Digital sovereignty and privacy do’s and don’ts for bodycam systems
Bodycams have proven to prevent, reduce and resolve frontline aggression for various professions and organisations that apply them. But how to do that in accordance with privacy laws and digital sovereignity policies?
This is answered by privacy- and bodycam experts, researchers and advisors who are keen to explain the difference between respecting privacy standards on paper and in practice. So what do they consider the most important bodycam do’s and don’ts regarding privacy and digital sovereignty?
1. Know the rules
First of all, you need to know the rules of the game and apply them to bodycams correctly. This can prevent unnecessary irritation and frustration due to the unintentional breaching of privacy laws of citizens as subjects and sometimes suspects in bodycam recordings. Recording someone means you are in essence breaching their privacy, unless there is a well specified and documented reason for it. Apart from being legal recordings, they must be indisputable to be accepted as evidence in court. This requires logging of the whole video chain and process of recording, managing and storing with ‘who has done what, when and why’. The definition, interpretation and restrictions differ per country and sometimes regions or profession, even within the EU under GDPR. So know your local rules for your specific application of professional bodycams.
2. Do your research
Organisations implementing a bodycam solution need to consider and resolve issues with context, policy and technology in that order. If one of these issues is neglected, it will not work. To understand policy driving technological requirements and restrictions, one has to know the cultural context: what is the level of mutual trust between citizens and law enforcers? Who needs to be protected against who? In Europe, citizens generally trust the professionals making them comply with laws with objectivity and integrity. Bodycams will be seen as an acceptable instrument for professionals to protect and support themselves against those that do not want to comply.
In the US, there is mutual mistrust and therefore a lot of regulation at federal, state and local level in internal guidelines and policies, which can differ per police force. There are situations (such as those involving minors) which are often strictly forbidden to record and situations which, on careful consideration, might prove useful to film. States such as Washington consider bodycam images as public records to ensure transparency and accountability. This means police officers of the Seattle Police Department were forced to actively publish their bodycam recordings, for which they created a YouTube channel. In response, some other US States have decided to declare bodycam images ‘police records’ instead of ‘public records’, in an attempt to ensure the privacy of the public.
In the European Union, you are not permitted to secretly film people (except for investigations) and your camera must be visible at all times. Your reason for filming must have a legal foundation and be logged. You can either film in the public interest as a public authority, or as legitimate private interest to protect employees as a company.
3. Do leave legal and privacy issues to experts
You should allocate legal and privacy issues to employees who understand them. Those specialised in tech know a lot about bodycams, software, storage and data, but hardly anything about privacy. They don’t think carefully enough about the necessary administration, documentation and registration, and may too easily copy/paste from others. This often leads to fundamental errors and confusion, preventing a legitimate application of bodycam systems and recordings that will stand up in local courts of law. Privacy expertise may instruct technology on how to ensure compliance. Encryption of videos when stored on the bodycam or on a server, is a way of preventing them being seen by unauthorised people without a legal reason to do so. Not having a screen for on-device reviewing and sharing of videos is another, including any bystanders, witnesses and suspects overhearing the video and possibly spreading what happened on social media or changing their statements. The most safe way remains central decrypting, viewing, selecting, storing and logging of videos by authorised professionals with a legitimate reason.
4. Don’t just pay lip-service to privacy on paper
It is not about what lawyers have written down on paper, but how professionals use bodycams in practice. Privacy awareness in the heads of professionals is more important than having the necessary documents on your computer hard-disks. Research showed that 4 out of 6 police officers filmed inside homes in Amsterdam, while this is forbidden. You need to actively train bodycam-users in laws and regulations. Make sure you have one or two ambassadors in each workplace who can explain and monitor compliance to their colleagues. Don’t just copy and paste documents, but think about how the use of bodycams assures compliance with laws and regulation in your practice. It’s essential to make sure you don’t just have legal knowledge but have that applied by bodycam users and ensured in the selection of the bodycam system and provider.
5. Do ensure digital sovereignty of your bodycam provider
The Court of Justice of the EU has ruled in the Schremms-II case that protection granted to personal data in the European Economic Area must travel with the data wherever it goes. Transferring personal data to other countries (for instance the US or UK), will only be allowed if they abide by similar strict rules. Due to the Patriots Act in the US and Brexit of the UK this is no longer certain. The “quick fix” to contractually force your bodycam system provider to store the bodycam-data on servers within the European Economic Area is not enough. This is because they will still have unsupervised access to the software and thus data within the EEA/EU from outside the EEA/EU; a ‘tunnel’ into your ‘data vault’. To ensure digital sovereignty, one should demand that the video management software is provided, supported and maintained from within the EEA/EU. Just like Australia has done by law and a newspaper editorial proclaimed after it came out that Huawei had access to mobile phone conversations in the Netherlands.
In conclusion, it’s important to not only respect privacy on paper but put it in practice. Staying up to date on privacy-related affairs and doing your research will only benefit your organization. The legal definitions and regulations on how to use bodycams are important to know and apply, so that bodycam recordings have the legal foundation for preventing, reducing and resolving conflicts. It is crucial to provide law enforcement officers and their managers with guidance and training on when and how to use a bodycam and its recordings in compliance with privacy laws and regulations. To guarantee that your bodycam operation complies to the GDPR privacy laws, make sure your bodycam provider stores, supports and accesses your video data and also the software from within the EEA/EU for digital sovereignty.