Skip to main content

CCTV Code of Practice

CCTV Code of Practice

Last updated: February 2020


This Code of Practice is issued by the Authority for Transport in Malta to provide information on the use of surveillance camera systems and to assure the general public that any such surveillance is done in a lawful and fair manner. Where used appropriately, the systems deployed on the road network, coastal and inland areas, are invaluable tools for the effective management of marine and land traffic and security management.

The Authority is fully supportive of the use of surveillance cameras in public spaces whenever that use is in pursuit of a legitimate aim, necessary to meet the public interest, proportionate, effective, and compliant with all relevant legal obligations.


This code applies to the use of surveillance camera systems which operate in specific public places around Malta and Gozo, with control, monitoring and recording facilities at a dedicated location. Such systems are only deployed where other less intrusive means of enforcement are not adequate or practical.

Ownership and operation of the CCTV System

The system is owned by the Authority for Transport in Malta which is responsible for its management, administration and security. The Authority is also the data controller in terms of applicable data protection laws and regulation. This means that we are responsible to ensure that personal data is processed in accordance with the principles of the General Data Protection Regulation (‘GDPR’), the Data Protection Act (Chapter 586 of the Laws of Malta), any subsidiary legislation thereto, and other applicable laws as may be amended from time to time.

Transport Malta’s contact details are as follows:


Transport Malta,
Malta Transport Centre,
Triq Pantar,
Hal Lija, LJA2021

Tel:356 21222203 or on +356 80072393 from 0800hrs to 1630hrs.

Data Protection Officer

The Authority has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The Authority’s DPO can be reached by sending an email at


Surveillance camera systems are used as part of civil enforcement arrangements to regulate the safe and efficient operation of the road network, ports and coastal areas. The following principles shall govern the operation of the CCTV system:

Principles we follow Measures we have put in place
Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need. The Authority for Transport in Malta is empowered by its enacting law (Chapter 499 of the Laws of Malta) to regulate and administer transport by sea, air and land

To this end, the use of CCTV surveillance is deemed necessary for the Authority to:
  • ensure a safe environment in line with all standards and regulations; and
  • regulate effective traffic management.
The legal basis we rely on for this processing activity is Article 6(1) (e) and Article 6 (1) (c) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks in our capacity as a regulator.

Any changes to the purposes for which the CCTV system is operated will require the prior approval of and consultation with the relevant authorities, where deemed necessary in terms of applicable laws.
The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified. The Authority takes the privacy of its data subjects seriously and has put in place on the necessary technical and organisational measures to ensure that their privacy rights and freedoms are not infringed by the use of such systems. Such measures include:
  • policies and procedures to guide the lawful and effective use of such systems;
  • ongoing professional training and development of all system operators;
  • data sharing arrangements with any authorised recipients of video footage to regulate their access to specific video footage;
  • data protection impact assessments to identify, address and minimise any potential data protection risks; and to ensure that the purpose of the system is and remains justifiable; and
  • cooperation and discussions held with the Office of the Information and Data Protection Commissioner.
The use of the surveillance camera system must be proportional. The Authority has taken careful consideration to locate such systems only in areas which are relevant to the established purposes. Cameras will not be used to look into private property and blurring technology has been implemented to ensure this.
There must be transparency in the use of a surveillance The Authority has affixed signs to inform the general public of the:
  • presence of monitoring and recording;
  • purpose of monitoring and recording;
  • ownership of the system; and
  • contact details
The signs are positioned at a reasonable distance from the places monitored in such a way that the data subject can easily recognise the circumstances of the surveillance before entering the monitored area.
There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used. The Authority has clearly defined roles and responsibilities for the effective management and operation of these systems. Moreover, clear rules, policies and procedures are in place to regulate the operation thereof. The owners and users of the systems shall be required to give a formal undertaking that they will comply with such policies and act in good faith with regard to the basic principles contained within.
Images and information should be deleted once their purposes have been discharged. The Authority has adopted data retention, archiving and deletion policies to ensure that data is not retained for a longer period than is necessary for the purposes for which the data was originally processed. Generally, recorded material will be retained for a maximum period of 30 days. Once overwritten, video footage cannot be restored.
Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted. Entry within the control and server rooms is prohibited except for lawful, proper and sufficient reasons, for example, official visits from law enforcement or inspection agencies, and only with management authorisation. Any such visits will be conducted and recorded in accordance with the Authority’s policies and procedures.
The disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes. The Authority has considered the wider human rights issues and the implications of the European Convention on Human Rights, Article 8 right to respect for private and family life. It is understood that any interference with such qualified rights is only permissible if the action is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

The Freedom of Information Act (Chapter 496 of the Laws of Malta) and applicable data protection laws will be adhered to in relation to requests for access to CCTV footage. The Authority shall ensure that the sharing of video footage only takes place if there is an adequate legal basis. Moreover, where images are disclosed consideration is given as to whether images of individuals need to be obscured to prevent unwarranted identification.

Generally, CCTV images will not be disclosed to the media for broadcast or reproduction. However, in exceptional circumstances, they may be provided under strict controls, for example, to disseminate real time traffic flow information to the general public. In this case, the legal basis we rely on for disclosing video footage is article 6(1) (e) and 6 (1) (c) of the GDPR, which allows us to process personal data when this is necessary to perform our public tasks in our capacity as a regulator.

In the case of the Malta Police Force, all requests shall be made by a police officer in a rank of an inspector or higher and regulated under a data sharing agreement and for the explicitly mentioned purposes and as declared at law. Moreover, any such request shall only be authorised if made in the context of their statutory powers in terms of the Criminal Code (Chapter 9 of the Laws of Malta) and in line with the Data Protection (Processing of Personal Data by Competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties) Regulations (S.L.586.08) which transposes Directive (EU) 2016/680.


Any use of the CCTV system or materials produced which is outside this code and is inconsistent with the objectives of the system will be considered gross misconduct. Any person found operating outside these codes without good and reasonable course will be dealt with under the Authority’s disciplinary procedures. If any breach constitutes an offence under criminal or civil law, court proceedings may also be taken.

Should any person feel the need to make a formal complaint on the use of CCTV systems they can do so by contacting our DPO at by sending an email at Any complaint concerning misuse of the system will be treated seriously and will be investigated by the Authority.

CCTV Camera Locations

The Authority has 19 PTZ CCTVs, located in:

CCTV Number Location CCTV Number Location


Mgarr Gozo












St Julians


Paola – Sare










Porte Des Bombes








Skate Park Tunnel – South


Marsa Hamrun Bypass


Kavallerija Area




The Authority has 18 Static CCTVs, located in:

CCTV Number Location CCTV Number Location








Santa Lucija







C30 N

St Philip Area



C30 S

St Philip Area



C30 A

St Philip Area




St Venera Tunnel Northbound




St Venera Tunnel Southbound

C34 [1]

Marsa Northbound

C34 [2]

Marsa Southbound


In line with the above, the Authority may also utilize CCTV systems to test potential traffic management systems and innovative solutions in order to achieve more efficient administration of sea, air and land transportation. Such tests and projects will be carried out for a defined period of time and any particular information or data particular to such test period, would be aggregated into an anonymized report in accordance with the particular reporting procedures for such tests and projects. Any other data and information will be immediately deleted and wiped once the reporting procedures are completed.

Test / Project Name Location of CCTV system Duration
Study as part of Civitas DESTINATIONS Project Sa Maison Hill
Crucifix Hill, Floriana
St. Anne’s Street, Floriana
Until May 2021

Last Updated: 13/01/2021