gdpr and dash cam legality

You know the way car insurance is skyrocketing these days? That’s down to both bad drivers and bogey claims. The former is also the driver, pun wholeheartedly intended, behind the widespread adoption of dash cams. Terrible drivers are bashing into people left, right and centre, so people are arming themselves with dash cams. However, what many owners of dash cams have yet to consider is the legality of this video recording equipment in Europe since the introduction of GDPR in May 2018. 

Here’s what you need to know.

What Is A Dash Cam?

Best start here! Dash cams are usually mounted on the windscreen with a camera facing out, seeing what the driver sees, and sometimes with a camera facing in. The latter is popular with taxi drivers for obvious reasons.

Back in the early days of Goosed.ie, I waxed lyrical about an app called Nexar which negates the need for a dedicated dash cam. Pretty cool idea that’s still going and working better than ever.

The better dash cams have more advanced features, including high-quality video recording and automatic recording based on motion. The reason people have a dash cam is pretty simple. In the event of a car crash, they have evidence of what happened, hopefully clearing the owner of any blame. There are other benefits starting to emerge too including discounted insurance premiums for dash cam users. Or, more indirectly, the chance that a dash cam may capture a crime. you’ll often see Gardai now appeal for people who may have been in an area with dash cam footage around the time a crime took place.

Simples. Dash cams seem to be a good thing, right?

Dash Cams And Their Legality Under GDPR

You’d be forgiven for thinking GDPR, the EU data protection legislation that passed in May 2018, was just for big businesses. At the time, I struggled to imagine a scenario where individuals would need to pay attention to GDPR, unless they had security cameras on their property.

Dash cams, however, have massive GDPR implications for drivers who want this extra piece of mind on the road. In many ways, the expectation on dash cam users are the same as a shop owner with security cameras.

Yup, believe it or not, if you own a dash cam and are recording people inside or outside your car, you need to adhere to GDPR rules and regulations.

GDPR Requirements For Dash Cam Owners

So, now you know that using a dash cam means you have some rules to follow, let’s dive into them:

  1. Handling Personal data must be done in a transparent manner
  2. Personal data should only be kept for as long as it’s needed
  3. You need to keep personal data secure and private
  4. People you record have a right to request their data

Handling Personal Data Must Be Done in a Transparent Manner

Transparent handling of personal data is a cornerstone of GDPR that companies now must adhere to when using your data. I should clarify here that an image of your face constitutes personal data which is why you need to play along with GDPR rules in the first place.

To tick step one off your list, things are going to get pretty damn nerdy, so sorry in advance.

First up, you need to display a sticker on your vehicle, in a prominent position, which informs people you have a dash cam recording them. If you thought that was bad…

Next up, you need to put together a policy sheet. This details why you have the dash cam, how long you keep footage and who you plan to share footage with. You’ll need to have a copy of this to hand should someone request it. According to the DPC, you can ream this off verbally too. They also state that in the event of an accident, you are required to inform the other party you recorded the event.

Personal Data Should Only Be Kept for as Long as It’s Needed

Dash cams starting to sound like less craic, right? “Here’s the perfect birthday pressie and a phone number for a lawyer to get you up and running!”. Only joking. Bad as things may seem, most of this GDPR stuff is logical enough. 

Next up when it comes to staying compliant is a bit of housekeeping. This won’t be an issue for many dash cam users as they have limited memory anyway, but you need to give consideration to how long you’re going to store footage for.

If you were in an accident, it makes sense you’d keep that footage longer than most videos. But that video of you at the McDonalds Drive Thru is probably less important.

You Need to Keep Personal Data Secure and Private

This is a no-brainer from start to finish. Your dash cam and the footage it captures must be kept safe an sound. This might be removed from view when parked, taking it out of the car altogether and being conscious of where you save footage to.

Take note of who can access the footage. If you’re lending your car to someone, you may want to take the camera out altogether. Finally, if you’re posting videos through platforms like YouTube, pay attention to the video to see if others are personally identifiable. 

People You Record Have a Right to Request Their Data

Say you’re cruising down the high street and you see an arm shoot out asking you to stop. Someone just saw your sticker saying your filming through a dash cam. Maybe they just had a “man slips on ice” moment and are concerned that you’re now the proud owner of a potentially viral video.

They are completely within their rights to request a copy of the video footage from you. This does get quite complicated because should anyone else be visible in the video, they need to be removed. Fun fun! If you have a friend who’s a video editor your laughing, if not, this could become a headache.

All Of That? Seriously?

By the letter of the law, according to the Data Protection Commissioner of Ireland, that’s the craic with dash cams. It might feel like overkill, but imagine you were in that pre-viral video. Wouldn’t you like to know you could legally request the footage?

Do I really think dash cam users are doing all of this? No. They’re not. But like many GDPR things, this will slowly become the new normal where dash cams are sold with disclaimer stickers and people like yourself know this is legally required.

CCTV and The AXA Example

A really interesting nugget came out soon after GDPR dropped in May 2018. A key principle of GDPR is data must only be captured and kept for a defined purpose. For shop owners, this proved to be quite a headache. Security cameras in stores capture personal data (images of people) for the purpose of aiding in the capture of would-be thieves. However, many CCTV systems in Ireland are terrible, capturing low-quality video and, as such, cannot achieve the defined purpose for which they are in place for. This means the CCTV owner is in breach of GDPR.

This is where the AXA thing is really interesting. They offer insurance discounts for people who purchase, but not necessarily use, a dash cam. However, from a GDPR point of view, the dash cam is in place for the purpose of capturing car crashes and accidents. Many are purchasing these AXA dash cams for the discount and never using them. Yup, mad as it sounds, that’s a breach of GDPR too, in a similar vein to that of the CCTV example I gave earlier!

What Did You Think Of That?