Professor Lorna Woods, co-author of “EU Law” by Steiner and Woods, examines a case about data protection and CCTV use.

Introduction

The Czech Supreme Administrative Court referred a question to the Court of Justice regarding the “household activity” exception in the EU Data Protection Directive. This case, Ryneš, involved CCTV footage capturing images beyond the operator’s property, raising questions about the exception’s scope, especially since the Directive states data processing must be “exclusively” for personal and household purposes. While Member States handle this differently, the Court, besides the Lindqvist case, hasn’t clarified the household exception’s applicability. The EU Charter of Fundamental Rights, recognizing privacy and data protection rights, adds another layer to this. The Advocate General’s Opinion, published later than planned, addresses these issues.

Facts

Mr. Ryneš installed a CCTV camera on his house, capturing his front door, public footpath, and the opposite house, aiming to deter property crime. Despite the camera, his windows were vandalized. The footage helped identify suspects, but one questioned the CCTV system’s legality under Czech data protection law, which implements the EU Directive.

Question Referred

Citing Article 3(2) of the Data Protection Directive, which outlines a “household exception” for personal or household activities, Mr. Ryneš argued his CCTV use fell under this exception. The Court then needed to clarify if using a camera system on a family home for protection, even if it captures public spaces, qualifies as “processing of personal data… by a natural person in the course of a purely personal or household activity.”

Opinion of the Advocate General

The Advocate General highlighted that data storage, erasure, or usage were irrelevant; the focus was on the constant surveillance by the fixed CCTV system. This opinion didn’t cover different devices like mobile phones. The Advocate General stressed the Charter’s relevance and the need to interpret the Directive, particularly its limitations, in light of the right to privacy, echoing principles from the Google Spain case. He emphasized the need for a high level of protection in both public and private contexts, as stated in the Digital Rights Ireland judgment.

The Advocate General differentiated between police activities and Mr. Ryneš’s, stating that Mr. Ryneš wasn’t acting as law enforcement, despite providing footage to them. Therefore, the policing exception didn’t apply. He argued that objective factors, not subjective views, should define the Directive’s scope. Referencing cases like Satamedia and Lindqvist, he stated that exceptions and limitations should be interpreted narrowly.

Drawing parallels to AG Tizzano’s example of personal correspondence and address books in Lindqvist, the Advocate General suggested limiting the exception to activities that are clearly private and confidential. This encompasses activities inherently linked to private life without significant intrusion on others’. Family life, while not limited to homes, has a clear connection with the domestic sphere. For the household exception to apply, there’s an added requirement of exclusivity, applicable to both private and family life. He concluded that while video surveillance of others isn’t exclusively “personal,” it could fall under “domestic activity.” However, expanding surveillance to public areas isn’t exclusively domestic due to its impact on others’ desire for anonymity. The concern, as highlighted in Digital Rights Ireland, is the implications of constant surveillance.

Therefore, the Advocate General concluded that the household exception couldn’t be applied in this case.

Comment

This case seems to follow a pattern of the Court and its Advocates General interpreting the Data Protection Directive to enhance data subject protection. This is evident in their attention to Google Spain and references to Digital Rights Ireland. While Lindqvist informed the detailed understanding of Article 3(2), it didn’t significantly influence the overall approach. While Satamedia allowed a broad interpretation of the “journalistic exception” in Article 9, this case differs because Article 3(2) removes data from the Directive’s scope entirely, and unlike Article 9, there’s no countervailing interest like freedom of expression.

A recurring theme is the impact of constant surveillance on individuals and society, aligning with recent cases and mirroring ECHR case law. While the Advocate-General disregarded Peck (concerning security footage reuse by local authorities), existing case law addresses state surveillance, such as Liberty v. UK and the ongoing Big Brother Watch v. UK. The Advocate-General avoided discussing other surveillance devices like mobile phones, claiming different characteristics, but the underlying concern about surveillance’s impact on individuals remains. Mobile phone use, however, tends to be individual instances, potentially falling under the household exception.

Devices like Google Glass, enabling continuous recording, blur the line of when monitoring occurs. This differs significantly from using a mobile phone for filming, despite Google’s claims that Google Glass is similar. If the Court agrees with the Advocate General, it impacts the UK Information Commissioner’s (ICO) advice on Google Glass, which suggests “personal use” as non-business use, possibly triggering data protection procedures. Data Protection Commissioners have expressed concerns about Google Glass and local law compliance. Perhaps the ECJ’s stance might grab Google’s attention, though the burden and penalty risks seem to fall on users.