Privacy & Compliance 6 min read

Why Cameras Are Becoming a Liability in Residential Care

CCTV in care homes raises serious legal, ethical, and practical problems. Here is what care providers need to know about the regulatory shift away from camera-based monitoring.

The current state: why care homes use cameras

Camera monitoring in care homes is widespread. A 2023 survey by the Care Provider Alliance found that over 60% of residential care facilities in England use CCTV in at least some communal areas. The reasons are understandable: fall detection in corridors, safeguarding against abuse, reassurance for families, and evidence in case of complaints or litigation.

For years, cameras seemed like the obvious answer to monitoring. They are cheap, familiar, and produce evidence that is easy for anyone to interpret. But the legal and regulatory landscape has shifted, and many care providers have not caught up.

The legal problems

GDPR compliance burden

CCTV footage is personal data. Every person recorded (residents, staff, visitors, contractors, delivery drivers) is a data subject with rights under GDPR. For a care home, this creates a chain of obligations:

  • Lawful basis: You need a documented lawful basis for recording every category of person. Legitimate interests is the most common basis, but it requires a formal Legitimate Interests Assessment.
  • Privacy notices: Separate notices may be needed for residents, staff, and visitors. Each must explain what is recorded, why, how long it is kept, and how to exercise their rights.
  • Subject access requests (SARs): Anyone captured on camera can request a copy of their footage. Fulfilling this requires reviewing footage, identifying the individual, and redacting other people. That process can take hours per request. You have 30 days to comply.
  • Data breaches: If camera footage is accessed by an unauthorised person, lost, or stolen, this is a reportable data breach. Given that care home footage often captures vulnerable adults in sensitive situations, the severity assessment will be high.
  • Retention: Footage must be deleted when it is no longer needed. Indefinite retention, which is the default setting on many CCTV systems, is a compliance failure.

Bedroom and bathroom prohibition

Cameras are legally prohibited in bedrooms and bathrooms. This is not a grey area. It is a clear rule derived from Article 8 of the European Convention on Human Rights (right to respect for private and family life) and reinforced by GDPR's data minimisation principle. The ICO has been explicit: camera monitoring in areas where people undress, wash, or sleep is unlawful in virtually all circumstances.

The irony is that bedrooms and bathrooms are precisely where falls are most common and most dangerous. A monitoring solution that cannot cover these rooms has a fundamental gap in the areas of highest risk.

Staff surveillance issues

Cameras in a care home record staff as well as residents. Under the ICO's Employment Practices Code, employers must inform staff about monitoring, justify it as proportionate, and respect their reasonable expectation of privacy. Staff unions increasingly challenge camera monitoring, and Employment Tribunal cases have found in favour of employees where monitoring was deemed disproportionate.

ICO enforcement actions

The ICO has taken enforcement action against care providers for camera-related breaches. Common violations include:

  • Operating CCTV without adequate signage or privacy notices
  • Retaining footage for longer than stated in the privacy policy
  • Failing to carry out a Data Protection Impact Assessment
  • Allowing staff to access footage without a legitimate reason
  • Recording in areas where residents have a reasonable expectation of privacy

Penalties range from formal reprimands and enforcement notices to monetary fines. But the reputational damage, particularly when enforcement actions become public, is often worse than the fine itself.

The ethical problems

Dignity and autonomy

For most people, a care home is their home. Being under constant camera surveillance in your own home is at odds with the dignity and autonomy that regulators, including the CQC, expect care providers to uphold. Research consistently shows that residents who know they are being filmed report lower wellbeing and higher anxiety.

Resident and family disagreements

Families are not unanimous on cameras. Some want cameras everywhere; others are appalled by the idea. When residents lack capacity, these disagreements can become intractable. The care provider is caught in the middle, trying to balance competing demands with legal obligations.

The consent problem

Even where residents nominally consent to camera monitoring, regulators question whether that consent is truly free. A person who depends on the care home for their daily needs may feel unable to refuse. The ICO's guidance explicitly flags the "power imbalance" in care settings as a reason to be cautious about relying on consent as a lawful basis.

The practical problems

Someone has to watch

A camera is only useful if someone is watching the feed. In practice, most care homes do not have staff dedicated to monitoring CCTV in real time. Footage is reviewed after an incident, which means the camera did not prevent it, only recorded it. For fall detection, a camera that nobody is watching has effectively zero preventive value.

Storage and maintenance costs

High-definition video generates substantial data. A single camera at 1080p produces approximately 10-15 GB per day. Across a care home with 15-20 cameras, that is 150-300 GB daily, or roughly 5-10 TB per month. Secure storage, whether on-premises or cloud-based, is a significant ongoing cost that many care providers underestimate.

False sense of security

Perhaps the most insidious practical problem is that cameras create a false sense of security. Families believe their loved one is "being watched." Staff believe incidents will be caught. In reality, cameras in communal areas miss the most dangerous rooms, nobody watches the feeds in real time, and footage review after the fact does not help the person who has been lying on their bathroom floor for four hours.

The regulatory shift

Regulators across Europe are increasingly recommending non-camera alternatives for care monitoring:

  • The ICO's guidance on data minimisation explicitly encourages organisations to consider whether less intrusive technologies can achieve the same objective.
  • Germany's BfDI has issued guidance strongly discouraging camera monitoring in residential care settings.
  • France's CNIL requires room-by-room justification for any camera placement in care facilities.
  • The Netherlands' AP has highlighted non-camera technologies as examples of good practice in care monitoring.

The trend is not towards less monitoring. It is towards smarter monitoring. Technologies that detect falls, track activity patterns, and alert carers without collecting identifiable data are what regulators mean when they talk about "privacy by design" and "data minimisation."

Radar-based systems like HomeCare are a good example. A wall-mounted 60GHz radar sensor detects falls, monitors activity, and covers bedrooms and bathrooms (the rooms cameras cannot enter) while processing only anonymous motion data. You do not need to store footage, respond to SARs for video, or worry about identifiable data in a breach.

What care providers should do now

If your organisation currently uses cameras, you do not necessarily need to remove them tomorrow. But you should:

  1. Audit your current setup. Map every camera location, confirm your lawful basis, check your privacy notices, and verify your retention policies are being followed in practice.
  2. Carry out a DPIA if you have not already. This is almost certainly mandatory for your current camera deployment.
  3. Assess alternatives for high-risk areas. Could radar-based or sensor-based monitoring achieve the same safety outcome with less privacy intrusion? Document this assessment. Regulators will look for it.
  4. Review your SAR process. Can you fulfil a subject access request for camera footage within 30 days? If not, this is a compliance gap.
  5. Plan your transition. The regulatory direction is clear. Organisations that proactively move to privacy-first monitoring will be better positioned than those forced to do so after an enforcement action.

What to read next

Worried about a parent living alone?

We'll call you within 24 hours with a plan tailored to your parent's home.