A total fine of €6,000 was imposed on two individuals by the Hellenic Data Protection Authority (HDPA), as it was found that they had illegally installed cameras on their property and failed to comply with the Authority’s request for access.

The case began in May 2022, when neighbors reported that the two individuals had installed three cameras (two of them rotatable) on their plot, where they maintain both their residence and restaurants. The cameras monitored part of the plot but also captured part of the complainant’s adjacent property and a public space.

The neighbor asked the HDPA to order the removal of the cameras and provided photos of two cameras, as well as video showing one camera rotating. The neighbor also requested access to footage where they were recorded.

The defendants’ claims

The defendants told the Authority that they had installed two cameras because they had observed thefts and damage to their property. They claimed the cameras did not focus on public or private areas belonging to others and were not connected to recording equipment, but instead used memory cards that stored data for five days before automatic deletion. They also submitted a certificate from a security company.

They argued that they could not provide footage because it had been deleted. The only material still available, they said, had been handed over to the prosecutor after filing a complaint about an incident caused by the complainant.

Controlled rotation capability

The complainant obtained footage from the cameras via the legal process and submitted it to the Authority. It showed the cameras could be remotely rotated and captured images of the complainant’s property, contradicting the defendants’ claims.

When questioned again, the defendants provided a new statement from the security company saying one camera was not working and another had “lost focus” due to weather, unintentionally recording the neighbor’s property. They admitted for the first time that a third camera mentioned in the complaint was a non-functional “dummy” camera.

The Authority’s decision

The HDPA concluded that the defendants made contradictory and misleading statements and failed to cooperate properly with the investigation. The Authority found they did not honor the neighbor’s right of access, that one camera did capture part of the neighbor’s property, and that the cameras had features (like rotation and remote access) inconsistent with their claims.

The Authority ruled that the General Data Protection Regulation (GDPR) had been breached. It emphasized that while the cameras were installed at a private residence, the fact that businesses operated at the same location meant the cameras served professional purposes as well and were not solely for personal use.

The fines

Each defendant was fined €3,000. Additionally, they were ordered to adjust their camera systems to protect their property and residents without recording neighboring properties, and to ensure any cameras with rotation or zoom functions comply with the relevant 2011 guidelines.