- News
- Reviews
- Bikes
- Accessories
- Accessories - misc
- Computer mounts
- Bags
- Bar ends
- Bike bags & cases
- Bottle cages
- Bottles
- Cameras
- Car racks
- Child seats
- Computers
- Glasses
- GPS units
- Helmets
- Lights - front
- Lights - rear
- Lights - sets
- Locks
- Mirrors
- Mudguards
- Racks
- Pumps & CO2 inflators
- Puncture kits
- Reflectives
- Smart watches
- Stands and racks
- Trailers
- Clothing
- Components
- Bar tape & grips
- Bottom brackets
- Brake & gear cables
- Brake & STI levers
- Brake pads & spares
- Brakes
- Cassettes & freewheels
- Chains
- Chainsets & chainrings
- Derailleurs - front
- Derailleurs - rear
- Forks
- Gear levers & shifters
- Groupsets
- Handlebars & extensions
- Headsets
- Hubs
- Inner tubes
- Pedals
- Quick releases & skewers
- Saddles
- Seatposts
- Stems
- Wheels
- Tyres
- Health, fitness and nutrition
- Tools and workshop
- Miscellaneous
- Buyers Guides
- Features
- Forum
- Recommends
- Podcast
news
CCTV camera (public domain via Flickr)Bike theft victim blames "bizarre" GDPR rules preventing security staff from revealing who the culprit is
A cyclist whose bike was stolen says that data protection rules are letting the thief get away with the crime, even though security staff identified the perpetrator through CCTV footage.
Kerry Barratt had cycled into Navan town centre in County Meath on the afternoon of Tuesday 16 last week to buy school uniform for her son when her Escaper bike was stolen, reports the Sunday World.
But despite security staff believing they know the identity of the thief, the Gardai [police] are not so sure, meaning that due to what she described as “bizarre” General Data Protection Regulation (GDPR), they are unable to tell her the name of the suspect and the victim has been left frustrated despite numerous attenpts to chase officers.
Ms Barratt told the newspaper: “First of all I spoke to one of the security guards who was extremely helpful but when I asked him would he view the CCTV footage he told me he had to get Garda permission to do so as that was the rule under GDPR.
“I went straight round to the Garda station and spoke with a Ban Garda [female police officer] who gave me the go ahead for him to look at it and I went back and told him.
“In the meantime my dad came down and drove me around for a while hoping we might spot the bike but we had no luck.
“The following day the management and security staff of the centre very kindly rang me and told me they could identify the thief by their clothing but were precluded from telling me who it was because of GDPR.
“Apparently they were entitled to and have told the Gardai, but the feeling there was that the ID wasn't clear.
“One way or another I am still without any transport four days later but the whole thing seems bizarre to me,” she continued.
“It means that people are certain they know who stole my bike but legally they cannot tell me.
“It's a huge inconvenience as I sold my car three years ago to try and do my bit for the environment and now I am left without a pedal to push.
“What's even more frustrating is that I have rang the Garda station dozens of times and sent loads of emails asking them if there have been any developments but nobody answered the phone or replied to my emails,” said Ms Barratt.
“So those who should be helping me seem to be doing nothing and those who want to help me can’t. You couldn't make it up,” she added.
Adopted on 14 April 2016 and enforceable since 25 May 2018, the European Union legislation aims, among other things, to protect and control the rights of individuals in terms of the use of their personal data by commercial organisations, including capturing images through CCTV.
Law enforcement is not specifically included within GDPR, and is therefore considered to be exempt from it, as are personal or household activities and organisations related to national security.
Simon joined road.cc as news editor in 2009 and is now the site’s community editor, acting as a link between the team producing the content and our readers. A law and languages graduate, published translator and former retail analyst, he has reported on issues as diverse as cycling-related court cases, anti-doping investigations, the latest developments in the bike industry and the sport’s biggest races. Now back in London full-time after 15 years living in Oxford and Cambridge, he loves cycling along the Thames but misses having his former riding buddy, Elodie the miniature schnauzer, in the basket in front of him.
Latest Comments
- Simon NZ cyclist 1 hour 57 min ago
Absolutely Correct. As one with an interest in Women Fatalities and HGVs, I once had a chat with some Coors Draymen (who looked like they needed...
- jthurber80 3 hours 24 min ago
I've had decent luck with the TPU inner tubes but I buy them directly from China - and they run between four and seven pounds - each. I've saved...
- brooksby 6 hours 42 min ago
Marathon Plus are great until the 1/1000000 chance that something does puncture them and you break your fingers taking the tyre on/off...
- Clem Fandango 6 hours 45 min ago
We get it. You can't define woke in any meaningful way but you're basing your entire belief system on it. No compromise. No surrender & all...
- Freddy56 6 hours 56 min ago
anyone know is dhb ok for warranty or will it die with wiggle
- Simon E 7 hours 19 min ago
They are trying very hard to blame everyone else but themselves. Letrozole is prohibited in and out of competition. There's a good reason for that,...
- David9694 7 hours 55 min ago
car hits war memorial - roundup - there was one a few months ago, I haven't scrolled back to it but I don't think these are in there:...
- NOtotheEU 8 hours 16 min ago
You should always do the w**ker sign below the sight line of the camera . . . . apparently.
- andystow 8 hours 40 min ago
I had a full screen ad on my phone today right after logging back in.
- wtjs 9 hours 6 min ago
They really wouldn't like this one then, it's going to court...
Add new comment
9 comments
Law enforcement is specifically not included within GDPR control, and is therefore considered to be exempt from it, because they are assumed to be trustworthy and subject to specific controls, for UK, the Police and Criminal Evidence act (PACE), though IE will have their own act..
Assuming that the Gardai are being honest in their statement that they can't be sure of the identity of the thief in the CCTV footage, they nonetheless have a suspect who has been identified by the security staff who they could visit and question. Soemthing doesn't sound right here.
I do think people are being a bit harsh on the security staff (presumably security staff of the unnamed shop with CCTV covering Ms Barratt's bike?)
The security staff "were entitled to and have told the Gardai" - so the information has been disclosed to the authorities.
What the security staff are unwilling to do is disclose the name of the (suspected) perpetrator directly to the victim, because "the ID wasn't clear."
Seems fair enough to me. The Gardai have been made aware of all the relevant information (including the suspected ID). Not handing out names to members of the public (who are going to do what with that information exactly?) when there is a strong degree of doubt over the ID seems reasonable and in line with balancing the privacy rights of the suspected perpetrator with the various exemptions for legitimate interest and law enforcement.
It appears that GDPR is also used as a dodge in Ireland. Lancashire Constabulary is 'an outlier' for dodging like this, hiding behind really stupid 'interpretations' of GDPR. I have shown this one before- the statement you have to agree before a case is accepted by OpSnapLancs. My statement always includes something which contradicts this load of tripe- I have never seen, except in photos on t'net, any such a notification on a car or a bike
I wouldn't bet on it being an outlier, the Met won't tell you outcomes, citing GDPR, you basically have to threaten them with an FOI request to find out what happened to your submissions.
Over-zealous interpretation of GDPR seems to be a general effect of each Service being responsible with their own Data Protection Officer who hasn't achieved the required education and understanding that their Service people need to know.
To be fair, this is common in private enterprise too, who are subject to 5% of annual turnover in fines. Sadly the self-reporting mechanism provides discounts so that it gets pushed under the carpet as an IT problem..
Seems unlikely that there would be much appetite to fine a public service so under the carpet it goes!
(Putting aside the virtue signalling of gov.uk departments that self-report: we are SO compliant)
Absolute BS, under GDPR there is a "legitimate interest" provision; there is no reason that this information cannot be released. The law was also not designed to protect criminal activity.
When it comes to bureaucratic obstructionism, "Data Protection" is the new "Health & Safety". Close behind comes "our insurance", followed by "company policy". I await the day my doctor can't tell me my ailment for fear of "Data Protection".
Fortunately Doctors are in the top 5% academically and used to handling complexity. So there's a great chance that they will have read ico.gov.uk/gdpr and understood it..