All government records should have a public available audit of all access activities. The user or group making the request should always be revealed except by court order and those should still be acknowledge or determinable by some means. The type of data revealed can be classified into groups indicating how detailed it is, from simple identification confirmation to tax and criminal records.
the key is public access to the the logs of access. next step would be giving the public the ability to challenge the data within reasonable limits
That doesn't help much unless there's a meaningful punishment for officers who abuse this access. Since in the US we are happy to re-hire police officers who have been publicly known to kill people without actual cause (e.g. https://www.nbcnews.com/news/us-news/officer-who-fatally-sho... ) I have trouble believing that a record of police officers who merely abuse surveillance data will do much.
This has always been my preferred option for data sharing with government (or even private companies). It should stop people looking up celebrities or ex-lovers details just because they're bored.
For practical purposes there should be delay (say six months) so an investigation stands a chance of not tipping off the person being investigated.
For delays longer than six months to keep the access hidden a full court order is required.
the key is public access to the the logs of access. next step would be giving the public the ability to challenge the data within reasonable limits