The Data Protection Commission (DPC) has found that Galway County Council breached data protection rules in relation to its use of CCTV cameras.
The investigation looked at whether the council was processing personal data in compliance with the GDPR and the Data Protection Act.
The inquiry examined the council's processing operations including its use of CCTV cameras in public places used for the purposes of prosecuting crime or other purposes.
The DPC has ruled that the local authority lacked a valid legal basis for the processing of personal data from CCTV, Automatic Number Plate Recognition (ANPR) and body-worn cameras.
It also found that the council failed to erect appropriately worded and located signage in respect of the processing of personal data collected via these CCTV cameras for purposes related to law enforcement.
Other findings included infringements relating to Galway County Council's obligations to carry out data protection impact assessments, to maintain data logs for specific accesses to CCTV recordings, and to implement appropriate technical and organisational measures.
The council has been issued with a reprimand by the DPC and ordered to bring its processing of personal data into compliance.
A temporary ban has been imposed on the processing of personal data through CCTV and ANPR cameras at a number of locations until a valid legal basis can be identified.
A similar temporary ban has also been imposed on the processing of personal data through body-worn cameras.
