Bailiffs and body-worn cameras
According to the GDPR (General Data Protection Regulation), you possess a legal entitlement to receive a copy of the video recording. Should the bailiff fail to provide it, you have the option to pursue damages through legal action.
Even if the bailiff risks self-incrimination with their own body camera footage, the legislation empowers you to obtain a copy.
Starting from 22nd July 2019, the government has expressed its intention to mandate bailiffs to wear body-worn cameras.
Example of a body-worn camera
How the GDPR works
Get a copy of the bailiff's bodycam footage under the GDPR.
Bailiff attended at your home or business
Use the GDPR to get the body-worn video camera recordings from the bailiff company.
Drive-by clamping or vehicle-taking
Obtain the bodycam recordngs from the enforcement agent, capturing the condition of your vehicle just before they took control of it. This evidence can be used when filing a claim for any damage sustained by your vehicle while it was in the possession of the bailiff.After sending the email, navigate to your sent items folder and capture a screenshot of the email, ensuring it displays the timestamp of when it was sent.
If the bailiff company fails to provide the video footage, submit a complaint online to the Information Commissioner's Office (ICO). Include a copy of your initial request and any responses received.
Upon the ICO adjudicator determining that the bailiff company has violated the GDPR, you are entitled to you make a claim for both tangible and intangible damages.
The Law:
Article 15(3) of the GDPR states:
"Right of access by the data subject"
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Section 45 of the Data Protection Act 2018 states:
Right of access by the data subject
(1)A data subject is entitled to obtain from the controller—
(7)The controller must—
(1)A data subject is entitled to obtain from the controller—
(a)confirmation as to whether or not personal data concerning him or her is being processed, and
(b)where that is the case, access to the personal data and the information set out in subsection (2).
(2)That information is—
(a)the purposes of and legal basis for the processing;
(b)the categories of personal data concerned;
(c)the recipients or categories of recipients to whom the personal data has been disclosed (including recipients or categories of recipients in third countries or international organisations);
(d)the period for which it is envisaged that the personal data will be stored or, where that is not possible, the criteria used to determine that period;
(e)the existence of the data subject’s rights to request from the controller—
(i)rectification of personal data (see section 46), and
(ii)erasure of personal data or the restriction of its processing (see section 47);
(f)the existence of the data subject’s right to lodge a complaint with the Commissioner and the contact details of the Commissioner;
(g)communication of the personal data undergoing processing and of any available information as to its origin.
(3)Where a data subject makes a request under subsection (1), the information to which the data subject is entitled must be provided in writing —
(a)without undue delay, and
(b)in any event, before the end of the applicable time period (as to which see section 54).
(4)The controller may restrict, wholly or partly, the rights conferred by subsection (1) to the extent that and for so long as the restriction is, having regard to the fundamental rights and legitimate interests of the data subject, a necessary and proportionate measure to—
(a)avoid obstructing an official or legal inquiry, investigation or procedure;
(b)avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
(c)protect public security;
(d)protect national security;
(e)protect the rights and freedoms of others.
(5)Where the rights of a data subject under subsection (1) are restricted, wholly or partly, the controller must inform the data subject in writing without undue delay—
(a)that the rights of the data subject have been restricted,
(b)of the reasons for the restriction,
(c)of the data subject’s right to make a request to the Commissioner under section 51,
(d)of the data subject’s right to lodge a complaint with the Commissioner, and
(e)of the data subject’s right to apply to a court under section 167.
(6)Subsection (5)(a) and (b) do not apply to the extent that the provision of the information would undermine the purpose of the restriction.(7)The controller must—
(a)record the reasons for a decision to restrict (whether wholly or partly) the rights of a data subject under subsection (1), and
(b)if requested to do so by the Commissioner, make the record available to the Commissioner.
Article 77 of the GDPR states:
"Right to lodge a complaint with a supervisory authority"
1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
Section 167 of the Data Protection Act 2018 states:
Complaints by data subjects
(1)Articles 57(1)(f) and (2) and 77 of the GDPR (data subject’s right to lodge a complaint) confer rights on data subjects to complain to the Commissioner if the data subject considers that, in connection with personal data relating to him or her, there is an infringement of the GDPR.
(2)A data subject may make a complaint to the Commissioner if the data subject considers that, in connection with personal data relating to him or her, there is an infringement of Part 3 or 4 of this Act.
(3)The Commissioner must facilitate the making of complaints under subsection (2) by taking steps such as providing a complaint form which can be completed electronically and by other means.
(4)If the Commissioner receives a complaint under subsection (2), the Commissioner must—
(1)Articles 57(1)(f) and (2) and 77 of the GDPR (data subject’s right to lodge a complaint) confer rights on data subjects to complain to the Commissioner if the data subject considers that, in connection with personal data relating to him or her, there is an infringement of the GDPR.
(2)A data subject may make a complaint to the Commissioner if the data subject considers that, in connection with personal data relating to him or her, there is an infringement of Part 3 or 4 of this Act.
(3)The Commissioner must facilitate the making of complaints under subsection (2) by taking steps such as providing a complaint form which can be completed electronically and by other means.
(4)If the Commissioner receives a complaint under subsection (2), the Commissioner must—
(a)take appropriate steps to respond to the complaint,
(b)inform the complainant of the outcome of the complaint,
(c)inform the complainant of the rights under section 166, and
(d)if asked to do so by the complainant, provide the complainant with further information about how to pursue the complaint.
(5)The reference in subsection (4)(a) to taking appropriate steps in response to a complaint includes—
(a)investigating the subject matter of the complaint, to the extent appropriate, and
(b)informing the complainant about progress on the complaint, including about whether further investigation or co-ordination with another supervisory authority or foreign designated authority is necessary.
(6)If the Commissioner receives a complaint relating to the infringement of a data subject’s rights under provisions adopted by a member State other than the United Kingdom pursuant to the Law Enforcement Directive, the Commissioner must—
(a)send the complaint to the relevant supervisory authority for the purposes of that Directive,
(b)inform the complainant that the Commissioner has done so, and
(c)if asked to do so by the complainant, provide the complainant with further information about how to pursue the complaint.
(7)In this section—
“foreign designated authority” means an authority designated for the purposes of Article 13 of the Data Protection Convention by a party, other than the United Kingdom, which is bound by that Convention;
“supervisory authority” means a supervisory authority for the purposes of Article 51 of the GDPR or Article 41 of the Law Enforcement Directive in a member State other than the United Kingdom.
Article 82 of the GDPR states:
"Right to compensation and liability"
1. Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
3. A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.
4. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are, under paragraphs 2 and 3, responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject.
5. Where a controller or processor has, in accordance with paragraph 4, paid full compensation for the damage suffered, that controller or processor shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage, in accordance with the conditions set out in paragraph 2.
6. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the Member State referred to in Article 79(2).
2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
3. A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.
4. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are, under paragraphs 2 and 3, responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject.
5. Where a controller or processor has, in accordance with paragraph 4, paid full compensation for the damage suffered, that controller or processor shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage, in accordance with the conditions set out in paragraph 2.
6. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the Member State referred to in Article 79(2).
Section 168 of the Data Protection Act 2018 states:
Compensation for contravention of the GDPR
(1)In Article 82 of the GDPR (right to compensation for material or non-material damage), “non-material damage” includes distress.
(2)Subsection (3) applies where—
(a)in accordance with rules of court, proceedings under Article 82 of the GDPR are brought by a representative body on behalf of a person, and
(b)a court orders the payment of compensation.
(3)The court may make an order providing for the compensation to be paid on behalf of the person to—
(a)the representative body, or
(b)such other person as the court thinks fit.
(1)In Article 82 of the GDPR (right to compensation for material or non-material damage), “non-material damage” includes distress.
(2)Subsection (3) applies where—
(a)in accordance with rules of court, proceedings under Article 82 of the GDPR are brought by a representative body on behalf of a person, and
(b)a court orders the payment of compensation.
(3)The court may make an order providing for the compensation to be paid on behalf of the person to—
(a)the representative body, or
(b)such other person as the court thinks fit.