1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Covert CCTV monitoring possible without violating an employee’s Article 8 privacy rights

The European Court of Human Rights (ECHR) has ruled that covert surveillance to tackle workplace theft did not breach an employee’s right to privacy under Article 8 of the European Convention on Human Rights.

What are the facts of the case?

Five supermarket cashiers were dismissed after hidden CCTV cameras captured them stealing. The cameras had been installed as part of an investigation into large stock discrepancies. The employees brought unfair dismissal claims which were rejected by the Spanish courts who found that, although no prior notice of the surveillance had been given (a prerequisite under Spanish law), this was justified by the employer’s reasonable suspicion of theft.

What did the ECHR decide?

The employees appealed to the ECHR, claiming that their Article 8 rights (respect for one’s private life) had been breached by the covert video surveillance.

Initially, the ECHR upheld the claims on the basis that the video surveillance had targeted all staff, rather than particular individuals, without any time limit and that the employees had not been informed of the surveillance in accordance with Spanish domestic law.

The Spanish government then asked for the case to be referred to the Grand Chamber of the ECHR, which overturned the decision and deemed that the employer did not breach the employees’ right to privacy. It commented that there was a balance to strike between private and public interests and considered the following issues:

  • whether the employees had been notified of the possibility of video surveillance;
  • the extent of the monitoring by the employer and the degree of intrusion into the employees’ privacy;
  • whether the employer had provided legitimate reasons to justify monitoring and the extent of those reasons;
  • whether less intrusive methods of monitoring would have been possible;
  • the consequences of the monitoring for the employees; and
  • whether the employees had been provided with appropriate safeguards.

The Grand Chamber of the ECHR found that the prolonged suspicion of theft was a legitimate reason for surveillance. Furthermore, the monitoring took place in a public area and the duration was not excessive. A limited number of people viewed the recordings, which were used solely for the purposes of the investigation. The ECHR recognised that, under Spanish law, notification of surveillance is required. However, it concluded that the severity of the misconduct meant that surveillance without prior notification was in the public interest.

What can employers take from this decision?

This decision shows that it is possible to use covert monitoring in a targeted investigation. However, employers should be wary of viewing this as a green light on all surveillance, given the court’s careful consideration of all the above factors, and should maintain a strict policy that covert surveillance should only be used when the employer believes there is no less intrusive way of tackling the issue. Appropriate safeguards on use of the images should also be established.

Covert CCTV monitoring possible without violating an employee’s Article 8 privacy rights

Employee expectations of privacy in the workplace – employers should still proceed with caution but a recent case highlights how privacy rights could be waived.

In the case of Garamukanwa v. United Kingdom, the European Court of Human Rights (ECHR) has declared that an employee could have no expectation of privacy in relation to communications and photographs that resulted in his dismissal.


Read more »
Employee expectations of privacy in the workplace – employers should still proceed with caution but a recent case highlights how privacy rights could be waived.

GDPR – are your interests legitimate?

Under the GDPR the requirements for consent will be much stricter, particularly in the employment context, where it is generally accepted that the imbalance of power between the employer and employee is likely to invalidate any consent given by the employee. In this context, employers may turn increasingly to "legitimate interests" as the lawful basis for processing their employees' personal data.
Read more »
GDPR – are your interests legitimate?

Three months to go until GDPR comes into force: are you ready?

Has getting to grips with GDPR been lingering on your to-do list for the past year? With only three months to go until GDPR comes into force on 25 May, now is the time to push it to the top of your list.

Don’t panic if you have not yet started to prepare. Here are our top tips for getting your organisation ready:

  • Start with an audit of what data you hold and what you do with it. You can then consider what legal basis you have for processing the data. With the advent of GDPR, you should be moving away from the use of consent, which individuals are entitled to withdraw, to one of the other permitted bases for processing data. In the employment context, most data processing will be permitted as being required for performance of the employment contract or complying with a legal obligation. There is also a basis for processing where an organisation has “legitimate interests” to do so.
  • A new privacy notice will be needed to comply with GDPR. Consider having separate privacy notices for existing employees and for recruitment purposes. GDPR requires privacy notices to be concise, easily accessible and easy to understand. There is a significant list of mandatory information which needs to be included in a compliant notice.
  • If, like most employers, you have a data protection consent clause in your template employment contract, this should be removed from any new contracts being issued. You don’t need to issue fresh contracts to existing employees but you should let them know that you are no longer relying on consent and refer them to your new privacy notice.
  • Put in place a procedure for dealing with subject access requests – GDPR requires requests to be dealt with faster (within a month in all but exceptional cases) and without charging a £10 fee (except where a request is “manifestly unfounded or excessive”, in which case you can charge a “reasonable” fee). You should also have a procedure in place for dealing with any data breach and the new requirement to notify the Information Commissioner’s Office of such a breach.
  • Start training employees so that everyone is aware of their responsibilities.

Whilst GDPR brings with it the threats of significantly increased penalties for non-compliance, starting preparations now (if you have not already done so) will stand your organisation in good stead for the new regime. If you need support in tackling your preparations, please get in touch with a member of the team.

Three months to go until GDPR comes into force: are you ready?

Surveillance of employees in the workplace and the Article 8 right to privacy

Advances in technology have made monitoring employees easier than ever before. With the increased use of email, smartphones, laptops, trackers and SmartWare, almost every mode of communication has gone digital. As such, it is now possible to monitor your employees’ every movement and communication, to find out not just where they are but also how productive they are being.

However, many employees try to argue that this monitoring is an intrusion on their right to a private life (under Article 8 of the Human Rights Act) and is therefore unlawful.

This important issue has been the focus of two recent decisions by the European Court of Human Rights (ECHR). In each case, the judges considered the limits on what is and isn’t permissible when it comes to the surveillance of employees.

Read more here.

Surveillance of employees in the workplace and the Article 8 right to privacy

UK Employment Law Round-up – February 2018

In this issue we look at some of the key employment law developments that have been taking place over the past month. In particular, we take a look at the outcome of Matthew Taylor’s review of modern employment practices and the Fawcett Society’s report on potential gaps in current sex discrimination legislation in the UK. The second of these is particularly significant in light of the growing movement to raise awareness of sexual harassment in the workplace. We also give you our top tips for getting your organisation ready for the implementation of the GDPR, which is now only three months away(!), and the first hike in the “minimum” requirements for auto-enrolment compliance.


UK Employment Law Round-up – February 2018