How secure is data captured by Ring doorbells?

In recent years, video doorbells (like Ring doorbells) have become a staple in home security, offering a convenient way to monitor your doorstep from anywhere. With just a tap on your smartphone, you can see who is knocking, interact with delivery drivers, and keep an eye on potential intruders. This smart technology promises enhanced security and peace of mind – but at what cost?

As the most prevalent player in the market, we’ll focus primarily on the Ring brand as a core example. Ring’s video doorbells are affordable, with their lowest priced offering available at just £49.99. This relatively inexpensive purchase allows you to have a 1080p video feed of your front door, accessible from anywhere, allowing you to communicate with your delivery driver who is running ahead of schedule for a change. But as video doorbells gain popularity (one in five Brits have already installed one), so too do concerns about their impact on privacy. From the data these devices collect to the potential for surveillance by third parties, the convenience they offer raises important questions about how much personal information we are willing to trade for security.

How use of a Ring doorbell can make you a data controller

An important consideration for owning a video doorbell should be that, by virtue of recording and storing video images of individuals outside your property boundary, you become a data controller. This is because video footage of an individual, regardless whether it was recorded and stored by a private individual or a business, allows for the identification of people. Thus, the footage of people captured on these video doorbells when recorded and stored is regarded as personal data, making it subject to the requirements of the Data Protection Act 2018 and the UK GDPR. This only applies, however, if the data captured falls outside of your property boundary, as personal and domestic processing is exempt from data protection legislation like the GDPR. Regardless, you should, of course, always ensure that personal data recorded on your doorbell camera is appropriately safeguarded, whether protected by law or not.

Your obligation as a data controller

Collecting the data of people outside your property boundary may be more likely and frequent than you think. Video doorbells are equipped with a fisheye lens and a microphone, with some microphones capable of recording up to 60 metres away. These features mean that by default a video doorbell will capture and record more information than is necessary. This recording limits the application of Article 2(2)(a) under the UK GDPR, which users would ordinarily rely on for the use of these doorbells or another CCTV-like system for home security as a ‘…personal or household activity’. Once your system records more than your personal property, you have obligations to protect the data you collect as a data controller.

How Ring helps to safeguard data

Ring has built-in options to help minimise the data users collect. They actively encourage users to enable ‘activity’ or ‘motion’ zones, which can assign areas where the camera will detect motion and create a recording, if enabled. Turning the microphone off or reducing its sensitivity can also go a long way in ensuring users stay within the bounds of data protection law. Particularly as their privacy notice states:

“Privacy, data protection and video surveillance laws in your jurisdiction may apply to your use of our products and services. You are the data controller with respect to personal information you obtain when using our products and services (such as video or audio recordings, live video or audio streams, images, comments, and data our products collect from their surrounding environment to perform their functions) and you are solely responsible for ensuring that you comply with applicable law when you use our products or services. For example, you may need to display a notice that alerts visitors to your home that you are using our products or services. Capturing, recording or sharing video or audio content that involves other people, or capturing other peoples’ facial feature information, may affect their privacy and data protection rights.”

This goes to show that while the Ring doorbell may watch your front door, Amazon (the company behind Ring) will not be watching your back should you fall afoul of data protection and privacy laws. It is up to the user to restrict the invasive nature of the system they purchase.

How is the data captured by Ring doorbells handled?

It’s not just the invasive nature of a video doorbell that should concern their users, but how their data is handled. Ring recordings, as is the case with most video doorbells, are stored in the cloud. Specifically, it’s stored in Amazon’s Amazon Web Services server. This uses a standard encryption algorithm, ensuring data is protected while it is stored on Ring’s servers.

In 2020, they added End-to-End-Encryption as an optional feature, which provides users with a higher level of security by encrypting videos in a way that only they can then decrypt and view them. This was added in response to criticism around Ring’s access to users’ videos, particularly in relation to staff being able to access videos sitting in the cloud. However, as an optional feature, this has to be enabled by the user and is not the default. Therefore, users are not only tasked with restricting the invasiveness of their own device but must take extra steps to protect their own personal data.

What data do Ring doorbells collect?

Perhaps the most concerning aspect of how a user’s personal data is used comes from the types of information that the Ring system collects. Not only does it collect the usual details, such as a user’s name, email address and payment information, but Ring’s service also collects data you might not expect, like how many times the doorbell rings, or your geolocation data when you open the app to access it remotely. While their privacy notice states that this data is not sold, it does state this can be shared with their affiliates and subsidiaries. This means that Amazon and all their subsidiaries can use the data they collect to ‘personalise’ the user experience, analyse user behaviour and tailor their marketing to customers.

Ring doorbells and their privacy implications

So, for the low price of £49.99, purchasers of a video doorbell can give themselves quite the privacy headache. They must ensure that they limit the data their devices collect, enabling ‘optional’ features for both this end and to ensure that their data when it is at rest in the cloud cannot be accessed by any other party. In return, the Ring system will let Amazon know how many people come and go to a user’s house, where users are when accessing the app remotely and even how bright the ambient light is around the video doorbell. Perhaps if the lightbulb in the porch light went out, you might see an advertisement for a replacement light bulb next time you open your social media. 

Ultimately, while video doorbells may improve security, their users are potentially opening the door to a complex web of privacy risks.

How DPAS can help

Ring doorbells are a great modern example of surveillance in action. So many of the houses in your area will now be fitted with their own equivalent of CCTV keeping an eye on the property and its visitors. But how about your business? Are you aware of the data protection obligations that you have to meet to use surveillance cameras to protect your organisation?

Thankfully, we can be of help. Visit the DPAS website to read more about our CCTV compliance services to see how we can assist you in protecting your business in a lawful and responsible way.

related posts

Mel

Looking back at 2024 for DPAS

As we reflect on another remarkable year, I want to take a moment to personally thank you for choosing DPAS. Your loyalty and trust drives us to continually deliver the highest-quality training and services for our clients.

Read More »

Get a Free Consultation