Surveillance at work is a tricky issue. Employers need to protect their business and property, including against the risk of unscrupulous employees. The difficulty arises where this practical necessity comes up against data protection law and human rights.
One recent case, and one old one, shows the developing approach to this area. In 2007 a German supermarket employee had been caught stealing from her employer by covert video cameras. She appealed to the European Court of Human Rights on the basis that the surveillance was an infringement of her right to private life. The court found in the employer’s favour.
In a more recent case, a series of Spanish supermarket workers were dismissed after being caught stealing by covert video cameras. After problems with loss of stock, their employer had told them cameras were being installed to monitor shoppers, but had not told them about the covert cameras. This was a breach of Spanish data protection law.
The court found in the former workers’ favour, awarding them €4,000 each, despite accepting that they were stealing from their employer.
The cases show just how tricky it can be to draw the line between protection of businesses and protection of human rights. In the first case, the employer had a particular suspicion about the employee, the surveillance was for a short duration and the area under surveillance was small and mostly open to the public. In the second case, the employer had imposed ‘blanket’ surveillance on all employees, at all times, covering almost all the store, based on a general suspicion.
In the UK, covert surveillance of employees is tightly controlled. It should only be carried out in exceptional circumstances, such as where there is a specific risk of criminal activity. Even so, it must be:
- Absolutely necessary for the surveillance to be covert rather than open
- For a limited duration
- Targeted at specific individuals
- Across as narrow an area as possible
- Athorised at a senior level – for most businesses, this means a director.
Employers should update their data protection policies to meet the above requirements. Doing so will give them a solid framework for any surveillance and will be the first defence against claims by employees.
López Ribalda and others v Spain (Application nos. 1874/13 and 8567/13)
Köpke v Germany (Application no. 420/07)