you need it for?

  • You need to make sure that CCTV/surveillance system footage is not kept for longer than is genuinely needed for the purpose you collected it for. The DPJL 2018 does not set a specific retention period, so you must be able to explain and justify the timeframe you choose. You cannot keep footage “just in case.” When deciding on a retention period, it can help to think about past incidents where CCTV/surveillance system footage was required and how long you realistically needed it for.

  • Your retention period should be the shortest amount of time necessary to meet your purpose, while still giving you enough time to review the footage before it is deleted. If your CCTV system has a built-in default retention period, you should check whether that default aligns with your own assessment. If it is longer than you need, you must reduce it accordingly.

  • If certain footage relates to a specific incident (such as a workplace accident or a potential criminal matter) you may have a valid reason to keep that portion for longer. In these situations, you should separate that footage from your normal recordings, store it securely, and retain it only for as long as required for the investigation or legal process.

  • You should also ensure your technology supports privacy-preserving features such as automatically deleting footage after the set retention period, cropping video to reduce what is captured, disabling audio, blurring or masking individuals when full images aren’t required, and using still screenshots instead of full recordings where this is sufficient.

  1. Are you being open and transparent about the footage you are collecting and what you are doing with it?

  • Accountability goes hand-in-hand with transparency. You must not only follow the data protection principles but also be able to demonstrate that you are complying with them. Most organisations (especially larger ones or ones that process special category data or monitor individuals on a large scale) must keep a record of their processing activities. This record should include details of any surveillance system you operate, the risks involved, and the steps you have taken to manage those risks.

  • If you have carried out an assessment before installing CCTV/surveillance system, you should document it thoroughly. Your records should clearly show why CCTV/surveillance system was necessary, how you assessed proportionality, and the criteria you used to reach your decision. This helps demonstrate that your use of surveillance is lawful, justified, and well-reasoned.

  • The DPJL 2018 also says that you must be open with people about how you use their personal data. For CCTV and other surveillance systems, this usually means making sure individuals know they are being recorded and understand why. Clear, well-placed signs (ideally at every entrance) are often the most effective way of giving this notice.

  • Covert or secret recording must only be used in exceptional circumstances where it is lawful, necessary and proportionate, and where transparency requirements do not apply due to a specific exemption.

  • It is up to you as the data controller to decide the best way to provide this information, taking into account who will see it but anyone whose image is captured must be able to access the following information easily, either directly on the signage or through another straightforward method such as a website or QR code. You can provide this information in a layered way: the sign gives key points, and more detailed information is available through a QR code, website link, or other accessible method:

  1. Which areas are under surveillance.
  2. Who the data controller is and how to contact them.
  3. Contact details for the Data Protection Officer, if you have appointed one.
  4. Whether your system is capturing video footage only or if it is also capturing audio.
  5. Whether recording is continuous or triggered by events (e.g. motion detection).
  6. Why the footage is being collected and how it will be used (including if it is transferred outside of Jersey).
  7. The legal basis you rely on for processing.
  8. Any third parties who may receive the footage.
  9. How the footage is protected.
  10. How long recordings are kept.
  11. The individual’s rights, including the right to complain to the Jersey Office of the Information Commissioner (JOIC).

Any notice must:

  1. Be clear, visible and easy to understand. If you have a large proportion of your workforce whose first language is not English, you may wish to consider making it available in the relevant additional language(s). Similarly, where children or vulnerable individuals are likely to be recorded, you should ensure the information is presented in a way they can understand, or provide an additional child-friendly explanation where appropriate.
  2. Contain details of the purpose of the surveillance and who to contact about if anyone has any concerns.
  3. Include contact details such as website address, telephone number or email address.
  4. We have an example sign you can adapt for your purposes here.
  5. If the States of Jersey Police or insurance companies request copies of your recording ensure they provide you with an authority form and keep a copy of what you send and keep it safe until the conclusion of any investigation.
  6. If you intend to use footage for a new or different purpose, you must update your privacy information and ensure individuals are informed in advance, unless a relevant exemption applies.
  1. Are you able to respond to data subject rights?

  • You must be able to respond properly and promptly to data subject rights requests, including requests from individuals who want to see footage of themselves. Anyone who can be identified in your recordings has the right to access their personal data, and you normally must respond within four (4) weeks. To help you locate the correct footage, you can ask the requester to provide a reasonable level of detail (e.g. the date, time, and location of the recording). If the footage has already been deleted in line with your retention schedule, you should explain that it no longer exists. However, once a request has been received, you must not erase any relevant footage until the request has been completed.

  • When you provide access, this will usually involve supplying a copy of the footage in a viewable format as well as explaining the purpose of the recording, the legal basis for processing, and any disclosures you have made. If it is not technically possible to provide a video file, a sequence of still images may be acceptable as long as all of the requester’s personal data is included. You must also consider the privacy of other people captured in the footage. If releasing unedited footage would negatively affect their rights or freedoms, you should take steps such as blurring or masking their images, unless you have their consent to share it in full, or consider that it is reasonable to do so without their consent.

  • Individuals may also ask you to delete CCTV/surveillance footage that includes their personal data. The right to erasure applies, but in practice will be limited where you still have a lawful reason to keep the footage. For example, you do not need to erase recordings that you require for security purposes, to investigate an incident, or to establish, exercise or defend legal claims. If none of these conditions apply however, and you no longer have a valid reason to retain the footage, you should delete it securely and confirm the outcome to the requester. To meet this obligation, you should ensure that your CCTV/surveillance system or supporting software allows you to locate and isolate specific clips, delete them without affecting other recordings, and document the steps you have taken.

  • To ensure you can meet these obligations without delay, you should have a clear internal process for handling requests and, if needed, identify a processor who can securely redact footage on your behalf. You may also wish to provide information on your website explaining how individuals can request access and what details you need to locate the relevant recording.

Risk assessing surveillance systems
  1. It’s important to record your reasons for using CCTV. You should document your decision, including your justifications. Our checklist will help you with this. If your use of CCTV is likely to result in a high risk to people, you’ll also need to carry out a Data Protection Impact Assessment (DPIA). A DPIA is a useful tool to help you identify the impact your use of CCTV may have on people, so you can reduce any risks. For example, if you have cameras in private areas, or are using CCTV to monitor staff. If you identify a high risk that you’re unable to reduce, you must contact us before you begin using the CCTV. You can find out more in our DPIA guidance here.

Example - Installing a GPS tracking device.

  • A maintenance company is considering installing GPS tracking devices on its fleet of service vehicles to improve route planning and respond more quickly to emergency call-outs. Before proceeding, the company assesses whether the tracking is necessary and proportionate, and what impact it may have on staff privacy.
  • The company concludes that tracking during working hours only is justified because it supports efficient scheduling, improves customer response times, and enhances lone-worker safety. However, tracking staff outside working hours would not be fair or proportionate, so the system is configured so that tracking is automatically disabled when vehicles are used for permitted private journeys.
  • Before installation, the company explains the proposal clearly to staff and carries out a consultation, giving employees an opportunity to ask questions, raise concerns, and provide feedback. The company also updates its policies and shares them with staff, detailing:
  • 1. The purpose of the tracking.
  • 2. When it operates and when it does not.
  • 3. What information will be collected.
  • 4. How long the information will be kept.
  • 5. Who will have access to the data.
  • 6. The safeguards in place to protect privacy.
  • 7. The company documents the justification for the system, completes a data protection assessment, and configures the tracking to collect only the minimum data needed for the stated purpose.
  1. If, having completed a DPIA you decide that the threat to property/health and safety etc. outweighs the risks to the rights and freedoms of individuals and you install a surveillance system you should ensure that:
  • The cameras are not installed in places where people are expected to enjoy privacy, such as inside a changing room/toilet area.
  • The surveillance system (both the physical hardware and the images captured) is protected and secure from vandalism or unlawful access.
  • The people affected are explicitly informed that they are under surveillance via CCTV, the purpose of surveillance and the means to raise an enquiry (including installing any appropriate signage).
  • The personal data collected by the surveillance system is deleted as soon as practicable when the purpose of the surveillance is completed.
  • The effectiveness of the safeguards and procedures for the surveillance system is regularly reviewed.
Choice of CCTV/surveillance systems, software and use of processors
  1. When choosing a CCTV or other surveillance system, you should consider not only the cameras and physical setup but also the software, data hosting arrangements, and any third-party services involved in running the system. Your choice of technology directly affects how well you can meet your obligations under the DPJL 2018.

Choosing appropriate surveillance software and technology

  1. The software you use (whether cloud-based or installed locally) must allow you to meet your legal responsibilities. When selecting a system, look for features that support:
  1. Data minimisation, such as options to crop footage, mask or blur images, disable audio, or reduce the recording area
  2. Configurable retention settings, including automatic deletion at the end of your defined retention period
  3. Role-based access controls, so only authorised staff can view, download, or manage footage
  4. Secure exporting options, such as encrypted downloads or watermarked clips
  5. Audit logs to show who accessed footage and what actions they took
  6. Strong authentication, ideally multi-factor authentication, especially for remote access
  7. Privacy-by-design functionality, such as limiting overly intrusive monitoring or using event-triggered recording.

Where the data is hosted

  1. It is essential to understand where your CCTV/surveillance system footage is stored, processed, or accessed. This applies whether the data is held:
  • On your premises (local servers or NVRs).
  • In a cloud environment.
  • On outsourced infrastructure managed by a security provider.

  1. If any footage is stored or accessed outside Jersey, additional legal requirements under the DPJL 2018 apply but, in short, you must assess the risks associated with transferring footage abroad in order to determine whether the destination jurisdiction provides appropriate safeguards for data subjects and you must document that assessment. Please see our guidance on international transfers here.

  2. Your processor must also be able to clearly explain where data is stored and which sub-processors (if any) have access to it and you should be cautious of consumer-grade or “plug-and-play” domestic systems that may lack these controls or route data through third countries without telling you.

  • Using third-party contractors (processors)*
  1. Many organisations rely on external security providers to install, manage, or maintain their systems. If a third party processes personal data under your instruction, they are acting as a data processor. Processors must implement strong security measures, such as:
  • Strict access controls.
  • Encrypted transmissions and storage.
  • Staff training in confidentiality and data handling.
  • Secure incident-handling procedures.
  1. Controllers must have a written contract in place with any processor. This contract must:
  • Specify what the processor may do with the data.
  • Detail the security requirements.
  • Set rules on sub-processors.
  • Identify retention requirements.
  • Require the processor to assist you with rights requests and breaches.
  • Address international transfers if any processing occurs outside Jersey.
  1. For more detailed guidance on choosing processors and managing processing contracts, please see our related guidance here.
Staff monitoring
  1. Monitoring employees or workers through CCTV or other surveillance systems is particularly intrusive and requires greater justification. Before using surveillance in a workplace setting, you must:
  • Consult employees in advance and allow meaningful feedback.
  • Explain clearly why monitoring is necessary and how footage may be used.
  • Ensure monitoring is not excessive and not constant unless justified.
  • Avoid placing cameras where workers have a strong expectation of privacy (e.g. break rooms, rest areas, shower rooms, prayer spaces, union meeting rooms).
  • Consider the effect on workplace culture, trust and wellbeing.
  • Avoid using CCTV as a substitute for management supervision.
  1. Covert monitoring of staff is only permissible in truly exceptional circumstances involving serious misconduct, and only where:
  • There is reasonable suspicion of criminal activity or gross misconduct.
  • Notification would prejudice the investigation.
  • The monitoring is time-limited, targeted and authorised at a senior level. Even then, covert recording must be a last resort and fully documented in the DPIA.
Facial Recognition and Biometric processing

  1. Facial Recognition Technology (FRT) and other forms of biometric identification, such as gait recognition or fingerprint-enabled access controls connected to surveillance systems, represent particularly intrusive forms of processing. These technologies almost always involve the processing of special category data and therefore create heightened and complex risks for individuals. For this reason, any intention to deploy FRT or other biometric tools must be subject to very careful consideration.

  2. Before introducing such a system, you must complete a DPIA. This is likely mandatory in all cases involving FRT or biometric identifiers because the systems will be based on automated processing. The DPIA must demonstrate that the proposed processing is genuinely necessary for the stated purpose and that no less intrusive alternative would achieve the same outcome. You must also be able to evidence that the use of such high-intrusion technology is proportionate to a real and significant risk, and that its deployment is not simply a matter of convenience or enhanced efficiency. As part of this assessment, you must consider the accuracy of the technology, including the risk of false matches, and evaluate whether any inherent bias could result in unfair or discriminatory outcomes for particular groups. If, having completed the DPIA, high risks remain that cannot be mitigated, you must consult with us before commencing any processing. You can submit your DPIA for consultation here. You may not begin processing until we have concluded the consultation process.

  3. In most routine operational contexts, the use of FRT is unlikely to be justified. This includes activities such as monitoring staff attendance, identifying visitors where other access-control methods are available, or monitoring members of the public entering shops, leisure facilities or other general premises. Conversely, its deployment may be justified in more exceptional circumstances, such as controlling access to restricted high-security areas or identifying individuals who pose a serious and evidenced threat to safety or security.

  4. Where FRT or other biometric processing is used, organisations must ensure that individuals are clearly informed before entering any monitored area. Given the sensitivity of biometric data, robust access controls must be in place, supported by comprehensive audit logs that record all access to, and use of, the data. Retention periods must be kept to the minimum strictly necessary, with biometric data typically deleted almost immediately unless a verified match requires additional investigation. Under no circumstances should biometric data be repurposed, reused for incompatible purposes, or linked to other databases without a lawful basis and full transparency.

Smart/analytics based cameras
  1. Where CCTV/surveillance systems use analytics or artificial intelligence (for example to track individuals over time, analyse behaviour, count people or generate heat maps), you must assess these features in the same way as any other high-risk processing. This means clearly defining the purpose of the analytics, ensuring they are genuinely necessary and proportionate, and updating your DPIA to reflect the additional risks. You should not use analytics to infer characteristics that people would not reasonably expect from CCTV (for example, their health, emotions or work performance), nor to profile individuals in a way that could be unfair or discriminatory. Any automated alerts or flags generated from analytics must be checked by a human before decisions affecting individuals are made.
Related Downloads