Does London mayor's ‘ring of steel’ breach UK Data Act?
If it really exists, it certainly looks like it...
London mayor Ken Livingstone's claims earlier this week that the capital's new charge zone cameras had a security aspect raised numerous questionmarks, not least of them being the one over Transport for London's registration under the Data Protection Act. Livingstone in the past few days has performed something of a somersault, to the extent that he now thinks the terrorist-stopping powers of the zone cameras are so great that they should and would be retained even if the original road-charging purpose turned out to be a complete failure.
It was an intriguing revelation because - presuming Ken isn't just making it up as he goes along - it means that a central London security monitoring zone has been introduced not by the police, not by the government, but by a local authority, without any prior consultation at all. And perhaps not even by a local authority - it is unclear to us whether any security purpose has been discussed at the Greater London Authority itself. The consultation that went out in the run-up to the scheme's adoption meanwhile makes no mention of security zones, focussing entirely on the relief of traffic congestion and the improvement of London's transportation systems.
Local authorities in the UK do of course introduce CCTV security systems without widespread 'do you want a ring of steel' consultation, but there is just the teensiest of differences here. Purpose is important as far as the Data Protection Act is concerned, schemes specifically designed as CCTV security (or indeed other) systems will have clearly defined and documented purposes, and at least ought to comply with the Data Protection Commissioner's CCTV guidelines, which are available here.
Traffic management and monitoring systems however are not necessarily CCTV surveillance systems, and are frequently designed not to function in this way - if they are simply snapping number plates, then they're not identifying individuals. So the UK's speed cameras snap the rear of the car, which is only going to get somebody's face in rather esoteric circumstances, and the congestion charge scheme itself is designed to snap number plates, not people.
So, when Ken talks merrily of cameras being panned, zoomed and being used to identify drivers, we have clear purpose-drift and the probable need for whole new categories of registration for TfL under the data protection act.
TfL's own data protection registration is substantial, and the paranoid might care to be worried about how many of the individual categories are tagged "Transfer: Worldwide". Purpose 7 covers CCTV and traffic management (and makes chilling reading in its own right - Political opinions? Religious beliefs? Sexual life? On a bus?) but it's Purpose 28 that concerns us here.
Note that among the data subjects listed are those buying permits, offenders and suspected offenders, those incurring penalty charges and evaders. But there is no reference to the cameras being used to identify individuals, and plenty of individuals not covered (car passengers, pedestrians, cyclists) could be identified by them. Note also: "Images of vehicles entering the charging zone; registration marks of these vehicles will be matched with keeper details held by the DVLA (Driver and Vehicle Licensing Agency) if a valid charge payment, exemption or discount is not held, so that a penalty charge notice may be issued."
That's pretty clear, isn't it? Identification of the vehicle owner will take place in the event of suspected evasion, and will be done via DVLA records. It doesn't say anything about more general vehicle identification or zooming in on faces, so if it's doing that TfL is in breach of the 1998 Data Protection Act. If it is doing that, incidentally, it should also have a code of conduct governing how and when it should be done. And we suspect demoing the zooming in on faces to the mayor might at the very least be deemed not to be good practice.
Bodies listed for disclosure are sufficiently wide to cover all of the security services, but again the lack of a stated security purpose and of a reference to direct identification via the cameras means Ken's claims aren't covered. As an aside, if you're one of the ones who thought foreign plates would be a good gag, you'll see you're probably going to be disappointed. We know we were.
Distribution for both the CCTV and the congestion charge registrations is listed as being worldwide, but this is likely to be simply because of the companies involved in the implementation and management of the systems, rather than because its all being sent over to the CIA. It would however be nice to know what, why and to whom.
But you could try to find out. There's a FAQ on obtaining information on what's held on you here. Note that "Data controllers may ask for the information they reasonably need to verify the identity of the person making the request and to locate the data." As far as CCTV footage is concerned, this is generally viewed as meaning you need to tell them where and when you were in the zone. This however might be a little tricky if you were moving through a zone crawling with cameras for, say, an hour or so.
This could make finding the data expensive and difficult, if there is in fact qualifying data being recorded. The score from day one, incidentally, was claimed yesterday to be approximately 80,000 permits sold, and around 10,000 possible offenders. Chasing all of these would be expensive if they were being manually matched up with a picture of the vehicle, but as the DP registration doesn't mention this, we're pretty sure they're not. So we expect some interesting bloopers to emerge in the next couple of days. ®
Sponsored: DevOps and continuous delivery