The guidelines set out the principles for evaluating the need for resorting to video-surveillance and give guidance on how to conduct it in a way which minimises impact on privacy and other fundamental rights.

The guidelines apply to existing as well as future systems. Each institution has until 1 January 2011 to bring its existing practices into compliance.

Giovanni Buttarelli, Assistant EDPS, emphasised: “There are fundamental rights at stake, such as the right to privacy in the workplace. Therefore, decisions on whether to install cameras and how to use them should not be based solely on security needs. Rather, security needs must be balanced against the fundamental rights of an individual.

Buttarelli continued explaining that fundamental rights and security do not have to be mutually exclusive. “Using a pragmatic approach based on the principles of selectivity and proportionality, video surveillance systems can meet security needs whilst also respecting our privacy.”

The guidelines are designed to allow customisation. This flexibility should prevent rigid or bureaucratic interpretation of data protection concerns from hampering justified security needs or other legitimate objectives.

Data protection should not be viewed as a regulatory burden, a “compliance box” to be “ticked off”. Rather, it should be part of organisational culture and sound governance where decisions are made by the management of each institution based on the advice of their data protection officers and consultations with all stakeholders.