With the help of fast growing technologies being developed every day, employers have increasingly more options open to them in when it comes to monitoring their employees in the workplace – whether this is to monitor productiveness or to protect business interests. Methods adopted by employers include observing employees computer systems, social media, web-browsing patterns and private messaging apps. Software is now readily available which can monitor keystrokes and report any suspicious irregularities which may indicate misconduct.

Are we becoming a “surveillance society” and how does such monitoring sit with Article 8 of the European Convention on Human Rights which provides for everyone to have the right to respect for private and family life?, The European Court of Human Rights (“ECHR”)recently had to consider how far a business could go before potentially infringing their employees’ human rights under Article 8 in Lopez Ribalda & Ors v Spain.

Case Summary

Due to irregularities appearing in a Spanish supermarket’s stock levels, visible and covert cameras were installed to detect theft. Employees were told about the visible cameras which were intended to catch customer theft, but they were not told about the hidden cameras which were angled to monitor the cashiers. Images taken by the covert cameras showed cashiers stealing items and they were dismissed having admitted involvement. Later they claimed that their employer had breached their rights under Article 8.

The Spanish court held that the measures to monitor employees were necessary and proportionate, and stated that no other equally effective means of protecting the employer’s rights would have interfered less.

However, the ECHR found that the cashiers’ Article 8 rights to privacy had been breached, stating that the surveillance taken had intruded on the employees’ private lives in such a way that the staff could not avoid it i.e. because they were contractually obliged to work in that location. The ECHR concluded that, as was not done in this case, employers have to strike a fair balance between employees’ human rights and the employer’s interest in protecting its business.

Implications for Employers 

Employers will have to think carefully about the methods of monitoring they adopt. Employees should know whether they are being monitored, and if so, why and how the data or imagery is used.

To comply with UK data protection laws, employees have to have been “explicitly, precisely and unambiguously” informed if a personal data file exists, and how that data is stored and used.

Employers should also be aware of the implementation of the General Data Protection Regulations (“GDPR”) on 25 May 2018, which will impose more duties on data controllers, particularly employers, on how they hold and use data and how they inform data subjects of its use. The GDPR will also change the criteria for consent, so employers have to ensure they are able to rely on valid consent for processing of personal data.

The Information Commissioner states that it will be rare for covert monitoring of employees to be justified and that it should only be done in exceptional circumstances, for example where criminal activity is suspected.

How to avoid the pitfalls

BALANCE:  is the interference with employees’ private life restricted to what is necessary to achieve the aims pursued by the surveillance?

NOTIFY: Ensure employees know about it and how any information caught is used.

IDENTIFY: Carry out an impact assessment to identify any negative effects on staff or the workplace environment.

REVIEW: Update your privacy policies as necessary.

AUDIT: Conduct a data protection audit to ensure you’ll be GDPR compliant.

This article was written for People Management with assistance from Becky Minear, Trainee Solicitor