______________________________________________
For Written Answer on : 11/06/2024
Question Number(s): 518 Question Reference(s): 24637/24
Department: Justice
Asked by: David Stanton T.D.
______________________________________________
QUESTION
To ask the Minister for Justice further to Parliamentary Question No. 126 of 22 May 2024, to outline the situation with respect to the need for data controllers for community-based CCTV systems; if her Department has any role in providing such support to enable data controllers to be employed; and if she will make a statement on the matter.
REPLY
The current legal framework providing for community CCTV schemes, which has been in place since 2006, requires that any proposed scheme must:
- be approved by the local Joint Policing Committee,
- have a data protection impact assessment prepared,
- have the prior support of the relevant local authority, which must act as a joint data controller with An Garda Síochána and a joint data controller agreement must be put in place, and
- have the authorisation of the Garda Commissioner.
The Garda Síochána (Recording Devices) Act 2023, which was signed into law in December last year, will reform CCTV schemes. Under the Act, community groups will continue to have a say in keeping their community safe.
It is envisaged that the Local Community Safety Partnerships (LCSPs), which will be established under the Policing, Security and Community Safety Act 2024 to replace Joint Policing Committees, will be the appropriate body to request community CCTV schemes in the future. Local residents, Local Authority staff, Councillors and members of An Garda Síochána will all be represented on the Partnerships, and will be best-placed to know how CCTV can be appropriately utilised in their area.
Other changes include new requirements for the Garda Commissioner to develop a Code of Practice for CCTV which will set out the procedures and standards to be followed, as well as the new rules around confidentiality, security, storage, access and retention of data and data subject rights. In authorising a CCTV scheme, the Commissioner will ensure that a data protection impact assessment and a human rights impact assessment have been carried out prior to an authorisation being granted. Authorisations must be reviewed every five years and no new cameras or increased capability can be added to a CCTV scheme without a new authorisation being sought. It will also be an offence to operate CCTV in a public place for crime prevention or public safety purposes without an authorisation from the Garda Commissioner.
As well as those new standards, persons who can operate CCTV cameras and have access to their servers will be limited to Local Authority staff and Garda staff. An Garda Síochána and the local authority will be required to enter into a joint-data control agreement which will set out their respective rights and responsibilities in relation to the data.
All those parts of the Garda Síochána (Recording Devices) Act which have yet to be commenced, including Part 5 which deals with the authorisation and operation of CCTV, will be commenced later this year or early next year.
The work of local authority data controllers for community-based CCTV systems is essential for ensuring legal compliance, protecting privacy, promoting accountability, managing risks, and facilitating effective management of schemes. As Local Authorities are independent in their functions, with pre-existing data protection obligations and designated staff, it entirely a matter for each Local Authority to decide if they require additional data protection controllers to support the operation of the community-based CCTV scheme.
