Private Hire and Hackney Carriage Licensing Policy 2021 to 2026
Appendix L - CCTV guidance
CCTV in Vehicles
The hackney carriage and private hire trades are encouraged to build good links with the local Police force, including participation in any Crime and Disorder Reduction Partnerships and the Council look sympathetically on, and actively encourage, the installation of security measures such as a screen between driver and passenger or CCTV systems as a means of providing some protection for drivers.
It is not proposed that such measures should be mandated as part of the licensing regime at this time, it is considered that they are best left to the judgment of the proprietors and drivers themselves.
The proprietor of any vehicle with inward facing CCTV must notify the Council and display a sign approved by the Council advising passengers that a CCTV system is in operation in the vehicle. Where CCTV is in place there is an expectation that it is in working order when passengers are being carried.
As CCTV is not currently mandatory it shall be the proprietor's responsibility to comply with Data Protection legislation and the vehicle proprietor will be the data controller.
The CCTV recording must be available for viewing by a Police Officer or an Authorised Officer of the Council on request. Any failure to comply with this request will be reported to the Council for consideration of the appropriate action to be taken.
Any reports of misuse of CCTV or recorded images may result in the immediate suspension of both the vehicle and driver licences and/or referral to the Licensing Committee for consideration as to any disciplinary action.
The Department for Transport have issued the following guidance on the use of CCTV in licensed vehicles. The use of CCTV can provide a safer environment for the benefit of taxi/private hire vehicle passengers and drivers by:
- deterring and preventing the occurrence of crime
- reducing the fear of crime
- assisting the Police in investigating incidents of crime
- assisting insurance companies in investigating motor vehicle accidents
CCTV systems that are able to record audio as well as visual data should be both overt (i.e. all parties should be aware when recordings are being made) and targeted (i.e. only when passengers) drivers) consider it necessary). The recording of audio should be used to provide an objective record of events such as disputes or inappropriate behaviour and must not be continuously active by default and should recognise the need for privacy of passengers' private conversations between themselves. Activation of the audio recording capability of a system might be instigated when either the passenger or driver operates a switch or button.
It is important that data controllers fully consider concerns regarding privacy and should consider how systems are configured. For example, vehicles may not be exclusively used for business, also serving as a car for personal use - it should therefore be possible to manually switch the system off (both audio and visual recording) when not being used for hire. Data controllers should consider the Information Commissioner's view on this matter that, in most cases, a requirement for continuous operation is unlikely to be fair and lawful processing of personal data.
It is essential to ensure that all recordings made are secure and can only be accessed by those with legitimate grounds to do so. This would normally be the Police if investigating an alleged crime or the Licensing Authority if investigating a complaint or data access request. Encryption of the recording to which the vehicle proprietor, acting as the data controller, holds the key, mitigates this issue and protects against theft of the vehicle or device. It is one of the guiding principles of data protection legislation, that personal data (including in this context, CCTV recordings and other potentially sensitive passenger information) is handled securely in a way that 'ensures appropriate security', including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
All passengers must be made fully aware if CCTV is operating in a vehicle. Given that audio recording is considered to be more privacy intrusive, it is even more important that individuals are fully aware and limited only to occasions when passengers (or drivers) consider it necessary. The recording of audio should be used to provide an objective record of events such as disputes or inappropriate behaviour and must not be continuously active by default and should recognise the need for privacy of passengers' private conversations between themselves. Activation of the audio recording capability of a system might be instigated when either the passenger or driver operates a switch or button.
As well as clear signage in vehicles, information on booking systems should be introduced. This might be text on a website, scripts or automated messages on telephone systems; the Information Commissioner's Office (ICO) has issued guidance on privacy information and the right to be informed on its website.
The Home Office 'Surveillance Camera Code of Practice' advises that government is fully supportive of the use of overt surveillance cameras in a public place whenever that use is:
- in pursuit of a legitimate aim
- necessary to meet a pressing need
- proportionate
- effective, and
- compliant with any relevant legal obligations
The Code also sets out 12 guiding principles under section 33(5) of the Protection of Freedoms Act 2012, vehicle proprietors must have regard to as the 'System Operator'. The role requires consideration of all guiding principles in this code. The failure to comply with these principles may be detrimental to the use of CCTV evidence in Court as this may be raised within disclosure to the Crown Prosecution Service and may be taken into account.
The Surveillance Camera Commissioner (SCC) has provided guidance on the Surveillance Camera Code of Practice in its 'Passport to Compliance' which provides guidance on the necessary stages when planning, implementing and operating a surveillance camera system to ensure it complies with the code.
The Information Commissioner's Office (ICO) has also published a code of practice which, in this context, focuses on the data governance requirement associated with the use of CCTV such as data retention and disposal, which it is important to follow in order to comply with the data protection principles.
The SCC provides a self-assessment tool to assist operators to ensure compliance with the principles set of in the Surveillance Camera Code of Practice. The SCC also operate a certification scheme; system operators that obtain this accreditation are able to clearly demonstrate that their systems conform to the SCC's best practice and are fully compliant with the Code and increase public confidence that any risks to their privacy have been fully considered and mitigated.
The Data Protection Act 2018 regulates the use of personal data. Part 2 of the Data Protection Act applies to the general processing of personal data, and references and supplements the General Data Protection Regulation. Vehicle proprietors, as data controllers, must comply with all relevant aspects of data protection law. Particular attention should be paid to the rights of individuals which include the right to be informed, of access and to erasure. The ICO has provided detailed guidance on how data controllers can ensure compliance with these.
It is a further requirement of data protection law that before implementing a proposal that is likely to result in a high risk to the rights and freedoms of people, an impact assessment on the protection of personal data shall be carried out. The ICO recommends in guidance that if there is any doubt as to whether a Data Protection Impact Assessment (DPIA) is required one should be conducted to ensure compliance and encourage best practice. A DPIA will also help to assess properly the anticipated benefits of installing CCTV (to passengers and drivers) and the associated privacy risks; these risks might be mitigated by having appropriate privacy information and signage, secure storage and access controls, retention policies, training for staff how to use the system, etc.