Who draws the line at what is public interest and just plain harassment when a camera is placed. What about the private camera placed on property with malicious intent? Who regulates the camera on private property? Yes surveillance cameras are important to deter crimes, however it is important to note who is at the other end of the camera? Who really is watching you? Who ultimately views what the camera lens observes? Who decides when a privately owned security surveillance camera is poorly or maliciously aimed (when the camera is deliberately pointed into the windows of a private residence)?Back in 2014, Delhi Metro CCTV footages were on YouTube and also at some questionable sites. Who owns responsibility for not misusing the data of public CCTV surveillance? In short – who decides and regulates? Are privately owned, operated surveillance cameras to be treated the same way as public cameras? We also need to draw fine lines about ‘Who really is watching you’? ‘Who owns that camera anyway’? Big brother? The Corporates? Or harassing neighbour? Who draws the line between public interest and harassment? At the moment, nobody! The camera could legally do what a peeping tom could not do. They could peer inside of windows with the full protection of the law on their side. If a person was standing watching outside a window it could be a crime, yet the same person could place a surveillance camera then remotely view a person within the privacy of their home. Most importantly, it is not against the penal code. Indeed, there is now the issue of facial recognition to think about. More and more vendors are now offering the technology as standard, but there is still much public debate over the usage of automated facial recognition – particularly in relation to data capture and GDPR. Once a face has been captured and identified as a ‘non-threat’, how long should this image be held for? And whose responsibility is it to delete this from the system? Should this be a built-in solution from manufacturers, or should the operator make the decision? There are numerous cases of GDPR breaches among CCTV operators, as shown in an investigation in 2019.This debate will likely continue to maintain prominence, particularly with technology such as emotion recognition not far around the corner, it seems.Currently in the UK, the Information Commissioner’s Office regulates much of the data privacy angle of the use of CCTV, while the Surveillance Camera Commissioner also has a role to play in how operators are using systems – particularly in relation to new technology such as automated facial recognition.