Flock Cameras Caught Accessing Children's Gymnastics Room Without Consent—And the City Renewed Their Contract Anyway

What Happened

Flock Safety, a major surveillance and automatic license plate reader (ALPR) vendor, accessed live security camera feeds from a children's gymnastics room as part of a sales demonstration—without explicit consent from facility staff or parents. The access wasn't a data breach or hack. It was authorized by the city, but used in a way that crossed an obvious ethical line. When city officials discovered the violation, they didn't terminate the contract. They renewed it.

This wasn't a rogue employee acting alone. This was a vendor demonstrating their capabilities by showing decision-makers live footage of a space where children were present. The fact that no one stopped this in real time, and that the city continued the relationship afterward, reveals something far more alarming than a single incident: it exposes how little accountability exists in municipal technology procurement, and how normalized surveillance overreach has become.

Why This Matters

The Consent Problem

Parents dropping their children off at gymnastics class did not consent to having their kids' images accessed remotely by a surveillance company for a sales pitch. The city didn't obtain consent from the families. The vendor didn't ask. No one checked if there was a legal or ethical requirement to do so. This represents a fundamental failure of informed consent—the principle that people should know when their data is being collected and used.

Governance Collapse

The real scandal isn't that Flock accessed the cameras. It's that the city's procurement process had no guardrails to prevent this, detect it, or punish it. Somewhere in the decision-making chain, someone had to approve this demo. Someone had to know they were showing live footage of a children's facility. No one said no. No one escalated. No one demanded privacy safeguards before renewing the contract.

This reveals a broken system: municipal governments are purchasing and deploying surveillance infrastructure without adequate legal review, privacy impact assessments, or community input. They're treating vendor demos as acceptable uses of sensitive footage. They're letting vendors set the terms of engagement.

Normalized Dystopia

Perhaps most troubling: the city renewed the contract. This signals that the breach was treated as a minor incident, not a violation serious enough to end a business relationship. It normalizes the idea that surveillance overreach is acceptable as long as it's authorized somewhere in the bureaucracy. It tells other vendors that they can push boundaries without consequence.

The Pattern

This isn't Flock's first controversy. Surveillance vendors have a documented history of expanding their access, sharing data beyond stated purposes, and operating in jurisdictions where regulations are unclear or nonexistent. Flock Safety specifically dominates the ALPR market, which means they have outsized influence over municipal surveillance infrastructure. When a market leader behaves this way and faces no real penalty, it sets a precedent for the entire industry.

What to Do About It

For Municipalities

Cities need to treat surveillance procurement like the critical infrastructure decision it is. Before signing any contract with a surveillance vendor, require: a formal privacy impact assessment, a written data governance policy that specifies exactly what data can be accessed and by whom, an independent audit clause with unannounced access reviews, and community notification requirements. If a vendor violates these terms, termination should be automatic, not optional.

Cities should also demand transparency reports showing what data was accessed, when, and by whom. They should establish a privacy officer or oversight committee with authority to block vendor activities that exceed the scope of the contract.

For Regulators

State and federal regulators need to establish clear rules around surveillance vendor conduct. This includes defining what constitutes unauthorized access even when technically authorized, setting standards for consent and notification, and creating meaningful penalties for violations. The FTC has authority here and should use it. Surveillance vendors should face liability for misusing access, not just immunity because they had authorization somewhere in the chain.

For Businesses

Privacy-first technology vendors have an opportunity here. As surveillance capitalism faces growing scrutiny and regulatory pressure, companies that build alternatives to pervasive surveillance—better access controls, privacy-preserving analytics, decentralized systems—will become increasingly valuable. Compliance and accountability are becoming table-stakes for SaaS, not differentiators.

For the Public

Citizens need to demand transparency from their local governments about what surveillance systems are deployed in their communities, who has access, and what oversight exists. Request public records of vendor contracts, data access logs, and privacy policies. Show up at city council meetings. Make it politically costly for officials to approve surveillance infrastructure without public input.

The Bottom Line

The Flock incident is not an aberration. It's a symptom of a system where surveillance vendors have more power than the governments that hire them, where consent is treated as optional, and where accountability is nonexistent. Until cities establish real governance frameworks, regulators impose real penalties, and the public demands real transparency, this pattern will repeat. The next demo could be in your child's school.

Now you know more than 99% of people. — Sara Plaintext