Connected objects and remote surveillance solutions (sometimes referred to as video protection or video surveillance) are now part of our daily lives. These technologies constantly capture large amounts of personal data, thanks to cameras and microphones. How do operators and manufacturers treat and use them? Can the data be used without your knowledge? Is it possible to perform an intervention to recover them? Is there a protective legal framework? Find out the answers to these legitimate questions.
Remote surveillance and video protection in companies: what legal framework?
All French and European legislation on the subject is unanimous. Several steps must be taken before considering the installation of surveillance camera systems. It’s about reconciling remote monitoringdevices and data security.
The code of internal security thus provides for a request for authorization from the Prefecture. At the same time, those responsible for the project (employer, municipality, etc.) will have to carry out an impact study on the preservation of the rights and freedoms of everyone, potentially threatened by the new facilities.
Secondly, the public must be informed of the installation of the cameras. The communication must include several levels of information, such as the length of time the images are kept and a reminder of the rights of users, such as the possibility of referring the matter to the CNIL.
As soon as the system is operational, it is the responsibility of the person in charge to secure and then destroy the recordings once the legal retention period has expired. The latter must also respond to any request for access while respecting the rights of third parties.
Legislation on connected objects
Connected objects, such as remote monitoring, are among the most innovative solutions for businesses and individuals at the moment. However, the legislator has been asking questions about them for several years (facilities, benefits or prevention and protection of rights).
The very first legal framework was established by the Data Protection Act of January 6, 1978. This has evolved over time, under the impetus of the various ministries and the European Parliament. Perhaps the most significant measure is the introduction of the GDPR (General Data Protection Regulation) to all member states on May 25, 2018.
What about personal data?
The French legislator imposes a principle of fairness on any data collector via connected objects. This is accompanied by a duty to inform the user. At the European level, two other principles emerge:
- Privacy by design“: from the very beginning of the project, the notions of data protection and confidentiality must be defined.
- Privacy by default“: imposes a minimalist collection of information in order to best protect the user.