Mr. Cathal Ryan:

I will provide an outline of what we are doing. The committee will be aware that we have taken it upon ourselves to begin an investigation of community CCTV, the intention behind which is to discover what is happening. As indicated earlier, 31 local authorities operate the scheme, perhaps in a different manner, although a code of practice is in place. This is currently under review and our inquiry will assist in that regard. The inquiry has been outlined and we provided an update on the status in our annual report. It will take time because we must engage with 31 local authorities on the issue. I noted in a report that the work the committee has done this month in respect of rural policing and so on is important. We are cognisant that we need to get the matter right. One of the issues that has arisen is accountability, that is, who is responsible and who is administratively responsible for the data collected. As part of that investigation, other technologies may come to the fore, such as automatic number plate recognition, which the Deputy mentioned. On legislation, we expect the legislative provision to allow for it. In the absence of a specific legislative provision, it is a matter of carrying our appropriate assessments in advance of the processing of data, particularly the data on number plate recognition, which could be matched to individuals' names, addresses and so on. Even in advance of anything being provided for in legislation, an assessment would have to take place of whether it is appropriate to use this type of technology, and in what ways and for what purpose will the technology be used.

We have had interaction with the Policing Authority in recent years in respect of its strategy statements, and we have held meetings with it. I am not aware of the specific code of conduct or the legislation to which the Deputy referred. I thank him for that because it is good to know. On codes of practice, it is worth noting that the DPC does not have a role in making a code of practice unless it is specifically prescribed in law. Under Article 40 of the GDPR, we are tasked with encouraging codes of conduct. In this situation, we would encourage a code of conduct for community policing, to be updated, reviewed and published. It is a great document for accountability and transparency, particularly as anyone can read it and understand what the local authority or the community CCTV scheme is doing. As the committee will be aware, most communities' CCTV schemes are set up following public consultation and, therefore, there is an opportunity for the community to raise any objections or issues with their use.

On guidance, we would assist the Policing Authority but if the guidance is a matter for it, perhaps we could ask whether it intends to do anything about it and assist in that process. From our own point of view, we are at a final stage of drafting guidance for CCTV, which I hope will be issued very soon. It will be more generic and will not deal specifically with CCTV for public sector use. To follow on, we hope to provide generic guidance for CCTV and address some of the new technologies that are being used for State surveillance or surveillance in general. We will drill down on that guidance and there will be specific guidance on CCTV for local authorities' community CCTV, and for An Garda Síochána and how it uses CCTV. That is our plan for raising awareness, setting the parameters of what type of use is appropriate, and getting the message out that when rolling out large-scale CCTV monitoring, it must done following an appropriate, detailed assessment that mitigates risk and includes safeguards to ensure that the data protection rights of individuals are protected.