Queensland’s privacy commissioner has “grave concerns” about hundreds of cameras and listening devices being rolled out in Moreton Bay regional council.

Commissioner Philip Green says the city’s growing surveillance network may breach criminal privacy laws.

Mr Green rejected the mayor of Moreton Bay regional council’s claim that the scheme had been approved as legal, saying “it wasn’t run by me”.

Moreton Bay, which takes in areas to the north of Brisbane, switched on new listening devices attached to its 330 CCTV cameras this week.

Mayor Allan Sutherland told Seven News that the privacy commissioner “said that what we’re doing isn’t against the laws”.

Sutherland said they microphones were not for eavesdropping, but for recording audio for when police need CCTV for criminal investigations.

“Unless you've got anything to hide, you haven't got anything to worry about,” he said.

Mr Green said the only notice his office got came in the form of a draft press release last week, and that “we haven’t endorsed it any way”.

“I certainly have some grave concerns about this and whether it breaches both the Information Privacy Act and also the Invasion of Privacy Act in Queensland, which is enforced by the Queensland police service and the Department of Justice and attorney general,” he told Guardian Australia.

The privacy commissioner said the draft press release “wasn’t drawn to my attention, I wasn’t in the office last week, and frankly, that’s not the way to go about doing something like this”.

“Generally the public when they’ve heard the story have gone; ‘What?’

“It wasn’t run by me and certainly in no way have we approved the process or seen all the details.

“Frankly, in a post-[Edward] Snowden era, these things need to be properly debated before they’re implemented.”

Solicitor Bill Potts has told the council the listening devices, which can pick up detailed audio recordings of private conversations in public, breach section 43 of the Invasion of Privacy Act.

“In my view unless they received a specific ruling, a specific change in the legislation, then they are in fact in breach of the legislation,” Potts told Seven News.

Mr Green said the council should have waited, and consulted.

“Then we’d know how it runs and how it rolls and the exact parameters of security around it,” he said.

“[But] they just had a doorstop.”

“Generally when something like this is deployed, world’s best practice and the one that Europe is going to mandate in a year’s time is that a privacy impact assessment be done and proper consultation be done on the rollout.”

Privacy impact assessments ask questions including whether “the intrusion into people’s lives is warranted, is it proportionate or commensurate, and is it lawful in the first place”.

Green said “the security of the data and stopping the hackers from getting it, which is a live issue in the US and Australia right now”, is a major issue.

Because the devices are deployed in council libraries and other facilities, there are issues of workplace surveillance too, as employee’s private conversations can be recorded.

Queensland Attorney General Yvette D’Ath is conducting a review that may lead to the introduction of workplace surveillance laws matching those in other states.