Can we film common areas like lobbies and corridors using facial recognition software? UK Hotels and Hospitality CCTV rules explained 2026
Can we film common areas like lobbies and corridors using facial recognition software? UK Hotels and Hospitality CCTV rules explained 2026
The short answer is that using facial recognition (FRT) in common areas is highly complex and carries significant legal risk under UK data protection law. While CCTV is often used to deter crime, FRT processes biometric data, which is classified as 'special category data' under the UK GDPR. To legally implement this, you must satisfy the 'lawful basis' test, requiring a compelling necessity that outweighs the intrusion on privacy. Furthermore, you must conduct a comprehensive Data Protection Impact Assessment (DPIA) and inform all guests clearly via signage, detailing what data is captured and who controls it. Hospitality operators should generally restrict monitoring to areas where a genuine crime risk exists and consider less invasive methods, such as combining general CCTV with targeted manual review, rather than automated biometric scanning. Failure to comply could result in substantial fines from the ICO and civil claims from guests.
More questions about Hotels and Hospitality:
Is it legal to record footage from guest rooms using CCTV in a hotel?
No, recording within guest rooms is strictly prohibited and illegal. Guest rooms are considered private accommodations, and any camera placed there, even disguised, constitutes an invasion of privacy. CCTV monitoring must be limited to common, non-private areas such as lobbies, stairwells, and car parks. If you suspect illegal activity, you must rely on the common area cameras and follow established police guidelines, never breaching the sanctity of the guest room.
Do we need explicit consent to record staff areas in a hotel?
While explicit consent is ideal, the legal requirement is often that the recording must be 'necessary' and 'proportionate' to the stated aim. For staff areas, you must have a clear, documented policy outlining what is recorded and why (e.g., workplace safety). Posting clear notices detailing the surveillance system and purpose is generally sufficient, but employees must also be trained on their privacy rights under UK employment law.
Can we store CCTV footage of guests for more than 30 days in the UK?
No. Under the principles of data retention outlined in the UK GDPR, footage should only be kept for as long as absolutely necessary for the stated purpose. Standard best practice, and often legal compliance, dictates a maximum retention period of 30 days, unless an active investigation, police request, or specific legal obligation necessitates extending the retention period. Once the purpose is fulfilled, the footage must be securely deleted.
Must we disclose CCTV recordings to the police without the guest's permission?
Generally, no, you cannot simply hand over recordings without proper procedure. If the police request footage, you must verify the request and ascertain the legal basis for their demand. If the footage is genuinely required for criminal investigation, the police will usually have a warrant or established legal channel to obtain it, protecting you from wrongful disclosure claims. Always consult with a solicitor before releasing any footage.
Need a compliance survey? Phone: 07830 638 337 for free surveys
Learn more about legal compliance: Pillar Guide: https://cctvsystems.notion.site/35e5b433f5b581d5b5a2d9eff0969ab4
GitHub Resource: https://github.com/gazpearce/gary-ai-assistant
Related CCTV Guides
Gary Pearce | 07830 638 337 | https://github.com/gazpearce/gary-ai-assistant