Five Potential Or Pending Changes To CCTV & Surveillance Law & Practice
The UK’s CCTV and surveillance landscape could undergo significant changes over the coming years, with new data protection legislation, evolving AI technologies and proposed regulatory reforms set to reshape how surveillance systems are deployed, managed and governed.

1. New data protection regime under Data (Use and Access) Act 2025 (DUAA), affecting CCTV / video surveillance guidance
- The DUAA came into law on 19 June 2025 and makes several changes to data protection / privacy laws under the umbrella of the existing UK GDPR and Data Protection Act.
- Consequently, guidance from Information Commissioner’s Office (ICO) on video surveillance (CCTV, ANPR, drones, body cams, facial recognition etc.) is currently under review and likely to be updated.
- This could change the legal basis, obligations and rights for organisations using CCTV and how individuals’ data captured by CCTV is stored, shared, accessed, and removed.
- Potential impact for end users:
- People may get greater clarity (or different rules) about how long CCTV footage can be stored, who can access it, and under what conditions which might improve accountability when surveillance captures personal data (e.g. licence plates, faces).
- On the flip side depending on how “legitimate interest” grounds (introduced in DUAA) are interpreted, CCTV operators (public or private) might gain more flexibility in processing video data, possibly reducing transparency or increasing surveillance.
- Individuals may find it easier (or harder) to request their own data (footage) or challenge its use, depending on how the new guidance defines “automated decision making” or “data sharing” under CCTV context.
2. Removal (or weakening) of statutory oversight by Biometrics and Surveillance Camera Commissioner (BSCC) / repeal of the statutory Surveillance Camera Code of Practice (SCCoP) under proposed legislation such as the Data Protection and Digital Information Bill (or related proposals).
- Under the proposed reforms, the role of the BSCC (and previously separate commissioners for biometrics and surveillance cameras) may be abolished or significantly scaled back.
- The statutory code that currently provides (at least in principle) guidelines for surveillance camera use by public bodies might be repealed, though general data protection obligations may remain.
- Potential impact for end users:
- Loss of independent oversight: fewer checks on how public bodies (police, local councils) and private organisations deploy CCTV / surveillance. This could weaken accountability for misuse or over surveillance.
- Less transparency: the repeal of a formal Code of Practice might mean fewer clear publicly available standards for when and how CCTV can be used, who it can record, and how footage must be handled, making it harder for individuals to challenge misuse.
- Potential erosion of public trust: as CCTV and biometric surveillance become more widespread (including advanced tools like facial recognition), lack of independent oversight may amplify fears about privacy, discrimination, wrongful identification, or “surveillance creep.”
3. Expansion of live biometric / AI powered surveillance (e.g. facial recognition cameras, real time analysis) without a fully updated legal framework
- Deployment of live facial recognition (LFR) by police and other agencies appears to be scaling up: new vans with LFR cameras are already being rolled out across multiple forces.
- However, according to observers and rights advocates, there is “still no specific law” that clearly regulates such technology across public and private sectors, meaning use often relies on patchwork guidance rather than robust statutory rules.
- A report from a watchdog group warns that removing established oversight at this moment would leave a “worrying vacuum.”
- Potential impact for end users:
- Higher risk of misuse, misidentification or discriminatory targeting, especially when algorithms make “real time” decisions about people’s identity or presence (for example, in crowded public spaces).
- People may have less control or visibility over whether they are being watched or recorded by biometric surveillance, how their images are stored or used, or who gets access (police, private companies, third parties).
- Greater uncertainty and anxiety about privacy: if surveillance becomes more pervasive but legal protections lag, individuals, including bystanders, may feel their personal freedom and privacy are compromised.
4. Broader acceptance of CCTV / smart doorbell / consumer grade surveillance (ANPR, smart cameras, drones, doorbells) under evolving regulation, driven by cost, convenience, and “legitimate interest” grounds
- Official guidance on CCTV and video surveillance already recognises that systems now include not just traditional CCTV, but ANPR, body worn video, smart doorbells, drones, smart cameras, etc.
- With data law changes under DUAA, and simpler grounds for “legitimate interest,” more organisations (and possibly individuals) might feel legally empowered to deploy such systems.
- Potential impact for end users:
- Increased prevalence of surveillance in everyday settings — from private homes and housing blocks to shared/community areas — making video surveillance more ubiquitous.
- People may inadvertently be recorded more often (car licence plates, street views, shared spaces) — raising privacy concerns and reducing anonymity in public or semi public spaces.
- It could become harder to know when and where you are under surveillance, or to challenge whether the surveillance is justified or proportionate.
5. Erosion (or redefinition) of “data protection / individual consent” safeguards in relation to automated decision making (ADM), data sharing, and surveillance data reuse — especially under law enforcement or “legitimate interest” justifications
- The DUAA loosens some restrictions on automated decision-making: under certain circumstances, organisations will be allowed to use automated processing (e.g. AI analysis of CCTV footage) to make “legal or similarly significant” decisions — provided minimal safeguards (information, challenge rights, human intervention) are in place.
- The Act also introduces new “recognised legitimate interests” as lawful grounds for data processing, which might allow broader sharing or reuse of CCTV collected data (for crime prevention, safeguarding, emergencies, etc.) without explicit individual consent.
- At the same time, oversight roles and codes of practice are being removed or weakened (see point 2), which could reduce external checks on how such automated/surveillance driven decisions are applied.
- Potential impact for end users:
- Decisions about individuals (e.g. suspicious behaviour, police alerts, store bans) might increasingly rely on automated CCTV analysis which can be opaque, harder to challenge, and prone to algorithmic bias or errors.
- Greater possibility of data sharing (e.g. CCTV footage being shared with authorities or other organisations) under broad “legitimate interest” clauses potentially without the knowledge or consent of individuals recorded.
- Weaker safeguards: individuals might face difficulties requesting deletion or correction of footage/data, or pursuing redress if surveillance leads to mistakes or harms.
- Overarching Risks and What This Means for End Users
- Reduced transparency and public trust as oversight and mandatory standards are removed or weakened (points 2 & 3), the public may have less visibility into when, where, and why surveillance is used.
- Increased privacy vulnerability — More pervasive video and biometric surveillance across public and private life (point 4) may erode anonymity, especially for individuals frequently in public or shared spaces.
- Potential for misuse / discrimination / error Automated decision making and facial recognition systems (point 5) raise risks of misidentification, wrongful action, or biased policing/public behaviour.
- Limited recourse or redress as data protection and oversight frameworks loosen, people might find it harder to access, challenge, or delete data about themselves even when surveillance goes beyond what “proportionate” privacy impact would justify.
- Normalisation of surveillance Over time, CCTV and biometric surveillance could become so common under relaxed regulation that intrusive monitoring becomes “accepted norm,” possibly undermining civil liberties expectations for privacy in public life.
What End Users Can (and Should) Do for Now
- Be aware of your rights: under existing data protection law, individuals have rights to access personal data held about them (e.g. CCTV footage) and to request deletion or corrections.
- Be alert to signage and transparency notices: CCTV in public/private settings should come with clear notice, explaining who operates the cameras and why.
- Challenge unclear or intrusive surveillance: if you suspect CCTV or biometric surveillance is being misused, consider lodging a complaint (with the operator or with the ICO) — especially while the regulatory regime is in flux.
- Stay informed: as new guidance, regulations or oversight changes take effect (especially under DUAA), keep an eye on public consultations or announcements that could affect CCTV rules.
- Support balanced regulation: watch out for calls/consultations about new surveillance law; public feedback can influence whether protections are preserved or weakened.
Here are three contrasting expert analysis / opinion type reports / commentaries (or academic style reviews) that assess changes in CCTV / surveillance / biometric surveillance in the UK (or more broadly) offering both “pro surveillance / security” and “pro privacy / civil liberties” perspectives. Selected analyses and opinion pieces from the Centre for Research into Information Surveillance and Privacy (CRISP)’s “Future Governance of Biometrics and Surveillance Cameras in the UK”
- This independent report warns about proposed moves (e.g. removal of the oversight role of Biometrics and Surveillance Camera Commissioner, and possible repeal of the statutory Surveillance Camera Code of Practice) arguing that such actions would produce a “worrying vacuum” in oversight.
- The report emphasises that surveillance is not simply a “data protection” issue: the risk of surveillance specific harms (loss of privacy, chilling effects on public life, misuse) requires dedicated regulation and independent oversight.
- It argues that at a time of rapid advancement in AI, facial recognition, and other biometric tools, cutting back oversight is ill-timed and likely to erode public trust.
Takeaway (privacy concern / civil liberties side): Without robust governance and oversight, expanding CCTV and biometric surveillance risks undermining privacy, accountability, and public trust especially as technology becomes more powerful and pervasive.
Big Brother Watch and related civil liberties critiques of “smart CCTV / facial recognition” expansion
- As noted in media and policy commentary, CCTV systems are increasingly gaining facial recognition capabilities across public and private spaces (police, retail, advertising, institutions), often with minimal regulation or public debate.
- Critics argue this represents a “privacy downgrade”: that the creeping use of biometric-enabled surveillance technologies dramatically increases risks of over surveillance, misuse, and biased outcomes (especially given documented accuracy and bias problems in biometric systems).
- There is concern that many CCTV operators (public bodies, private firms, institutions) may treat deployment as a default security measure rather than a carefully justified, proportionate intervention often without adequate transparency or meaningful consent from those recorded.
- Takeaway (civil liberties side): The expansion of smart CCTV and facial recognition without strong governance, independent oversight, or clear legal frameworks threatens to erode fundamental privacy rights, public trust, and fairness, especially for vulnerable or minority groups.
Surveillance supporting / security oriented views: CCTV as effective crime prevention tool
- Some industry or security oriented accounts still highlight the demonstrable benefits of CCTV surveillance for deterrence, crime reduction, and public safety: clear surveillance presence can reduce theft, vandalism, trespassing, and enhance rapid response to incidents.
- CCTV (and related technologies such as ANPR, body cams, and video monitoring) remain valuable tools for law enforcement and security agencies for deterrence, collecting evidence, and monitoring high risk locations especially in a context of rising crime, public space security needs, or threats.
Takeaway (security oriented side): In contexts of crime, public safety, or security risk, CCTV and surveillance technologies provide tangible benefits that can help deter crime, assist in detection, and contribute to public safety provided that deployment is reasonably justified, proportionate, and managed responsibly.
What the contrast shows, key themes & trade offs
- Governance & oversight matters: The CRISP report highlights how oversight (e.g. a dedicated commissioner, transparent codes of practice) is crucial to prevent abuse, especially as surveillance capabilities expand. Without it, even well intentioned surveillance risks legitimation of mass monitoring.
- Technology is not neutral bias, error, misuse are real risks: Biometric systems (e.g. facial recognition) have documented issues of inaccuracy and demographic bias. As usage becomes widespread, these risks multiply and often disproportionately impact minorities or vulnerable groups.
- Security benefits vs. civil liberties costs: There is a persistent tension between using surveillance for crime prevention / public safety and protecting individual rights to privacy, anonymity, and freedom of movement/expression. Different stakeholders draw different lines: what some see as “reasonable security measure,” others see as “mass surveillance.”
- Transparency, public consent and trust are fragile: As surveillance becomes more pervasive CCTV, ANPR, facial recognition, emotion analysis, drones public confidence depends on clarity about who operates the systems, how data is used, stored and shared, and how individuals can check or challenge their use. If oversight is eroded, that trust may degrade.
- Need for modern regulation aligned with technology evolution: Many existing laws, codes, and practices were created before the rise of AI powered biometric tools. Expert analyses argue strongly that regulation needs updating to match technological and social changes, or else risks become systemic.
Our team aims to deliver expert customer care, from site survey to completion through to ongoing maintenance. Developing a lasting relationship with a partner you can trust to protect you and your premises whilst ensuring your businesses and organisations are fully compliant to the latest legal requirements. We are CHAS accredited, BAFE registered and, SSAIB certificated with BS EN ISO 9001:2015 & Construction Line approved, so your organisation can be assured that all our fire, security and safety equipment is designed, supplied, installed and maintained in accordance with the latest British Standards.
#CommercialCCTV #CCTVSystems #FireAlarms #FireRiskAssessment #FireSafetyEquipment #FireAlarmMaintenance #AccessControl #CCTV #SSSystems