The revised Belgian Surveillance Camera Act (“Act”) entered into force on 25 May 2018, at the same time as the GDPR. The Act applies to all cameras that monitor and supervise an area for the purpose of preventing, establishing or detecting crime or disturbance and maintaining order.

In comparison to the former act, the Act imposes extra requirements on the use of surveillance cameras.

The main changes are the following:

1. As of 25 May 2018, a company using surveillance cameras must keep a register containing information relating to the surveillance, such as the type and technical description of the cameras, whether the cameras are temporary/permanent and movable/static, etc.

2. As of 11 December 2018, all pictograms (alerting the public to the presence of cameras) must include the contact details of the data protection officer, if applicable, and the data controller’s website address. This information must be included on the pictograms in addition to the previously required content of such pictograms under the former act.

3. As of 25 May 2020, all surveillance cameras must be registered with the police authorities (www.aangiftecamera.be or www.declarationcamera.be), including cameras that were registered under the former act. Registration with the Belgian privacy authority is no longer required.

Companies using surveillance cameras must also observe the new GDPR obligations, including:

1. Transparency: In addition to pictograms, companies must also provide a (separate) privacy policy setting out all relevant information regarding the surveillance cameras.

2. Proportionality:

  • Cameras should only monitor areas that are useful for the purpose of the camera and should therefore avoid monitoring irrelevant areas.
  • The camera footage should only be made available to persons that are required to see them (e.g. security staff, CCTV providers and police authorities).

3. Performing a data protection impact assessment, which is a.o. required if the cameras perform systematic monitoring (i.e. observing or monitoring individuals) and process personal data on a large scale (e.g. based on the number of individuals or the geographical area that is monitored, or whether the cameras operate 24/7).

There are specific rules for smart cameras, which can detect (and possibly identify and track) specific movements or sounds, as well as number plates and faces.

We advise all companies using surveillance cameras to verify (i) which cameras they use and their purpose and scope, (ii) whether their use of surveillance cameras is legitimate and (iii) whether they comply with all obligations under the new Surveillance Camera Act and the GDPR.