With the help of fast-growing technologies being developed every day, employers have increasingly more options open to them when it comes to monitoring their employees – whether this is to track productiveness or to protect business interests.
Methods include observing staff computer systems, social media, web-browsing patterns and private messaging apps. Software is now readily available that can monitor keystrokes and report any suspicious irregularities that may indicate misconduct.
Are we becoming a ‘surveillance society’ and how does such monitoring sit with Article 8 of the European Convention on Human Rights, which provides for everyone to have the right to respect for private and family life? The European Court of Human Rights (ECHR) recently had to consider how far a business could go before potentially infringing their employees’ human rights under Article 8 in López Ribalda & Ors v Spain.
Because of irregularities appearing in a Spanish supermarket’s stock levels, visible and covert cameras were installed to detect theft. Employees were told about the visible cameras, which were intended to catch customer theft, but they were not told about the hidden cameras, which were angled to monitor the cashiers. Images taken by the covert cameras showed cashiers stealing items and they were dismissed having admitted involvement. Later, they claimed that their employer had breached their rights under Article 8.
The Spanish court held that the measures to monitor employees were necessary and proportionate, and stated that no other equally effective means of protecting the employer’s rights would have interfered less.
However, the ECHR found that the cashiers’ Article 8 rights to privacy had been breached, stating that the surveillance taken had intruded on the employees’ private lives in such a way that the staff could not avoid it – ie because they were contractually obliged to work in that location. The ECHR concluded that, as was not done in this case, employers have to strike a fair balance between employees’ human rights and the employer’s interest in protecting its business.
Implications for employers
Employers will have to think carefully about the methods of monitoring they adopt. Employees should know whether they are being monitored and, if so, why and how the data or imagery is used.
To comply with UK data protection laws, employees have to have been ‘explicitly, precisely and unambiguously’ informed if a personal data file exists, and how that data is stored and used.
Businesses should also be aware of the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, which will impose more duties on data controllers, particularly employers, on how they hold and use data and how they inform data subjects of its use. The GDPR will also change the criteria for consent, so employers have to ensure that they are able to rely on valid consent for the processing of personal data.
The Information Commissioner’s Office states that it will be rare for covert monitoring of employees to be justified and that it should only be done in exceptional circumstances; for example, where criminal activity is suspected.
How to avoid the pitfalls
- Balance: is the interference with employees’ private life restricted to what is necessary to achieve the aims pursued by the surveillance?
- Notify: ensure employees know about it and how any information captured is used.
- Identify: carry out an impact assessment to identify any negative effects on staff or the workplace environment.
- Review: update your privacy policies as necessary.
- Audit: conduct a data protection audit to ensure you will be GDPR-compliant.
Clare Gilroy-Scott is a partner and Becky Minear a trainee solicitor in the employment team at Goodman Derrick