Additional considerations for technologies other than CCTV
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Advances in technology and software mean that surveillance systems can pose an increased risk to people’s privacy in both the public and private sectors. This section covers developing and pre-existing technologies, and also highlights additional considerations when using surveillance systems to process personal data, with good practice recommendations you should follow in order to comply with the UK GDPR and DPA 2018.
Surveillance technologies can be interconnected, which means that information can be shared or linked easily. If you are intending to match data together from different systems, you need to be careful that the information you are collecting is:
- accurate;
- not excessive;
- used only for defined purposes; and
- the use is still necessary and proportionate throughout the lifecycle of the processing.
Some systems also allow for data to be integrated into broader ‘big data’ processing systems that your organisation may operate. This has implications in terms of profiling, what you can learn about individuals and how you make decisions about them. The ICO published a report on the data protection implications of big data that covers this issue in further detail.
This guidance specifically covers: