Domestic use of CCTV systems.


The processing of personal data kept by an individual and concerned solely with the management of his/her personal, family or household affairs or kept by an individual for recreational purposes is exempt from the provisions of the Acts. This exemption would generally apply to the use of CCTVs in a domestic environment. However, the exemption may not apply if the occupant works from home.


Some Case Studies relevant to this topic:


The following Case Studies, which have appeared in Annual reports of the Data Protection Commissioner over recent years, may be of some interest. Click on the Case Study details to see the full text.


CASE STUDY 8/05 - CCTV cameras on the luas line




       Users who read this document also viewed...


    21 February 2005 - Documents by Topic display page


    24 February 2004 - Documents by Topic


    21 February 2005 - Details of Registrant


    17 February 2005 - Self Assessment Data Protection Checklist




Guidance Notes - Monitoring of Staff


The Data Protection Commissioner accepts that organisations have a legitimate interest to protect their business, reputation, resources and equipment. To achieve this, organisations may wish to monitor staff’s use of email, the internet, and the telephone. However, it should be noted that the collection, use or storage of information about workers, the monitoring of their email or internet access or their surveillance by video cameras (which process images) involves the processing of personal data and, as such, data protection law applies to such processing. The processing of sound and image data in the employment context falls within the scope of the Data Protection Laws.


The Article 29 Working Party, has adopted a Working Document (WP55) on the surveillance of electronic communications in the workplace. Its main guiding principle is that you do not lose your privacy and data protection rights just because you are an employee. Any limitation of the employee’s right to privacy should be proportionate to the likely damage to the employer’s legitimate interests. An acceptable usage policy should be adopted reflecting this balance and employees should be notified of the nature, extent and purposes of the monitoring specified in the policy.


In principle, there is nothing to stop an employer specifying that use of equipment is prohibited for personal purposes but the likelihood is that most employers will allow a limited amount of personal use. In the absence of a clear policy, employees may be assumed to have a reasonable expectation of privacy in the workplace.


The following points need to be addressed by data controllers:


  • the legitimate interests of the employer - to process personal data that is necessary for the normal development of the employment relationship and the business operation - justify certain limitations to the privacy of individuals at the workplace. However, these interests cannot take precedence over the principles of data protection, including the requirement for transparency, fair and lawful processing of data and the need to ensure that any encroachment on an employee’s privacy is fair and proportionate. A worker can always object to processing on the grounds that it is causing or likely to cause substantial damage or distress to an individual.
  • monitoring, including employees’ email or internet usage, surveillance by camera, video cameras or location data must comply with the transparency requirements of data protection law. Staff must be informed of the existence of the surveillance, and also the purposes for which personal data are to be processed. If CCTV cameras are in operation, and public access is allowed, a notice to that effect should be displayed. Any monitoring must be carried out in the least intrusive way possible. Only in exceptional circumstances associated with a criminal investigation, and in consultation with the Gardai, should resort be made to covert surveillance
  • monitoring and surveillance whether in terms of email use, internet use, video cameras or location data are subject to data protection requirements. Any monitoring must be a proportionate response by an employer to the risk he or she faces taking into account the legitimate privacy and other interests of workers.
  • at a very minimum, staff should be aware of what the employer is collecting on them (directly or from other sources). Staff have a right of access to their data under section 4 of the Data Protection Acts.
  • any personal data processed in the course of monitoring must be adequate, relevant and not excessive and not retained for longer than necessary for the purpose for which the monitoring is justified.


Use of the Computer Network, E-Mail and Internet.


Private use of the Internet in the workplace and the monitoring of private emails pose certain challenges. A workplace policy should be in place in an open and transparent manner to provide that:


  • A balance is required between the legitimate rights of employers and the personal privacy rights of employees
  • Any monitoring activity should be transparent to workers
  • Employers should consider whether they would obtain the same results with traditional measures of supervision
  • Monitoring should be fair and proportionate with prevention being more important than detection.



Office Premises
Synergy House
10, Oakview Drive
Dublin 15

Contact Info

Tel: +353 (0)1 8215189
Mobile: +353 (0)87 2326927

Find Us