Additional considerations for technologies other than CCTV
-
The Data (Use and Access) Act 2025 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
Advances in technology and software mean that surveillance systems can pose an increased risk to people’s privacy in both the public and private sectors. This section covers developing and pre-existing technologies, and also highlights additional considerations when using surveillance systems to process personal data, with good practice recommendations you should follow in order to comply with the UK GDPR and DPA 2018.
Surveillance technologies can be interconnected, which means that information can be shared or linked easily. If you are intending to match data together from different systems, you need to be careful that the information you are collecting is:
- accurate;
- not excessive;
- used only for defined purposes; and
- the use is still necessary and proportionate throughout the lifecycle of the processing.
Some systems also allow for data to be integrated into broader ‘big data’ processing systems that your organisation may operate. This has implications in terms of profiling, what you can learn about individuals and how you make decisions about them. The ICO published a report on the data protection implications of big data that covers this issue in further detail.
This guidance specifically covers: