Monitoring private property with surveillance cameras is a legitimate interest of the owner. In some situations, however, the interests of the persons concerned that are worthy of protection outweigh this. If necessary, the supervisory authority can even order the surveillance camera to be switched off. However, as soon as the surveillance camera is switched off, the possibilities of the supervisory authority end.
A switched-off surveillance camera is not subject to the GDPR. However, legal claims against the owner may arise from other bases of claims.
May the supervisory authority order the dismantling of a surveillance camera?
The plaintiff is the owner of a property with a shopping centre and a billboard. Several surveillance cameras were attached to this billboard, one of which monitored the junction area of a road leading to the car park of the shopping centre. The supervisory authority ordered the shutdown and dismantling of this surveillance camera. The data processing by the surveillance camera was unlawful. The administrative court dismissed the complaint against the dismantling order. A switched-off surveillance camera does not process any data, so that the scope of application of the GDPR is not opened. Moreover, Article 58(2)(f) of the GDPR does not authorise the authority to issue a dismantling order.
The appeal against the Administrative Court's decision to the OVG was unsuccessful.
Why is a switched-off surveillance camera not subject to the GDPR?
According to the OVG Rhineland-Palatinate, video recordings and their temporary storage by a surveillance camera are indeed data processing operations within the meaning of Art. 4 of the GDPR. However, personal data are no longer processed by the surveillance camera at issue. The plaintiff had indisputably switched off the surveillance camera in question. The corresponding order of the supervisory authority is also final. The Rhineland-Palatinate OVG also based its legal opinion on corresponding views in the literature on data protection law and the Data Protection Conference(see Simitis/Hornung/Spiecker gen. Döhmann, Datenschutzrecht, 1st edition 2019, Annex 1 to Art. 6 para. 43; also: Datenschutzkonferenz, Orientierungshilfe Videoüberwachung durch nicht-öffentliche Stellen, 17 July 2020, No. 1.1, p. 5).
Why did the plaintiff not have to dismantle the surveillance camera?
The Rhineland-Palatinate OVG shared the legal opinion of the administrative court that the supervisory authority can only order a restriction of processing via Art. 58(2)(f) of the GDPR, but not its dismantling. Article 58(2)(f) of the GDPR also does not authorise the issuance of a dismantling order as a "technical and organisational measure in the processing environment". The obligation to implement such measures does not exist in isolation. They must always be seen in connection with data processing operations. In the absence of data processing by the surveillance camera, there is no room for technical-organisational measures.
Dismantling a surveillance camera as a precautionary measure?
The supervisory authority also based the dismantling order on the fact that it could not control whether the owner secretly switched the surveillance camera on again. This risk could only be countered by dismantling the surveillance camera.
In this regard, the OVG Rhineland-Palatinate objected that according to Article 58 (6) sentence 1 of the GDPR, each Member State would be free to provide its supervisory authorities with additional powers in addition to those listed in paragraphs 1 to 3. So far, the national legislator has only made use of this opening clause in the form of Section 40 (3) sentence 3 and (6) sentence 2 BDSG(cf. Simitis/Hornung/Spiecker gen. Döhmann, loc. cit., Art. 58, para. 74), but not with regard to the authorisation to issue a removal order.
Can I safely install surveillance cameras now?
The answer is quite clearly: No!
Here is what you need to consider:
- As soon as you install and switch on a surveillance camera, you must comply with the GDPR. You must put up a clearly visible sign indicating the video surveillance outside the surveillance area. In addition, the surveillance must be proportionate. There are many specifics to consider in this regard. You may also have to carry out a data protection impact assessment according to Art. 35 of the GDPR before you put the surveillance camera into operation.
- If you install a surveillance camera but do not switch it on, the GDPR is not applicable. Orders from the supervisory authority to switch off or dismantle the camera will ultimately be unsuccessful. BUT: Do not take the orders of the supervisory authority lightly. As a rule, you must respond to letters from the supervisory authority at least in substance.
- Switched-off surveillance cameras or dummy cameras can nevertheless lead to infringements if there is a "surveillance pressure". This is the case if third parties must objectively seriously fear surveillance by surveillance cameras or by a dummy camera(cf. BGH, judgement of 16 March 2010, file no. VI ZR 176/09). In this case, the general right of personality of the individual in its manifestation as the right of informational self-determination is encroached upon. They would therefore have to expect claims for defence, injunctive relief and damages from those affected.
As you can see, the subject of surveillance cameras contains various pitfalls. You should definitely seek legal advice before installing a surveillance camera or a dummy camera.
Source: OVG Rhineland-Palatinate, judgement of 25.06.2021, ref. no. 10 A 10302/21
Previous instances: VG Mainz, judgement of 24.09.2020, ref. 1 K 584/19.MZ
We are happy to advise you in the entire area of IT/IP and data protection law. We have already advised many clients on the topic of "video surveillance". We also support you with a data protection impact assessment.
GoldbergUllrich Lawyers 2021
Julius Oberste-Dommes LL.M. (Information Law)
Lawyer and
Specialist lawyer for information technology law
