Virgin Trains ‘should have taken better care’ over Jeremy Corbyn footage
The Information Commissioner’s Office said Virgin Trains only breached the Data Protection Act by publishing faces of other passengers.
Virgin Trains East Coast did not break data protection law when it released CCTV footage of Jeremy Corbyn looking for a seat on a train in August last year, the information watchdog has ruled.
But the operator “should have taken better care” to obscure other passengers’ faces, according to the Information Commissioner’s Office (ICO).
Virgin had “no reason to publish pictures of anyone else on the train” and this was a breach of the Data Protection Act, the ICO found.
The watchdog stopped short of formal regulatory action against the train firm to reflect “the exceptional circumstances of the breach”.
The so-called Traingate controversy began when Mr Corbyn was filmed sitting on the floor of a carriage and claiming he was unable to find a seat on the “ram-packed” service from London to Newcastle in August last year.
Virgin then released CCTV footage showing the Labour leader walking past an array of empty seats.
Sir Richard Branson, who co-owns the rail operator with Stagecoach, got involved in the row by posting a link to the images on his Twitter account.
Companies must provide details of how they handle personal data and if they do not process it in the way people expect they could be breaking the law.
The ICO ruled that Virgin had a “legitimate interest” in using the CCTV footage outside its published conditions as it was correcting what it deemed to be misleading news reports which were potentially damaging to its reputation and commercial interests.
The watchdog also concluded that Mr Corbyn would have had “different expectations” from other passengers as to his privacy as he had made a video showing him on the train and would anticipate that Virgin would “respond in kind” after he raised the issue of overcrowding.
In relation to the three other people who were recognisable in Virgin’s footage, the ICO said the company had “infringed on the privacy of passengers who were simply minding their own business”.
Explaining the decision not to take further action against Virgin, ICOhead of enforcement Steve Eckersley said it was a “one-off incident” and the people identified “were unlikely to suffer serious distress or detriment”.
He insisted that the rail firm “has not been let off the hook” and will strengthen its data protection training as well as ensuring it has access to pixelation services should the need arise again.