The Court of Justice of the European Union has ruled that the processing of personal data on a household CCTV may breach the EU Data Protection Directive if the CCTV also monitors public space.
The Court case relates to František Ryneš, a Czech national, who installed CCTV after being subject to attacks by unknown individuals. The CCTV filmed public space and the entrance to the house opposite.
In October 2007 a window in the family home was broken by a shot from a catapult. The CCTV, handed over to the police, made it possible to identify and prosecute two suspects.
However, one of the accused challenged the legality of Mr. Ryneš recording and holding of the images. The Office for the Protection of Personal Data in the Czech Republic found Mr. Ryneš breached data protection laws despite using the CCTV to identify the perpetrators of crime.
Mr. Ryneš appealed the ruling, later dismissed by the Mĕstský soud v Praze (Prague City Court) in April 2012. Mr. Ryneš appealed on a point of law to the Nejvyšši správni soud (Supreme Administrative Court). The Supreme Administrative Court placed a stay on proceedings, asking the Court of Justice if:
[...] on a proper construction of the second indent of Article 3(2) of Directive 95/46, the operation of a camera system, as a result of which a video recording of people is stored on a continuous recording device such as a hard disk drive, installed by an individual on his family home for the purposes of protecting the property, health and life of the home owners, but which also monitors a public space, amounts to the processing of data in the course of a purely personal or household activity, for the purposes of that provision.
The Court held that Mr. Ryneš did not breach data protection laws because the CCTV served to identify and prosecute a criminal. However, the Court did suggest CCTV that also monitors public space, even partially, where it is directed outwards from the private setting would breach the Data Protection Directive.
