Thursday, 16 July 2020

Taxi Leaks Guest Article: Taxi Dash Cams And Data Protection... byChris Salmon.


Research shows that dash cams improve road safety for drivers, passengers and other road users. Dash cams and internal CCTV also provide several additional benefits to taxi and PHV drivers. Passengers are less likely to be aggressive and bilk fares, and if an accusation is made against a driver, the footage will support their innocence.

Given the upsides, it’s not surprising that local authorities are increasingly requiring taxis and PHV firms to install continuously recording dash cams in all their vehicles. The downside is (depending on the implementation of the rules) this may not be legal. The penalties for breaching privacy regulations can be high.

Why could dash cam use be problematic?
The UK’s data protections laws, including ICO and GDPR regulations, set out strict rules for handling personal data. Under GDPR, “personal data” has a broad definition and can include anything from audio recordings of conversations to number plates.

One key principle of the regulations is that any system that could record personal data (like CCTV and dash cams) must only be used for a “clearly defined and specific purpose”. In this context, dash cams should only be used if their use is a reasonable and proportionate solution to the problems of road and driver safety.

Similarly, personal data should be stored for as little time as is necessary, up to a maximum of 28 days unless the footage is required for police or insurance reasons.

The regulations also require that the data is only accessible by trained staff, for specific purposes, and that data is encrypted and stored securely.

Local authority rules on dash cams
In some local authorities, dash cam use is voluntary. Some councils have mandated the use of dash cams, with varying degrees of clarity.

Under GDPR rules, local councils that require cameras to be used may themselves be “data controllers”. This means the council itself must comply with GDPR. Taxi drivers’ right to privacy (as set out in the Human Rights Act) must not be unreasonably infringed by onerous council rules. Dash cams are actually banned in several EU countries, with authorities citing data protection concerns.

In London, TFL have approved a list of camera technology. If your local authority hasn’t produced a list, the TFL options should be a good start.

If you regularly travel between different local authorities, it would be worth checking what rules apply in each case.

What must taxi firms and drivers do to comply with privacy laws?
Firstly, dash cams should not be used if a less-invasive solution will suffice. If a firm is using dash cams to monitor speeding, would a GPS device be a simpler, better choice?

Assuming that using a dash cam is reasonable and defensible, the chosen camera must have certain features to be compliant. Key requirements are:

  • Security - Can the dash cam be fixed to the vehicle and secured to prevent someone walking off with the device or pocketing the memory card (if removable)?
  • Storage - Is the footage encrypted? GDPR requires that personal data be encrypted when stored.
  • Functionality - Can the audio or visual recording be easily disabled when not needed?

The case for both external and internal visual recording is easy to make on safety grounds. It is harder to argue that an audio recording of passengers’ conversations is necessary. In addition, drivers who also use their vehicle for personal use should have the ability to easily disable the camera (if they wish) when they are off the clock.

Where internal cameras are installed, there must be clearly visible signage to inform passengers of the use and purpose of the camera. Failure to clearly notify passengers, at all entry points to the vehicle, of the use of CCTV is a breach of the regulations. The signs must identify the data controller and provide their contact details.

Dash cam users should also consider registering with the ICO. Although local authorities may not require this step, registration will make it easier to demonstrate compliance with the rules. The ICO can also assist with evidence requests or “subject access requests” made by passengers asking to access their personal data (i.e. the recording).

If a dash cam or memory card is stolen, goes missing, or the data may be otherwise compromised, the regulations require that the breach (or suspected breach) be reported within 72 hours. Affected passengers may also need to be contacted, where possible.

For more information, the ICO’s CCTV code of practice is a useful guide.

Other concerns
Internal and external view cameras should be fitted in compliance with MOT and Construction in Use rules. These rules ensure the position of the cameras won’t obstruct the driver’s view, or compromise passengers’ safety in the event of a collision.

Camera footage should also be reviewed on an occasional basis, by an authorised person, to ensure the camera is actually working and fit for purpose.

Working or not, the presence of dash cams are a useful deterrent against passengers’ bad behaviour. In the event of a serious incident or accusation, however, a camera that stopped working due to a power issue or full memory is just an expensive lump of plastic.

Whether you are self-employed or work for a taxi or PHV firm, the benefits of dash cam use should offset the downsides to dash cam use, including set up costs and regulatory compliance.

Data breach fines can often seem unreasonably high, but provided that recordings are secure and the correct signage is used, a breach or violation of the rules is unlikely. No driver safety solution is perfect, but if the worst should happen, dash cam footage could make a real difference to the outcome of an incident.

   

Chris Salmon is a co-founder and Director of https://www.quittance.co.uk  and is a regular commentator in the legal press.

No comments: