Parking Lot CCTV and GDPR – definition
Parking lot CCTV and GDPR refers to the set of legal, organisational and technical rules governing video recording in public and private parking areas in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. In practice, this means designing and operating a CCTV system so that the processing of personal data is lawful, purpose-limited, proportionate and secure. In parking lot footage, personal data most commonly includes images of individuals and, in many cases, vehicle registration plates if they make it possible to identify a natural person directly or indirectly.
In the context of anonymising photos and video recordings, this concept primarily involves blurring or masking faces and licence plates before the material is disclosed to unauthorised persons, published, exported for purposes beyond the original purpose, or shared with third parties. It does not concern the anonymisation of text documents. In a parking environment, it is crucial to distinguish between the source recording, which the controller may retain for a limited period, and a working copy or export, which should be anonymised if full identification of individuals is not necessary.
The main interpretative basis includes in particular: the GDPR 2016/679, the EDPB Guidelines 3/2019 on processing personal data through video devices, CJEU case law, and national positions of supervisory authorities, in Poland primarily the UODO. From a technical perspective, the principles of privacy by design and privacy by default under Article 25 GDPR, as well as security of processing under Article 32 GDPR, are especially relevant.
How to understand parking lot CCTV in the context of video anonymisation
In parking areas, CCTV is typically used to protect property, ensure people’s safety, control entry and exit, and establish the sequence of events during incidents. Such purposes may justify video recording, but they do not grant an unrestricted right to further distribute the footage. If the material is to be shared beyond a narrow group of authorised persons, it is necessary to assess whether identification of all visible individuals and vehicles is truly required.
In practice, anonymising parking lot footage means selectively concealing visual identifiers. This usually involves automatic blurring of faces and licence plates, without anonymising entire body silhouettes and most often without processing the video stream in real time. Other elements, such as logos, tattoos, name badges, documents, or content visible on a monitor screen, may require manual editing.
Obligations of the parking lot CCTV controller
The controller of a parking lot CCTV system must be able to demonstrate that the processing complies with the principles set out in Article 5 GDPR. Simply having cameras is not enough. It is necessary to document the purpose, legal basis, scope of surveillance and retention period, and to implement measures that limit excessive data collection.
The key obligations can be summarised as follows:
- define the purpose of the CCTV system, for example protection of property, user safety, damage prevention or access control,
- identify the legal basis, most commonly Article 6(1)(f) GDPR – the controller’s legitimate interests, following a balancing test,
- fulfil the transparency obligation using a layered approach, in line with Article 13 GDPR and EDPB Guidelines 3/2019,
- limit the camera field of view to the area that is strictly necessary, without unnecessarily capturing adjacent spaces,
- define footage retention periods and deletion procedures,
- control access to recordings, log administrative operations, and grant permissions in line with the need-to-know principle,
- use anonymisation or masking when exporting footage for secondary purposes.
Signage for a CCTV-monitored parking area
Signage is not just a formal requirement. Its purpose is to allow a person to enter a monitored area knowing who processes their data and for what purpose. EDPB Guidelines 3/2019 recommend a two-layer approach: a short notice directly at the entrance to the monitored zone and a full privacy notice easily available on site or online.
A sign at the entrance or vehicle access point should contain at least:
- information that the area is under CCTV surveillance,
- the identity of the controller,
- the purpose of the monitoring,
- a reference to where the full privacy notice is available.
Retention of parking lot CCTV footage
The GDPR does not set a fixed retention period for recordings. The storage limitation principle under Article 5(1)(e) GDPR applies. This means the retention period must be linked to the purpose and the risk involved. In parking operations, periods ranging from a few days to several weeks are common in practice, but each case requires justification.
The following criteria are useful when assessing retention:
Parameter | Practical significance
|
|---|---|
Purpose of processing | The narrower and more specific the purpose, the easier it is to justify a shorter retention period |
Frequency of incidents | Affects how long footage may be needed to identify damage or misconduct |
Time needed to detect an event | If damage is usually reported after several days, retention should reflect that |
System capacity and security | Greater storage capacity does not automatically justify longer retention |
Preservation of footage for a case | Footage isolated for a specific incident may be stored longer than the regular rolling buffer |
In practice, a distinction should be made between standard retention and incident-related retention. After a damage report or an authority request, part of the recording may be preserved for longer, but only to the extent necessary for the proceedings.
Face and licence plate anonymisation technologies in parking lot CCTV
Effective video anonymisation first requires object detection. In the case of faces and vehicle registration plates, deep learning models trained on labelled datasets are most commonly used. Such an AI model is not anonymisation in itself. It is the detection stage, followed by the actual blurring, masking or obfuscation of the identified area in each frame.
In systems processing parking lot footage, the following factors are especially important:
- face and licence plate detection precision and recall,
- the model’s robustness in night lighting, rain, glare and partial occlusion,
- stable object tracking between frames so that the mask does not “lose” the face or plate,
- offline processing speed, for example frames per second on a given CPU or GPU setup,
- the percentage of cases requiring manual correction.
In a privacy by design environment, on-premises deployments can reduce the transfer of footage outside the organisation. This is particularly important for material containing personal data and information about the movements of individuals and vehicles.
Licence plates in parking lot recordings – differences in interpretation
The status of vehicle registration plates as personal data is not assessed entirely uniformly in Poland. On the one hand, the position of the UODO and the European functional approach support the view that a registration number may constitute personal data if, in a specific context, it leads to the identification of a person. On the other hand, Polish case law also includes positions according to which a registration plate alone does not always constitute personal data.
For a parking operator or controller, this means that risk and purpose of processing must be assessed carefully. When sharing recordings with unrelated third parties or publishing them, the safer solution is to blur licence plates. In many European countries, protective practice is moving in this direction.
Practical use case – sharing footage from a parking incident
A typical situation involves a collision or vehicle damage in a parking area. The controller has camera footage showing the perpetrator, other individuals and unrelated vehicles. The goal becomes sharing the material with an authorised recipient without unnecessarily disclosing other people’s data.
The recommended process is as follows:
- secure the original footage segment in a restricted-access repository,
- verify the legal basis for disclosure and the status of the recipient,
- create a working copy for anonymisation,
- automatically detect faces and licence plates,
- perform manual quality control and correct elements not detected automatically,
- export an anonymised version for the recipient if full identification of third parties is not necessary,
- document the operation in the record of processing activities or operational documentation.
Normative references and sources
The assessment of whether parking lot CCTV is GDPR compliant should be based on primary sources and official guidelines. The most important documents include:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – GDPR,
- EDPB, Guidelines 3/2019 on processing personal data through video devices, version adopted after public consultation, 29 January 2020,
- the Charter of Fundamental Rights of the European Union, Articles 7 and 8,
- CJEU case law concerning the broad understanding of personal data and identifiability,
- positions and materials issued by the UODO on video surveillance and the transparency obligation.