Privacy Policies
Cases, Guidance and Case Studies
Corcoran v. W. & R. Jacob & Co.
[1945] I.R. 450
Murnaghan J. Supreme Court.
“This is an appeal brought by the defendant company against a verdict and judgment for £500, damages, in an action tried before the President of the High Court, in which the causes of action which went to the jury were: 1, slander, and 2, assault.
The respondent, Corcoran, was for many years employed by Messrs. W. & R. Jacob & Co., Ltd., and, as a result of the incidents which led up to the trial, he lost his position there, and brought this action. The action also included a claim for damages for wrongful dismissal, but it was admitted at the trial that the plaintiff could not sustain any claim founded on wrongful dismissal.
Now, in Messrs. Jacob’s factory it is the custom to employ commissionaires. We do not live in an ideal world, and hence the firm employ men whose duty it is to examine employees with a view to ascertaining whether they have taken property of the firm. It is admitted by both sides that the commissionaires carry out their duty for that purpose.
On the 17th September, 1943, the respondent, a storekeeper in the appellants’ employment, went into the city on messages on behalf of the company. He had to make two calls. On his discovery that he had forgotten a parcel he returned to the factory after the first call. While he was at or near the gate he was accosted by a commissionaire, Noonan. As a result of his conversation with Noonan he went into an office adjoining the entry, where the events occurred which gave rise to his claim for assault. Some time later Noonan, in the presence of Mr. Smurthwaite, the firm’s welfare officer, the respondent and another man, named Pearse, made a statement which is the subject of the slander claim.
As regards the respondent’s claim for damages for slander the President of the High Court ruled that the words complained of were spoken on a privileged occasion, and the only question raised in this Court is whether or not there was sufficient evidence of malice to go to the jury. The slander was treated as the important issue at the trial.
This Court must have regard to the fact that the jury were entitled to accept the view of the evidence most favourable to the respondent, no matter how it differed from other evidence given in the case. In his evidence the respondent said that on his return to the factory he purchased a copper shovel, and carried it on his bicycle until he reached the factory, where he removed it from the bicycle and put it inside his clothes in a way which was the subject of much discussion in this Court and at the trial. He said himself that it was inside his trousers and dungarees, over which he wore his coat and overcoat. The commissionaire asked him what he had inside his coat and Corcoran said he had a shovel. The commissionaire then asked him to come to the office to be searched. Having gone into the office the respondent says that he proceeded to remove the shovel to show it to Noonan. He also makes statements suggesting that both coats were open, but admits that he had difficulty in getting out the shovel. He says Noonan made a sudden rush a “power dive”at him and pulled his clothes about. The respondent resented that, buttoned his coat, and refused to allow the search to proceed, and went away.
On the commissionaire’s reporting the matter to Mr. Smurthwaite, whose duty it is to investigate such complaints, all of the parties congregated about an hour later in the office of Mr. Smurthwaite. There Noonan made use of the words complained of, viz., “It was a piece of copper ten or twelve inches long that Corcoran had.” Corcoran stoutly maintained that it was a shovel. Comment has been made on the fact that he did not say that he had purchased it whilst he was out on his messages.
Now, it is admitted on this appeal that the words used are defamatory, that they meant that Corcoran had stolen property belonging to the company, and, as the words were not justified, they were actionable unless the circumstances justified Noonan’s using them. The occasion was one in which, even if he made a statement which was not true, he would not be liable if the statement were made in such circumstances that he honestly believed it to be true. The learned President of the High Court having ruled that the words were spoken on a privileged occasion, the defence was complete unless the respondent could show that the words were spoken maliciously, that is, spoken with some indirect or improper motive.
The whole case turns on whether the jury could reasonably infer from the evidence that Noonan was actuated by malice. After Corcoran’s dismissal letters passsed between the respondent and his solicitor and the company’s solicitor. In one of those letters Corcoran mentioned “spite of which he had evidence.” At the trial, however, he gave no evidence of such spite. The only suggestion of actual malice was in the course of the cross-examination of Noonan. It was, I think, suggested that Corcoran had detected Noonan shaving in the factory contrary to the regulations. Noonan denied all this, and there was no other evidence whatever which would suggest ill will in relation to the occurrences in issue in the case.
Then, it was said, Noonan’s demeanour in the witness box was evidence of malice sufficient to support the respondent’s claim, and it was contended that the jury, on his demeanour and the evidence which he gave, were entitled to find that he was actuated by malice. With reference to Noonan’s demeanour in the witness box I do not think there is anything substantial in it to justify a jury’s finding of malice. Undoubtedly, he said, when pressed in cross-examination, that the respondent’s witnesses were telling lies, but I think that was an asseveration that he was telling the truth on points on which he was contradicted. It was also argued that Noonan maintained at the trial that Corcoran had a piece of copper long after the company had stated that they did not make any charge against Corcoran. In fact, it is urged that the evidence shows that Noonan persisted in what he knew to be false. There is no doubt that Corcoran’s evidence contains expressions indicating that the handle of the shovel was sticking out of his clothes, and that his coats were open, but he also states that he had difficulty in removing the article. There was also the evidence of Pearse, who was present in the office when Corcoran was, being searched. I do not, however, accept Pearse’s evidence as meaning that the article was obviously a shovel. In one account of Pearse’s evidence it is said”He thought it was a shovel,” and a somewhat different expression is used in the statement written by Pearse. Unless the respondent’s evidence was such that the jury would be entitled to say it was impossible for Noonan to see this was anything but a shovel, I do not see how the jury could reasonably find that Noonan’s conduct was not founded on an honest belief.
Taking the respondent’s evidence in a fair and reasonable way, I fail to see any evidence on which the jury could find Noonan guilty of malice.
Accordingly, I am of the opinion that there was no evidence on which a jury could say that Noonan was guilty of malice on the ground that he had not an honest belief in his actions, and hence, on the slander issue, the defendants are entitled to judgment. That disposes of the slander claim.
As regards the respondent’s claim in respect of an alleged assault, booklets have been produced here, and evidence was given at the trial of notices exhibited in the factory, showing the firm’s regulations as to their employees’ liability to be searched. As I understand it, the case proceeded on the basis that Corcoran agreed that he was liable to search, as that word is ordinarily understood. There was no limitation of the right of the searcher to put his hands upon the person searched.
The only question which arises, then, is whether there was any unnecessary violence used in Noonan’s search of Corcoran. The respondent spoke of a “power dive.”That is ambiguous, but might lead a jury to believe that excessive strength was used which might be unreasonable in the circumstances. The appellants’ servant said he only used such force as was necessary, and desisted when objection was made, and it is agreed that he did at once desist. My view is that this is a question of fact, in one sense, for a jury. I do not think the mere pulling about of his clothes was such as in any way injuriously to affect the respondent. He was not injured, but merely lost a button. Counsel for the appellant practically admit that it was a question for the jury whether any unnecessary violence was used, and in these circumstances, I do not think that the Court should interfere with the jury’s findings on this issue.
At the trial the jury awarded the sum of £500 damages for both claims, and there was no segregation of amounts. It is impossible for this Court to segregate the amounts assessable to the respective claims, and, accordingly, the jury’s finding as to the amount of damages will be set aside, and the case must be remitted to the High Court on the assault issue for the assessment of damages by a jury.
In the result, the appeal, in my opinion, should be allowed with costs, and judgment entered for the applicants in the issue of slander, and the case must be remitted to the High Court to assess damages on the claim for assault.
In form, judgment should be entered for the appellants in the claim for wrongful dismissal.”
Case Study 12:
Biometrics in the workplace – need for staff consent
I received a number of complaints from staff employed at a logistics company in relation to the proposed introduction of a biometric system at that company for the purpose of time and attendance. These staff considered that their data protection rights would be infringed by being required to provide their employer with a fingerprint. The use of a biometric system impacts on several data protection principles including proportionality, fair obtaining, accuracy and security of personal data.
My Office commenced its investigation by contacting the company and referring it to the extensive guidelines on our website in relation to biometrics in the workplace. During our investigation, a meeting was held with a representative of the company to discuss the matter. In a privacy impact assessment, the company outlined its reasons for the introduction of the biometric system as health and safety, security, administration and cost effectiveness. It also provided details of the type of biometric system it intended to use – a touch verification system. The system requires a fingertip to be inserted into a reader which converts the fingertip into an encrypted algorithm and then the employee enters their unique pin number onto a pad. The system then stores a numeric sequence on a central database. It was claimed that the numeric sequence cannot be reversed or used for any other purpose except for verification and it is also encrypted.
The company also stated that it had looked into other forms of recording time and attendance and found that the biometric system would be the most efficient and cost effective. It also said that other systems could possibly be open to abuse. It stated that it had, in the past, experienced problems regarding abuse in relation to recording attendance. It also assured my Office that all employees, except for the staff who complained to my Office, had consented to the use of the touch verification system. The company said that it had held information sessions in each of its company branches and that written documentation and training had been given to all employees. Any employees who had objections to the system or wanted more information were also invited to address these with management. It also confirmed that the staff who complained to my Office had not been required to start using the system.
The approach of my Office is to try to understand the circumstances that lead a particular data controller to introduce a biometric system using the personal data of its employees, bearing in mind that the scan of a fingerprint is personal data even if converted into an algorithm. My Office reviewed the privacy impact assessment submitted in this case and the company’s responses to our queries. Taking into account the company’s cooperation in the matter, it was agreed that the staff concerned should use a pin code system rather than the biometric system for recording time and attendance. This would not give rise to any issues under the Data Protection Acts. Furthermore, these staff would not be required to use the biometric system in the future, without the company first taking the matter up with my Office. On that basis, I was happy to conclude the matter given that the issues raised by the individuals who made the complaints to my Office had been addressed. I was satisfied that the company had not breached the data protection rights of those staff as it had not required them to use the biometric system against their wishes.
Case Study 13:
Dairygold – Failure to comply in full with an Access Request
In June 2006, I received a complaint from a firm of solicitors acting on behalf of a client regarding alleged non-compliance with a subject access request. The data subject had made an access request to her employer, Dairygold Co-Operative Society Limited/ REOX, in March 2006 but it had not been complied with within the statutory forty day period.
My Office wrote to the data controller and we subsequently received a reply to the effect that the material sought in the access request had now been supplied. However, following examination of the documents received, the solicitor for the data subject communicated further with my Office and identified certain documents omitted by the data controller. Particular reference was made to documents in relation to a workplace accident in which the data subject was involved in October 2004. My Office contacted Dairygold/Reox seeking an explanation for the missing documents. While it responded by providing observations on a number of the missing documents, it also stated that it was obtaining legal advice regarding the release of the documents relating to the workplace accident.
After the exchange of detailed correspondence between my Office, Dairygold/Reox and its legal representatives, an index of all of the personal information which had been released was provided to my Office. In relation to the documents concerning the workplace accident, the solicitors for the data controller confirmed that their client was in possession of both an Internal Accident Report and a Consulting Engineer’s Report. It stated that both documents were prepared in contemplation of a personal injury claim and were therefore privileged.
To satisfy ourselves that there was a sound basis for the legal privilege claim in relation to these documents, my Office sought information from the data controller regarding the dates on which the two reports were created. It was confirmed that the Internal Accident Report Form was created in the days immediately following the workplace accident and the Consulting Engineers Report was created some nineteen months later in May 2006. My Office pointed out to the data controller’s solicitor that the claim of legal privilege related only to communications between a client and his professional legal advisers or between those advisers and that this provision could not be applied to the internal accident report created shortly after the incident. In light of the information available to my Office, we accepted that the claim of legal privilege could be applied to the Consulting Engineer’s Report. The data controller continued, however, to claim legal privilege on both documents. In an attempt to bring closure to this matter, my Office requested a confidential sighting of the Internal Accident Report. Regrettably, the data controller refused to comply with this request and I had no option but to serve an Information Notice requiring that a copy of the Internal Accident Report be furnished to me. The Internal Accident Report was supplied to me in response to the Information Notice. On examining the Report I was satisfied that it contained personal data of the data subject and I was further satisfied that the limited exemptions to the right of access set down in the Acts did not apply to this document. The document also contained some limited personal data of third parties and non personal information which we advised the data controller to redact with the balance to be released voluntarily to the data subject. The Report was subsequently released in accordance with our advice.
There is a tendency for data controllers in some cases to claim non-relevant exemptions under Sections 4 or 5 of the Acts to restrict the right of access. With increased frequency, accident reports in relation to workplace incidents are being withheld with data controllers claiming legal privilege on such reports. I do not accept that legal privilege applies to such reports. It is standard procedure for an accident report to be compiled by an employer in the aftermath of a workplace accident and such reports clearly do not fall into the category of personal data in respect of which a claim of legal privilege could be maintained in a court in relation to communications between a client and his professional legal advisers or between those advisers. Any data controller who is reported to me as having restricted a data subject’s right of access to reports of this nature will face an investigation by my Office involving a close scrutiny of the grounds for applying the restriction. I will have no hesitation in using my full enforcement powers to ensure the rights of the data subject are upheld in relation to such cases.
Pennwell Publishing (UK) Ltd v Ornstien
[2007] EWHC 1570
“This action arose in October 2006 because the Claimant was concerned that the First, Second and Third Defendants were involved in setting up the Fourth Defendant, the Energy Business Group Limited, to compete with the Claimant and that they had unlawfully removed and were using confidential information of the Claimant for the purposes of that competing business. By the time that the matter came to trial, the
In the light of the evidence, I have reached the following clear conclusions of fact:-
(a) I am satisfied that Mr Isles was aware at least in outline of the work being carried out to set up the Fourth Defendant in competition with the Claimant during the period from October 2005 to the end of August 2006 and that he played an active role in the planning and preparation of the launch of that company;
(b) I am satisfied that he must have been aware that Mr Ornstien and Mr Noyau were or were likely to be making use of the Claimant’s confidential information to prepare the various lists and carry out the soliciting of business which was contained in the plan to be carried out prior to 1 September 2006. I do not consider it realistic to suppose that the preparation of 1,000 recipients of the monthly publication, or the targeting of other individuals envisaged in the time line in the Business Plan, could have been carried out whilst they were working at PennWell without the question arising of whether such information could be obtained from PennWell sources. I am satisfied that Mr Isles must have been aware that that was likely and in the absence of any evidence that he discussed with Mr Ornstien and made clear his view that there should be no use of confidential PennWell information, I am satisfied there is an irresistible inference that he knew that Mr Ornstien would be making use of PennWell’s confidential information for these purposes;
(c) however, I am not satisfied that he had any idea that Mr Ornstien would be downloading the very large quantities of confidential information which the Claimant subsequently found to have occurred. Having heard Mr Isles give evidence, I am satisfied that if he had been aware of this he would have protested strenuously against such a blatant abuse of Mr Ornstien’s position and breach of his obligations to PennWell;
(d) I am satisfied that Mr Isles was aware that on certain visits abroad, Mr Ornstien was taking the opportunity to promote the planned business of the Fourth Defendant. However, I am not satisfied that Mr Ornstien or Mr Isles were misusing their expense accounts or promoting their own business at a time when they should have been promoting that of the Claimant. In particular, I am not satisfied that there are any valid criticisms of Mr Isles’ or Mr Ornstien’s conduct on such visits;
(e) I find that Mr Isles was aware that Mr Ornstien was attending the Power-Gen conference on 7 September with a view to competing with the Claimant and that despite that knowledge, he permitted Mr Ornstien to attend and took no steps either to prevent it or to alert the Claimant to the risk of competition;
(f) so far as concerns the list JuniorContacts.xls, I am satisfied that it came into existence in the following way:-
i it derived originally from a list brought by Mr Isles from his previous employment;
ii at some point in his employment with the Claimant, he transferred those contact details onto the Outlook e-mail address system provided to him by the Claimant;
iii thereafter, he maintained a single list of contacts for all those that he needed to contact for the purpose of the business of the Claimant, together with personal contacts of his own, his previous contacts and his family and friends, on the same Outlook address list;
iv although he may from time to time have taken a copy or printed a list of those contacts for perusal, he did not retain them in any form except on PennWell’s Outlook system backed up to the PennWell server;
v that before leaving PennWell, he downloaded the entire address list, comprising his previous contacts and all the contacts that he used in the course of PennWell’s business, to a pen drive mass storage device which he took with him for future use;
vi that the copy of his address list which was left on his computer when he departed was deleted by the Claimant as part of its clean up of redundant computer equipment, with no copy being kept for the Claimant’s own purposes;
vii that it was only after the list was returned by Mr Isles in the circumstances that I have described, that it came to be provided to Mr Nigel Blackaby who took on part of Mr Isles’ role and became used by him in the circumstances described in his witness statement.
Findings
The principal issue now between the parties relates to the rights over the information in the JuniorContacts.xls spreadsheet, but it is necessary to deal shortly with the other claims against Mr Isles. These are of limited significance since it is accepted that as a result of, as the Claimant puts it, its prompt action, no damage has in fact been suffered as a result of the breaches alleged against the Defendants. The Claimant maintains those claims essentially for the purpose of justifying its actions in obtaining an injunction against their undertaking in damages, because of the costs implications and to provide background to an analysis of Mr Isles’ conduct over his contacts list.
Because Mr Isles’ contract of employment did not contain any restrictions on competition after the termination of his employment or, expressly, during his employment, it is necessary to consider the other express and implied terms of his contract.
The following terms of Mr Isles’ employment contract are relevant:-
(a) clause 4.4(iii) – “not during your employment, without PennWell’s written consent have any other job or be interested in any other business”;
(b) clause 16: confidentiality – “… not, during or after the termination of your employment, to discuss with anyone or otherwise disclose, other than in the proper course of your employment, any information of a confidential nature relating to PennWell or any of its affiliated companies, including, without limitation, PennWell Publishing Company, PennWell Publishing New York Inc … or its or their business or trade secrets”;
(c) clause 21: company property – “all documents, manuals, hardware and software provided for your use by the company remain the property of the company and must be returned when your employment ceases. Similarly, any documents you receive from the company’s clients in connection with your work, must be returned before you leave.”
It is common ground that for 11 months prior to his departure, Mr Isles was director and company secretary of the Fourth Defendant and that he had a substantial financial interest in that company. The issue that I have to determine is whether Mr Isles’ involvement in the activities of the Fourth Defendant during any significant part of that period can be regarded as the running of another business, or whether what occurred were simply acts preparatory to the setting up and launch of that business which do not fall within the covenant set out above.
I was referred to the helpful analysis of the distinction between preparatory acts and competitive activity by the Court of Appeal in the case of Helmet Integrated Systems Ltd v. Tunnard ([2006] EWCA Civ 1735 as reported at 2007 IRLR p.126).
In the present case, because of the absence of any restriction in clause 22 of his contract of employment, Mr Isles was free to compete with PennWell after his departure. For that purpose, I accept that he was entitled to carry out preparatory steps, such as identifying business partners, setting up a company and locating suitable premises and equipment, including where necessary actually acquiring them before the date of his departure.
I also accept that Mr Isles did not himself have any significant direct involvement in the preparatory activities, with most of those being carried out by Mr Ornstien.
However, the mere fact that the Fourth Defendant did not trade prior to 1 September, in the sense that it did not issue invoices or publish periodicals or arrange a conference, is not determinative. It is relevant to note that in Helmet the Judge in first instance stressed the following findings:-
(a) there was no allegation of breach of confidence or misuse of confidential information;
(b) it was not alleged [he] was in breach of any restrictive covenant. There was no such covenant;
(c) no other employee was involved;
(d) the Defendant carried out his activities entirely in his own time without any use of the employer’s property;
(e) there was no commercial agreement or arrangement made before he left and no actual competition;
(f) he was neither a director nor an employee of similar rank, he was a middle ranking senior salesman.
Although Mr Isles was not subject to a restrictive covenant, I am satisfied that the steps taken by Mr Ornstien on behalf of the Fourth Defendant went well beyond the kind of preparatory activity which the Court accepted as reasonable within Helmet. I am satisfied that the position is closer to that found by the Judge and affirmed by the Court of Appeal in the case of Lancashire Fires Ltd v. S A Lyons & Co Ltd ([1997] IRLR 113).
In those circumstances, I have to consider whether Mr Isles’ involvement as a director and shareholder, his awareness of the Business Plan and his, as I have found, limited awareness of what Mr Ornstien was doing, coupled with his own limited involvement, amount to a breach of the express term that he would not be interested in any other business.
I find that the actions of Mr Ornstien in pursuance of the Business Plan, although it is clear that many parts of the Business Plan were not in fact accomplished, amounted to the carrying on of a business and not merely acts preparatory to the launch of a business. In those circumstances, I find that the Fourth Defendant did constitute a “business” within the meaning of the express term of Mr Isles’ contract and as a result, through his shareholding and directorship, I find that he had an interest in that business. This is consistent with Mr Isles’ legal responsibility for the acts done on behalf of the company of which he was a director.
It is common ground that Mr Isles was under an implied duty of good faith and fidelity on the principles set out in Robb v. Green [1895] 1 QB 315.
However, because I am not satisfied that Mr Isles had sufficient awareness of Mr Ornstien’s restrictions in his employment contract or of his breaches of duty to the Claimant in removing and misusing confidential information, and because I am satisfied on the evidence that Mr Isles himself did very little, I am not persuaded that Mr Isles was in fact in breach of his duty of good faith and fidelity, except in respect of his knowledge and assent to some limited use of the Claimant’s confidential information by Mr Ornstien, and the attendance of Mr Ornstien at the Power-Gen conference on 7 September which I now turn to consider.
The Claimant further relies on Sybron Corporation v. Rochem Ltd [1985] CH 112 for their assertion that Mr Isles was under a duty to report the misdeeds of Mr Ornstien and Mr Noyau in competing and in removing confidential information of the Claimant. In that case the Court of Appeal decided that although an employee was not generally under a duty to disclose his own past misconduct, the position may be different where a senior employee is aware of misconduct by other employees, particularly where it is continuing.
The Claimant’s case is that Mr Isles’ position was sufficiently senior for him to fall within the rule in Sybron and to be under an obligation to disclose the misdeeds of Mr Ornstien and Mr Noyau.
In that case Lord Justice Stevenson said at page 126H as follows:-
“It follows from Swaine v. West (Butchers) Ltd ([1936] 3 All ER 261) which is consistent with Bell v. Lever Brothers Ltd ([1932] AC 161) and is binding upon us, that there is no general duty to report a fellow servant’s misconduct or breach of contract; whether there is such a duty depends on the contract and on the terms of employment of the particular servant. He may be so placed in the hierarchy as to have a duty to report either the misconduct of his superior, as in Swaine v. West (Butchers) Ltd, …. or the misconduct of his inferiors as in this case.”
I have considered carefully the evidence as to Mr Isles’ role in the company and although I am satisfied that he occupied a senior position, I am not satisfied that he was in a position where he was under an obligation to report the misconduct of Mr Ornstien who was in effect the senior UK member of staff. So far as Mr Noyau is concerned, there is not sufficient evidence before me of separate misconduct on the part of Noyau being known to Mr Isles for me to be satisfied that there arose a duty to report his misconduct in circumstances where I cannot be satisfied that Mr Isles was aware of the restrictions on competition placed on Mr Noyau or Mr Ornstien.
However, I consider that the position is different in relation to the Power-Gen conference on 7 September attended by Mr Ornstien. By that time, Mr Ornstien had left the company and was, to Mr Isles’ knowledge, engaged in promoting a rival business, of which the Claimant was ignorant. As conference chairman, Mr Isles had a responsibility either to prevent Mr Ornstien from attending or canvassing at the conference, or to draw the matter to the attention of his superiors. He was in a position of clear conflict of interest because his interest in Mr Ornstien making use of the conference to promote the Fourth Defendant was in direct conflict with the Claimant’s aims in running that conference. Even if Mr Isles was not aware of any specific restriction on competition in Mr Ornstien’s contract of employment, it must have been clear to him that Mr Ornstien would have been seeking to make use of his contacts with the business and his privileged position as attending the conference, and that any prudent conference organiser would wish to be alert to and take reasonable steps to control any such competitive canvassing.
Finally, the Claimant asserts that because of the seniority of his position, Mr Isles owed a fiduciary duty to act in good faith and in the best interest of the Claimant not to place himself in a position where there was a conflict between his personal interest and his duties to the Claimant. It is said that the setting up of the Fourth Defendant and the steps taken to launch that business including using publicity material very similar to that of PennWell and the obtaining of PennWell client lists, was a breach of that fiduciary duty because of the conflict between his personal interests as an investor in the Fourth Defendant and his duties to the Claimant.
Although the Claimant urged that Mr Isles was in breach of a fiduciary duty, I am not satisfied that there was any aspect of Mr Isles’ conduct which put him in the position of a fiduciary. Had I reached the conclusion that Mr Isles had been involved in the active solicitation of business for the Fourth Defendant by preference to the Claimant, during the time that he was an employee, in relation to those matters of which he had direct control, namely the publication of which he was editor and the conferences of which he was chairman, it would have been necessary to consider this issue rather more fully. However, on my findings, this issue does not arise.
JuniorContacts.xls list
At the heart of this case is the question of whether the information on the JuniorContacts.xls list:-
(a) belongs to PennWell to the exclusion of Mr Isles;
(b) belongs to Mr Isles to the exclusion of PennWell (although Mr Isles does not seek to prevent PennWell from now using the list in common with him);
(c) is jointly owned and can be used by both.
……………
Before deciding the legal status of this list on my findings and, in the alternative if I am wrong as to it being an e-mail address list, the conclusions that I would have reached had I found that it was a separately maintained list of contacts, it is necessary to consider the law in relation to confidential client lists and similar in a little detail.
It is clear from the decision in the Court of Appeal in Faccenda Chicken Ltd v. Fowler ([1987] 1 CH 117) that an employee cannot be restrained from using information obtained during his employment after that employment has come to an end unless it falls within the category of specific trade secrets. That applies even where the employee has gained knowledge of a large range of useful commercial information such as names of customers and how to contact them. Thus, although an employee will be restrained from using that information during his employment, he is not restricted from using it afterwards unless it falls into the restricted category. The Court of Appeal concluded that in order to assess whether particular information is protected it is necessary to consider all the circumstances of the case and they set out the following as matters to which attention must be paid:-
“(a) The nature of the employment. Thus employment in a capacity where “confidential” material is habitually handled may impose a high obligation of confidentiality because the employee can be expected to realise its sensitive nature to a greater extent than if you were employed in the capacity where such material reaches him only occasionally or incidentally.
(b) The nature of the information itself. In our judgment the information will only be protected if it can properly be classed as a trade secret or as material which, while not properly to be described as a trade secret, is in all the circumstances of such a highly confidential nature as to require the same protection as a trade secret eo nomine. The restrictive covenant cases demonstrate that a covenant will not be upheld on the basis of the status of the information which might be disclosed by the former employee if he is not restrained, unless it can be regarded as a trade secret or the equivalent of a trade secret.”
It is plain in this case that individual addresses and contact details were not in themselves sufficiently confidential to amount to a trade secret. Many of them would fall into the first category identified by the Court in Faccenda Chicken, namely material easily available in the public domain, although certain items, such as direct telephone numbers and private e-mail addresses, would not fall into that category.
Therefore, I do not consider that, if Mr Isles had obtained details of these contacts during the course of his employment and selectively identified contacts that he might want to use in future, he could have been prevented from using that information after the end of his employment.
In the circumstances, I do not consider that the use of individual contact names by Mr Isles would be a breach of clause 16 of his contract.
Of far greater difficulty is whether it falls within the definition of company property under clause 21 of his contract.
If what had happened on Mr Isles’ departure was that he had taken a copy of the list of contacts maintained in the PennWell offices, such as the one on an Apple Mac which I have referred to earlier in this Judgment, or such as the list maintained on some form of card index at his previous employers, then I would have concluded that that fell within the definition of documents, manuals, hardware and software provided for his use by the company.
However, the list with which we are concerned in this case was not a list of contacts which had been provided to Mr Isles but one which he had prepared himself from material brought with him at the outset of his employment and other contacts which he had developed during the course of and for the purposes of his employment.
The taking of copies of a list of customers or other contacts by an employee and its subsequent use has long been held to be a breach of an employee’s duty of fidelity (see Robb v. Green [1895] QB 315) and that remains the position today (Bullivant v. Ellis [1987] ICR 464).
Therefore, had this database list been provided to Mr Isles, as it subsequently was to Mr Blackaby, there would be no doubt that to take and use a copy of it would be a breach of the express terms of Mr Isles’ contract as to confidentiality and the return of the employer’s property. If the list was compiled by Mr Isles himself, but as part of his duties, in my judgment there would be no significant difference. A list which most employees cannot lawfully take, cannot be available to be copied by one employee simply because it is his duty to compile that list. Indeed, the duty to maintain its confidentiality is probably greater in the case of the employee whose task it is to compile that list.
At a late stage of this litigation, the Claimant sought to rely on the argument that this was a copyright database, under the Copyright Designs & Patents Act 1988 (“CDPA”) or under the sui generis property right created by the Copyright and Rights in Database Regulations 1997.
This argument, which I find had not been clearly signalled or pleaded, gave rise to the need for supplemental written submissions after the close of oral argument. I am grateful to both parties for the very detailed and full submissions which they have provided to me.
I can, however, state my conclusions on this topic relatively shortly:-
(a) where a database is made by an employee in the course of his employment, his employer is be regarded as the maker of the database subject to any agreement to the contrary (Regulation 14(2));
(b) otherwise, the maker of the database is defined by Regulation 14(1) which provides that “the person who takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining verification or presentation shall be regarded as the maker of, and having made, the database”;
(c) thus, if the database was assembled by Mr Isles privately and for his own purposes, he would be treated as the maker of that database under Regulation 14(1) but if it can be said that the database was made in the course of this employment, then ownership will be that of the employer;
(d) for a relevant property right in a database to exist, there must be a substantial investment in obtaining, verifying or presenting the contents of the database under Regulation 13;
(e) if a database constitutes the author’s own intellectual creation by reason of the selection or arrangement of its contents, then it may be treated as an original work under Section 3A(2) of the Copyright Designs and Patents Act 1988;
(f) it is not necessary, in the light of my other findings, for me to reach a conclusion as to whether the database either in its form on the Outlook system or in the form of the JuniorContacts.xls spreadsheet was an original work within the meaning of the Copyright Designs and Patents Act 1988, but it is right to indicate that I was far from persuaded that the exercise of assembling a list of contacts addresses would be sufficient to qualify.”
In relation to the Regulations, the answer will in my judgment turn on whether the database was one prepared by Mr Isles in the course of his employment, or one prepared by him outside his employment for his own long term purposes as a journalist, although in part using contacts developed in the course of his employment. In the former case, I would hold that the ownership of the database resided in the Claimant and in the latter in Mr Isles.
There are three subsidiary questions which I have to consider. The first is whether the fact that the database was derived in part from material brought by Mr Isles from his previous employment affects the conclusion. In my judgment, it does not. If the database was maintained as a separate spreadsheet by Mr Isles, it would reinforce the conclusion that any ownership of the database rested in him. If, however, the database was created in the course of his employment, the fact that some of the material was derived from information which he had already, does not in itself change the nature of the new database. In this context, it is clear on my findings that data from Mr Isles’ previous list on a spreadsheet was added to the Claimant’s Outlook system. As such, the Outlook system was not a development of the original database, but a new database to which old data was added.
Secondly, in his supplemental submissions Mr Duodu seeks to draw a distinction between the Excel spreadsheet which was finally delivered up by Mr Isles and the original Outlook database from which, on my findings, it was derived. The fact that the copy may be in Excel format and thus different in terms of presentation and usability does not in my judgment make it anything other than a copy of the original data. There is no evidence that any change or re-design of the data or the way that it was presented was carried out by Mr Isles in such a way as to create a new database.
Finally, Mr Duodu argues in the alternative that the database is a work of joint ownership. Again, this will turn on whether the database was created in the course of Mr Isles’ employment, or partly in the course of his employment and partly for his own purposes. In my judgment, on the facts that I have found, the Outlook database was created and maintained for the purposes of the Claimant’s business, although it may have been intended to be used in part for Mr Isles’ own journalistic purposes.
In the event, I do not consider that the analysis of the database regulations changes the position under the general law. The real question for me is whether the database containing the relevant information was the property of the Claimant or of Mr Isles, or whether there was some implied agreement either that although it was created in the course of Mr Isles’ employment he would be entitled to use it thereafter, or that there would be some form of sharing of information.
Had I reached the conclusion that this list had been maintained by Mr Isles separately, in the form of an electronic version of a personal address list, to which he had selectively added contacts which he regarded as journalistic and to be maintained by him for his career purposes, rather than for the purposes of his employment, I would have reached the conclusion that, in ordinary circumstances, Mr Isles was entitled as a journalist to develop and maintain such a list. I would have reached that conclusion because, in my judgment, there is a distinction to be made between on the one hand executives who are provided with and/or maintain and develop contact information for the purpose of doing their job properly, where the removal of that information would be detrimental to their employer and most obviously useable for the purposes of competition, with the position of a journalist who, on the evidence before me which I accept, needs to build up a collection of contacts which he can use when he needs information for his articles. I would also accept that a person in the position of Mr Isles who, by all accounts, is a highly capable and well respected journalist, editor and conference chairman, for the purpose of assembling expert boards for conferences, would be material which he could legitimately seek to develop as part of the body of experience which makes him attractive to employers.
In reaching such a conclusion, I would distinguish his position from that of the salesman who has a list of sales contacts of that business, and I take account of the fact that the protection from use of that material for reasonable periods can be obtained by the inclusion of suitable non-competition clauses in employment contracts, which was not the case with Mr Isles.
In reaching my conclusion I have considered various letters and representations, included without objection in the bundle before me which in my view point up the importance of journalists being allowed to maintain and add to a list of contacts which is independent of any list maintained by their employer and which they are entitled to preserve and use on leaving their employment. One Janet Wood who describes herself as currently news editor of Utility Week magazine and who has had significant previous experience, stated that “neither as a journalist or editor have I known of an occasion when a journalist moving jobs has been required to surrender his contacts to his employer. I do not think it is either practical or useful: they are personal relationships that may have been built up over many years.”
Mr James Lucky wrote on 8 December 2006 as follows:-
“One of the most important assets a journalist can have – regardless of industry or topic covered and be it national, regional or trade press – is a good contacts book. On the few occasions I have moved between journals (as I did when I left IPG for a while to join Energy Markets), I have always kept my contacts records and taken them with me to the new place of work. Quite simply, covering a technical field such as electricity supply I would be lost without them. Many of these contacts are not just people you have met in recent times but important business relationships built up over many years. Contacts for a salesman are a different matter. For a journalist they are your source of information enabling you to write about the industry you cover.”
John Toner who describes himself as a freelance organiser for the National Union of Journalists, has written a letter of support as follows:-
“It is important to draw a distinction between confidential information about a company’s business and the personal contacts that a journalist acquires over the course of his/her career. The former is clearly the property of the company, and should not be disclosed to third parties. The latter, however, is the property of the journalist. A journalist is often employed or engaged by a company on the strength of his/her contacts. It is those contacts, cultivated over many years, that make some journalists more sought after than others. When Mr Isles was headhunted by PennWell, his contacts list would be one of the reasons they were so attracted to employing him. In other words, his existing contacts list, compiled when in the employ of others, was something from which PennWell hoped to benefit. …. It is common practice within the industry that a journalist will take his contacts list from one engagement to another.”
However, the position is in my view rather different in the case of e-mail address books maintained on the employer’s computer. In this case, although I was provided during the trial with a copy of an e-mail policy of PennWell, I am not satisfied that that restriction was ever brought to the attention of Mr Isles or incorporated in his employment contract. I was provided with a copy of an e-mail sent by Mr Freddie Lauritzen, who gave evidence before me, on 16 May 2006 which stated as follows:-
“Compliance and monitoring – violations of these policies may result in disciplinary action up to and possibly including termination. All employees should be aware that e-mail, communications, information access, and network usage at PennWell is not considered private. PennWell may monitor, audit, access, or interrupt all communications, access to the computer network, and employee activites utilising PennWell provided resources without prior notice to users.”
Whilst I am satisfied that that e-mail will have come to the attention of Mr Isles, I am not satisfied that the two documents described as “Network Access and Usage Policy” and “E-mail Policy” were either attached to that e-mail or otherwise brought to Mr Isles’ attention. Mr Lauritzen fairly conceded that he could not be satisfied whether any and if so which attachments were sent with that e-mail.
The relevant section of the e-mail policy provides as follows:-
“Employees may only use the e-mail system for business use. Access to the e-mail system is granted to employees to facilitate communication with co-workers and customers. Employees may not use PennWell provided e-mail systems to send or redistribute any messages or files that are not directly related to their job responsibilities. Routinely receiving personal e-mail via the PennWell e-mail system causes significant increase in disk usage, tape back-up usage, and network usage. Employees are expected to use PennWell’s e-mail system for all business purposes, unless an exception has been granted, in writing, by the Chief Information Officer.”
In my judgment, had that e-mail policy been effectively communicated to Mr Isles, it would have made clear to him that the e-mail system provided to him was to be used only for business purposes and, therefore, that in adding to or maintaining contact details on that system, he was doing so exclusively for the employer’s benefit and not for his own.
However, in the absence of effective communication of such a policy, I have to consider the difficult issue of the status of such address lists on e-mail systems provided by employers for their employees when no express limitation has been imposed.
This raises the difficult issue of the status of such address lists on e-mail systems provided by employers for their employees.
On one view, these lists plainly consist of confidential information of the employer. They include details of the individuals with whom the employee is expected to and will have made contact during his employment for his employer’s purposes. They are backed up, generally, on a system maintained or at least paid for by the employer.
On the other hand, in the new electronic age, electronic address books, whether on mobile telephones, communicators or e-mail systems, are inevitably used by individuals, whether employees or executives, for the convenient storage of those that they wish to contact. In the absence of a declared e-mail policy, it may well be that such employees will use such systems, including on mobile telephones provided for their use, for retaining the records of all sorts of contacts, from personal friends and family, through friendships that they have developed in work and journalistic contacts of the kind I have referred to above, through to the normal business contacts of their employer.
It may well be the case that many employees do not think of the implications of using their mobile telephones or computers to record their own personal contacts and simply use them for convenience. In the case of mobile telephones, modern technology permits the transfer of contact details either one by one or as a block from one telephone or SIM card to another telephone or SIM card. Thus employees may routinely take copies of those contacts at the end of their employment before handing over the telephone to their employer. Similarly, they may well choose to use their employer’s e-mail system or even be required not to use a personal e-mail system such as hotmail on their work computers, so that the only means of communicating during working hours by e-mail is by using their employer’s computer.
I am satisfied that where an address list is contained on Outlook or some similar program which is part of the employer’s e-mail system and backed up by the employer or by arrangement made with the employer, the database or list of information (depending whether one is applying the Database Regulations or the general law) will belong to the employer. I do not consider that the position will change where the database is accessed not from the employer’s computer but from the employee’s home computer by “dialling up” or otherwise “logging on” to the employer’s e-mail system by some form of remote access.
In all those circumstances, I find that such lists will be the property of the employer and may not be copied or removed in their entirety by employees for use outside their employment or after their employment comes to an end.
Because this is not likely to be appreciated by many employees, it is in my judgment highly desirable that employers should devise and publish an e-mail policy of the kind which in this case was devised by PennWell but on my findings not adequately communicated to Mr Isles.
In the absence of such a laid down policy, I next have to consider the status of contact details which have been put on to an employer’s system by an employee for their own use outside their employment, in ignorance of the fact that they would thereby become part of the Claimant’s property. No problem arises, of course, where such details are duplicated elsewhere by the employee because that information is plainly theirs.
In my judgment it is reasonable to imply in the absence of any laid down guidance a term that an employee will at the end of their employment be entitled to take copies of their own personal information and, where the information is person and confidential to them, such as details of their doctor, banker or legal adviser, to remove them from the employer’s system.
Most forms of e-mail system will permit the creation of compartmentalised address books, so that ordinarily an employee will be able to put their own personal contact details of friends, relations, and the like into a personal address book. In those circumstances, in the absence of clear evidence of an e-mail policy, I would be inclined to the view that ownership of that part of the database resided with the employee. It would then only be if that part improperly contained information confidential to the employer which was being removed for the purpose of competition, that the employer could challenge its removal.
I accept that Mr Isles was in a position where he failed to appreciate that by maintaining his contact list exclusively on PennWell’s system, he was thereby keeping it in a form in which it was the property of PennWell. I am satisfied that had he addressed his mind to the position, he would have kept his earlier contacts separate and although he might have added some of them to his work e-mail for convenience, he would not have abandoned his own separate address book spreadsheet system.
I am also satisfied that he would have been entitled, from time to time, to add selected contacts which he had updated or gained during his employment and which were of general use to him in a journalistic context, to that private address book.
Such an approach is entirely consistent with the conclusions that I have reached as to the desirability of a journalist being entitled to develop personal contacts.
I have also reached the conclusion that had Mr Isles wished to do so immediately before leaving his employment, he would have been entitled to remove his private family contacts from the PennWell system and to have extracted information about key journalistic contacts which could properly be described as his personal sources as well as copying any information which he had put on to the system from his own previous resources. I do not consider that he would have been entitled to remove any of the items apart from purely private ones from the PennWell system.
I also consider it likely that had he asked PennWell if he could remove his personal contacts and take details of one or two of his best contacts, he would have been permitted to do so.
It follows therefore that in my judgment, the submissions made by Mr Duodu both as to the general rights of a journalist to develop contacts and to the rights which Mr Isles would have had if he had continued to maintain the JuniorContacts.xls spreadsheet separately, are well founded.
However, on the evidence, this is not what happened in this case. I am satisfied that the list of contacts which Mr Isles downloaded from the Claimant’s Outlook system and converted into the JuniorContacts.xls spreadsheet, comprised the totality of the individuals and organisations with which he had sufficiently regular contact during the course of his employment with PennWell for it to be worthwhile keeping a record of their contact details. Such a list might in another age be maintained by his secretary and would undoubtedly have been the property of PennWell.
If the evidence had suggested that Mr Isles had selectively copied those that he regarded as proper journalistic sources or long term contacts, on to a spreadsheet, then I would have reached the conclusion that he was entitled to retain those as journalistic contacts for the reasons set out earlier in this Judgment. However, I do not accept that the entire list or even a majority of it, fell into that category. In my judgment, this was a list of all the contacts that one would expect an editor and conference chairman holding his position in PennWell, to require for the purposes of PennWell’s business. Although some of them would be relevant to him in his future career, there was no such process of selection. This is an inevitable finding given that he exported his entire Outlook address book.
For it to have been otherwise, Mr Isles would have had to maintain on his Outlook system not those contacts which were useful for the purposes of PennWell’sbusiness but only those which were of long term value to him. It is in my judgment clear that no responsible person in Mr Isles’ employment would have acted in such a way because to do so would have hampered his ability to carry out his work properly.
I am satisfied that Mr Isles removed the entire contents of his address book not for the purpose of maintaining key journalistic contacts and sources in the way supported by the many individuals of distinction who have written in to support his case, but in order to have the widest possible list of contacts of PennWellwho would be useful for the purposes of the Fourth Defendant.
My conclusion is reinforced by the contents of an e-mail sent by Mr Isles on 21 September 2006 to a large number of those on his contact list in which he drew attention to his new role as editorial director of the Energy Business Group and, in essence, sought to maintain contact with them. In that e-mail he wrote as follows:-
“There were a number of changes at PennWell, many of which have been ongoing, which didn’t always align with my vision. This prompted a decision I would have made at some point anyway. However, after leaving I met up with a couple of colleagues who had recently left PennWelland decided to set up a company called the Energy Business Group. I will be producing a monthly subscription only newspaper focusing on power and energy, and smaller conference led events focused on specific markets. In fact the first one will be held in Belgrade April 17-19 called Energy Business South East Europe.”
That statement of how he came to become involved in Energy Business Group was, of course, not true as he accepted in evidence.
For all these reasons, I conclude that the ownership in this database has at all material times been with PennWell, since it was created in the Outlook system of PennWell and that Mr Isles is not entitled either to exclusive or shared use of it.
It follows that, in principle, the Claimant is entitled to retain the database as delivered up and to a permanent injunction preventing use of it, but not of individual parts of its content which may be known to Mr Isles by other means.
However, that leaves over the question of whether, pursuant to the implied terms which I have identified above in relation to an e-mail address system where the Claimant has not made clear its e-mail policy, Mr Isles is entitled to some relief in respect of certain parts of the database.
I have reached the conclusion that the concession offered by the Claimant in respect of those contacts made by Mr Isles before his employment at PennWellbegan, and included in the database, was correctly made and that Mr Isles should be permitted to retain details of those individuals.
In his second witness statement for trial, at paragraph 25 in Exhibit JI12, Mr Isles sets out a chart and statistics in which he attempts to identify the various category of contact included in the list. This is an exercise carried out very much at the eleventh hour, and one which he had previously indicated through solicitors was not practicable. However, it is the only evidence that I have as to which of the contacts, which I have found were incorporated into the database, in fact pre-dated his employment. In category A he identified 288 individuals who he had known prior to his time with PennWell and who had been in his contact list since that time. In category C were 204 entries whom he knew outside work including his brother. In Category D were 5 contacts who he had added to the spreadsheet after he had left PennWell.
I am satisfied that in the circumstance of this case, and despite the way in which Mr Isles in my judgment prevaricated about the existence, nature and origin of the list, it would be reasonable for Mr Isles not to be deprived of those contacts.
The veracity and accuracy of the categorisation has been challenged by the Claimant but there was an opportunity to cross-examine Mr Isles on the list and in any event, I am satisfied that Mr Isles is in general a person of integrity who can be relied upon to do his best to be truthful in identifying the relevant categorisation and the way in which the list has been split up in my judgment is indicative of a careful and considered attempt to provide accurate answers. In those circumstances, I see no reason not to permit Mr Isles to retain that contact information.
So far as the other categories are concerned, these are either category F where Mr Isles is unable to identify the history of those individuals, or cases where he accepts that he either first came into contact with them during his time at PennWell or where he first came into the relevant individual during that period, even if he had previously been aware of their company.
The number of contacts in these categories reinforces my conclusion that this was not a list of journalistic contacts but the wholesale exportation of PennWell’s list. I have no doubt that included within these categories, are at least a few individuals whom Mr Isles would, had he maintained a separate spreadsheet of his journalistic contacts, have included on that list. Had Mr Isles raised the matter properly with his employers prior to leaving PennWell, I think it likely that he would have been permitted, or would otherwise have been found entitled, to take details of such selected individuals. However, by his conduct, he has acted in a way in which there is reason for the Claimant to apprehend that if given the entire list, he would not use it selectively, and in any event, there is no convenient means, without an extensive enquiry, of establishing which of these contacts could reasonably be regarded as journalistic contacts that Mr Isles is entitled to collect together as a journalist and which do not fall in that category. I have therefore concluded that there are no grounds on which, even carrying out a balancing exercise of such rights as he may have pursuant to Article 10 or any implied term of his contract, he should be entitled to a copy of these parts of the list.
Conclusion
I therefore conclude that Mr Isles was in breach of the express terms of his employment contract and that the Claimant is entitled to retain the JuniorContacts.xls list, subject to the limited relief I have identified.
I should add that in my judgment, this is a case in which, although parts of the claim have fallen away and others have not been pursued, the Claimant was entitled both to launch these proceedings against Mr Isles as a director and shareholder in the Fourth Defendant and in respect of his personal role, and in which they were entitled to pursue adequate answers in relation to the JuniorContacts.xls list, in respect of which I find that the answers given by Mr Isles at all times prior to trial were inadequate and partially inaccurate.”
Keenan -v-A Wear Limited
[2007].
This case involved the dismissal of an employee, who had posted profane comments on her friend’s personal Bebo page concerning her Manager at work. The company conceded that no damage was done to its reputation as a result of the comments. However, the posting was in the public domain and linked to the company. Whilst the Employment Appeals Tribunal (“EAT”) acknowledged that the comments posted on the Bebo site deserved strong censure and possibly disciplinary action, the comments did not warrant dismissal. The EAT did not deal with the existence and scope of the employee’s right to privacy rather it determined that the dismissal was unfair on the grounds that the employee’s comments did not constitute gross misconduct in the circumstances. The EAT noted that the comments made were disrespectful, inappropriate and damaged the employment relationship and it regarded the employee’s own contribution to the dismissal as not insignificant.
O’Leary -v- Eagle Star Life Assurance Company of Ireland
[2003]
An employee was dismissed as a consequence of their misuse and/or abuse of email and internet, contrary to the employer’s policy and acceptable practice. The EAT did not address the right to privacy of the employee rather it focussed on the dismissal procedures adopted by the employer and deemed the dismissal as unfair due to the employer’s departure from fair procedures.
Mehigan -v- Dyflin Publications Limited
[2001]
The case involved the dismissal of an employee because of their misuse of email to disseminate pornographic material. The EAT determined that the dismissal was unfair as the employer failed to have clear policies and a code of practice in place dealing with employees’ use of email/internet and the consequences of its misuse or abuse.
It is beyond doubt that the EAT has identified and placed an onus upon employers to have clear policies in place regarding email and internet usage by employees.
O’ L v Eagle Star Life Assurance Co
UD99/2002
The Claimant, in addition to three other employees, was dismissed for the misuse of the company‟s e-mail system The Company had an “Internet Acceptable Usage Policy‟. The EAT stated that the case “exhibited peculiar features which ranged from the sublime to the ridiculous”, and that “all-in-all, it was a juvenile group of adolescent-minded people entering a fantasy world”
EAT held that “the misuse or abuse of e-mails has not been defined within the company structures as „gross misconduct‟ and accordingly warrants a warning, verbal or written but does not warrant dismissal as a first course of action”
…“If an employee is to be dismissed for breaking the rules he should know or have the opportunity to know what the rules are, he is entitled to an assessment and consideration of his case independent to the investigative process”
€20,000 for unfair dismissal
McA v Eagle Star Life Assurance Cont’d
This case arose from the same set of facts. The EAT focused on the reasonableness of the sanction imposed compared to that of the other four employees who were engaged in a similar activity and the question of proportionality arose
“Tribunal is obliged to take into consideration the proportionality of the penalty with the offence and overall to consider what is just and reasonable in all the circumstances of the case.
…..Under these circumstances the Tribunal is of the opinion that in addition to considering the general principle of proportionality the Tribunal is obliged to take into account how other persons in a similar position to the claimant were treated”
The EAT hold that “it is unable to differentiate between the involvement of the four members who were retained and disciplined and the dismissal of the claimant” The Penalty imposed t was “disproportionate” . €6,000 was award for unfair dismissal
TC v Motorola Ireland UD883/2006
The claimant was employed as a software developer with respondent. Allegations arose when an email, sent from a yahoo email address, circulated criticising the respondent‟s performancemanagement policy. A Leaflet was circulated criticising the same policy at a social Function. The claimant admitted sending the email when presented with evidence, including draft emails found on his computer. The claimant was dismissed for inappropriate use of company email, and breach of company policy
EAT held that the respondent „overreacted to thevgravity of the claimant‟s actions‟, finding that £the gravity of the misconduct did not justify instant dismissal‟
JM v D Publications
UD582/2001
The claimant, a production manager with 12 years service, was dismissed following the discovery by the respondent of pornographic images attached to an email on his PC at work. There was no written company policy regarding email/internet usage Claimant was dismissed for misusing the email and by letter dated 30 July 2001 the reasons for his dismissal were tha this “activities constitute not just a breach of trust but an act of gross misconduct which could reflect very badly on D Publications Limited”
EAT heard evidence that there were no systems in place in the Company to secure against breaches of e-mail/internet usage and heard that there was no written Company policy regarding e-mail usage. EAT was satisfied that the proper procedure was followed by the respondent in terms of investigating the matter, however it found that “the speed, at which theclaimant was dispatched, after twelve years service,caused some concern to the Tribunal”
… “clearly the EAT or any third party will be heavily influenced by the existence of a written e-mail and internet policy where the employer reserves the right to dismiss for breaches of the policy. It is unlikely that the use of the internet for unauthorised purposes will amount to a sufficient reason justifying an employer from dismissing an employee without notice in the absence of a clear written statement to this effect in the company‟s policy. An exception to this perhaps, would be in a situation where an employee was using the Company‟s facilities to download obscene pornography from the internet.”
….Tthe Respondent failed to have in place clear policies and a code of practice on employee use of e-mail and the internet. The consequences of its misuse should have been made absolutely clear to all employees. After much discussion, the Tribunal decided that the onus was on the employer to have a clear policy in place to deal with use of e-mail and the consequences of its misuse/abuse”
The EAT found there to be an unfair dismissal, but held that the claimant has contributed to it and reduced its award.
B v Premier Recruitment International Ltd
UD 1290/2002
The claimant was employed by the respondent as a recruitment consultant. The respondent had a written company policy on e-mail usage stating that e-mails of employees were not private and the right to monitor e-mail traffic was reserved. Respondent monitored emails where there was any suspicion of misuse Respondent was aware that the claimant was sending personal emails offending a number of the managers of the respondent company. The Respondent claimed that there was a “complete breakdown in trust‟ due to the defamatory and harassing emails the claimant was sending to co-workers and managers
Claimant was seven months pregnant at the time of her dismissal and alleged that her pregnancy was the real reason for her dismissal. EAT held “that the conduct of the claimant in relation to the use of the email facilities for matters other than those connected with her employment appears to us to have been irresponsible. The nature of the e-mails were at their very least offensive and resulted in creating a tense and unpleasant atmosphere in the place of employment affecting in particular at least four employees of senior level”
….“having conducted an investigation into the situation the respondent was satisfied that the trust and confidence which has long been established by this tribunal to be fundamental to proper working conditions and is necessary for the correct administration of any reputable business, to be virtually destroyed to such an extent that the claimant could no longer be retained by the respondent. Accordingly the claim fails”
EK v Awear
UD643/2007
Claimant commenced employment with respondent as a sales assistant in August 2003 In late March 2007, claimant posted derogatory comments about her manager on Bebo website, which were brought to the attention of the respondent by a customer
A-wear had an official presence on Bebo, and the branch where the employee worked maintains a separate, but connected page to the official site. A disciplinary meeting was held at which the employee stated that she was „having a bad day‟ when she posted the comments and was reacting to a false contention made by a particular manager. The claimant contended that the comments were posted on her friend‟s site, which in turn was linked albeit, indirectly, to the respondent‟s site on the Bebo network. The claimant argued that there was no direct link to the respondent.
She regarded her message to her friend as just that but accepted that the message was accessible to the general public due to the nature of the overall Bebo site and its links. The claimant was dismissed on the grounds of gross misconduct. Whilst the respondent conceded that the claimant‟s comments on a linked site did not directly name the respondent, the comments were in the public domain and linked to the respondent “in other ways”. The Respondent accepted that “no damage was done to the respondent‟s reputation as a result of those comments”
EAT held “that the respondent acted disproportionately in dismissing the claimant in this case”, and that “while their disciplinary procedures were fair and proper their sanction was not”
“Certainly the claimant‟s comments deserved strong censure and possible disciplinary action but they did not constitute gross misconduct in the circumstances”. The claimant‟s contribution to her own dismissal to a not insignificant extend that the award was reduced.
Taylor v Somerfield Stores Ltd
UK EAT 2007
CT was awarded £2,283 after being unfairly dismissed by the Respondent company for having brought the company into disrepute by showing a lack of concern for health and safety, when he posted a video clip on YouTube of his colleagues playfighting with plastic bags in the company warehouse
UK EAT found that there was “no evidence that he had brought the company into disrepute”. The Respondent could only be identified from the video by a viewer who was familiar with the colour pattern of the employees‟ retail uniform, and it was “therefore unlikely that the video could damage the reputation of the company in the eyes of a reasonable viewer”
There “had been no enquiry as to how many hits the video had received”,
Atkinson v Community Gateway Association
Guidance Notes – Monitoring of Staff
The Data Protection Commissioner accepts that organisations have a legitimate interest to protect their business, reputation, resources and equipment. To achieve this, organisations may wish to monitor staff’s use of email, the internet, and the telephone. However, it should be noted that the collection, use or storage of information about workers, the monitoring of their email or internet access or their surveillance by video cameras (which process images) involves the processing of personal data and, as such, data protection law applies to such processing. The processing of sound and image data in the employment context falls within the scope of the Data Protection Laws.
The Article 29 Working Party, has adopted a Working Document (WP55) on the surveillance of electronic communications in the workplace. Its main guiding principle is that you do not lose your privacy and data protection rights just because you are an employee. Any limitation of the employee’s right to privacy should be proportionate to the likely damage to the employer’s legitimate interests. An acceptable usage policy should be adopted reflecting this balance and employees should be notified of the nature, extent and purposes of the monitoring specified in the policy.
In principle, there is nothing to stop an employer specifying that use of equipment is prohibited for personal purposes but the likelihood is that most employers will allow a limited amount of personal use. In the absence of a clear policy, employees may be assumed to have a reasonable expectation of privacy in the workplace.
The following points need to be addressed by data controllers:
the legitimate interests of the employer – to process personal data that is necessary for the normal development of the employment relationship and the business operation – justify certain limitations to the privacy of individuals at the workplace. However, these interests cannot take precedence over the principles of data protection, including the requirement for transparency, fair and lawful processing of data and the need to ensure that any encroachment on an employee’s privacy is fair and proportionate. A worker can always object to processing on the grounds that it is causing or likely to cause substantial damage or distress to an individual.
monitoring, including employees’ email or internet usage, surveillance by camera, video cameras or location data must comply with the transparency requirements of data protection law. Staff must be informed of the existence of the surveillance, and also the purposes for which personal data are to be processed. If CCTV cameras are in operation, and public access is allowed, a notice to that effect should be displayed. Any monitoring must be carried out in the least intrusive way possible. Only in exceptional circumstances associated with a criminal investigation, and in consultation with the Gardai, should resort be made to covert surveillance
monitoring and surveillance whether in terms of email use, internet use, video cameras or location data are subject to data protection requirements. Any monitoring must be a proportionate response by an employer to the risk he or she faces taking into account the legitimate privacy and other interests of workers.
at a very minimum, staff should be aware of what the employer is collecting on them (directly or from other sources). Staff have a right of access to their data under section 4 of the Data Protection Acts.
any personal data processed in the course of monitoring must be adequate, relevant and not excessive and not retained for longer than necessary for the purpose for which the monitoring is justified.
Private use of the Internet in the workplace and the monitoring of private emails pose certain challenges. A workplace policy should be in place in an open and transparent manner to provide that:
A balance is required between the legitimate rights of employers and the personal privacy rights of employees
Any monitoring activity should be transparent to workers
Employers should consider whether they would obtain the same results with traditional measures of supervision
Monitoring should be fair and proportionate with prevention being more important than detection.
Template for Acceptable Usage Policy – Email and Internet
The following is the Office Policy of the Data Protection Commissioner and may serve as a template for organisations wishing to develop Acceptable Usage Policies in relation to email and the internet.
Material you receive (e-mail, fax,cd, diskette, download)
E-mail has the same status as incoming paper and fax. It must be opened, read and evaluated and responded to within the timelines set out in the offices business plan.
1 – Potentially dangerous material
Do not launch, detach or save any executable file (i.e. those ending in ‘exe’ or ‘vbs’) under any circumstances. Contact IT Division immediately.
All incoming attachements must be virus checked by IT Division. Please note that all floppy disks and CD’s brought into the office from home PC’s should also be virus checked. The safer option is to forward these attachments by e-mail from your home pc as they will be automatically screened by the mailsweeper software.
Do not open, detach or save any unofficial file attachments to your hard disk or any network drive. Official attachements should be placed in the relevant document Library or detached to a shared drive. Please beware of saving any documentation to the hard drive of you pc as this will not be backed up and will be irretrievable in the event of your pc breaking down.
2. Obscenity, Child pornography and Incitement to hate.
You are subject to all legislation regulating Internet use, including the provisions regarding obscenity, child pornography, sedition and the incitement of hate. In particular, persons have obligations under the Irish Child Trafficking and Pornography Act 1997, not to allow any of its systems (mail, Internet etc.) to be used for downloading or distributing offensive material.
3. Other Offensive and Time wasting Material
Unsolicited material can arrive from anywhere. Should you receive material which you find offensive or abusive or time wasting respond to it just as you would an offensive letter: complain directly to the sender and bring it to the attention of the sender’s employing organisation / IT and HR managers as appropriate.
In the case of any Spam mail don’t issue any reply.
4. Misleading information
Always be aware that the Internet is an unregulated, world wide environment. It contains information and opinions that range in scope from reliable and authoritative to controversial and extremely offensive. It is your responsibility to assess the validity of the information found on the Internet.
Material you send
Remember that e-mail is effectively on official headed paper and can be traced back to place, date and time of sending. Make sure you are satisfied with its content and that it has been approved at the appropriate level. Double check the address of the intended recipient. Once the “send” key is pressed, e-mail cannot be stopped or retrieved. Deleting mail from your system does not make it untraceable.
Do not send any unofficial graphics or executable files under any circumstances. Do not instigate or forward “unofficial mail” to users either within or outside the Office or send any material which may be offensive or disruptive to others or which may be construed as harassment. Do not make derogatory comment regarding gender, marital status, family status, sexual orientation, religion, age, disability, race or membership of the travelling community.
Remember that screensavers can be a means of causing offence.
Do not use another’s e-mail account.
All e-mail’s are automatically backed up and are recoverable. All e-mail’s leaving the Office should have the following text or equivalent automatically appended :-
“The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and / or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. It is the policy of [ insert employer’s name] to disallow the sending of offensive material and should you consider that the material contained in the message is offensive you should contact the sender immediately and also your IT manager”.
In general : think before you send.
Screening procedures
A suitable IT screening system should automatically screen all mail for known viruses, attachments etc.
IT Division does not normally read individuals mail or open mail boxes except:
(1) where the screening software or a complaint from an individual indicates that a particular mailbox contains material which is dangerous or offensive.
(2) where a legitimate work reason exists to open the e-mail.
Opening mailboxes for investigation requires authorisation by (Senior manager) on a case by case basis. The individual’s mailbox, hard disk, network drive and relevant backups are then searched.
Where investigation proves that a problem exists it will be reported to the sender, their organisation, the staff member concerned, Head of Division and HR Manager for appropriate action. Where the problem concerns material such as a virus or an unauthorised .exe file, which can damage the network, IT Division may immediately close down an account pending further investigation and action.
Blocked messages either inbound or outbound are deleted after 21 days, if a request for release is not received. Messages containing virus files are not retained.
Time wasting and resources
Network resources such as storage space and capacity to carry traffic are not unlimited. However your time and that of your colleagues is the most valuable resource available to the Office.
You must not deliberately perform acts which waste your own and your colleagues time or computer resources. These acts include
Playing games
Online chat groups
Uploading / Downloading large unofficial files which create unnecessary non-business related loads on network traffic
Accessing streaming audio / video files, for example, listening to music or watching movie clips
Forwarding audio / video files to colleagues
Participating in mass non-business related mailings such as chain letters
Sending unofficial attachments
Financial Implications
Do not download any material / software from the Internet for which a registration fee is charged without first obtaining the express permission of the Office. Only the software installed by IT Division, and therefore listed on the Offices Assets Register, is deemed to be legally sourced by the Office and covered by the appropriate licence agreement. No other software is approved for use on any of the Offices computers or laptops.
Security
You are responsible for the use of the facilities granted in your name. The main protection at present is your password. Make it difficult to guess and above all, do not share your password with anyone, write it down or give it out over the phone. If you think someone knows your password, ask for it to be changed as soon as possible. Maintaining the privacy of your password is your responsibility and consequently you are responsible for any abuses taking place using your name and password.
In general do not leave your computer unattended without securing the session by password or signing off.
When leaving your pc unattended press Ctrl Alt Del (in the same way as logging into your pc) and click the “Lock workstation / Lock computer” box. On return press Ctrl Alt Del and enter your password to log back into the pc.
Users accessing the Internet through a computer attached to the Office’s network must do so through an approved Internet firewall or other security device. Bypassing the Office’s computer network security by accessing the Internet directly by modem or other means is strictly prohibited.
You are reminded that files obtained from sources outside the Office, including disks brought from home, files downloaded from the Internet, news groups, bulletin boards or other online services and files attached to e-mail messages may contain computer viruses that may damage the Office’s computer network. While the Office is continually upgrading its virus protection infrastructure, the potential introduction of viruses on the Office system always remains a threat. All incoming material, regardless of origin, should be virus checked before being used on any PC on the Office’s network. This is not paranoia : a wide variety of viruses from a wide range of individuals and organisations have been blocked over the last 12 months. This threat is real and will not be diminishing. If you suspect that a virus has been introduced into the Office’s network, notify the IT Section immediately.
The Internet is not secure. Whether by e-mail or via the World Wide web, do not give out more information than is necessary to fulfil your purpose. Beware of demands for unnecessary information. Be wary of sites which request more data than is necessary for accessing the site or for making a transaction, or which do not tell you why they require this data from you. In particular, no information on IT systems or resources should be disclosed over the Internet or through e-mail without authorisation from IT Division.
External e-mail should only be used to transmit unclassified information to individuals outside the Office. Classified or confidential material should not be sent by e-mail unless it is encrypted.
Weblogs
All web browsing is logged. Screening software prevents access to certain non-work related sites. The logs of web browsing will only be accessed with management authorisation, where there are reasonable grounds to believe that this policy has been contravened.
Personal Use
Just as with the phone, a small amount of limited personal use of e-mail and Internet facilities is permitted if such use does not otherwise infringe this policy.
Freedom of Information and Archives Acts (only applies to public bodies)
Incoming and outgoing e-mail’s which are of “enduring organisational interest” are records under the above Acts and must not be kept in your e-mail account. They must be transferred to the appropriate document library or file.
Guidance Note oin Vetting
This guidance note focuses on data protection considerations that must be taken into account before vetting prospective employees/volunteers/students in certain specified sectors. It provides guidance for organisations on how to treat information that is provided to them on foot of a vetting procedure. This note also provides background information about how vetting procedures currently operate in this jurisdiction.
Under the Data Protection Acts information about the commission or the alleged commission of an offence by a person falls within the definition of sensitive personal data. Currently, there is no comprehensive statutory basis which underpins the vetting process. The Office of the Data Protection Commissioner supports the current procedure for managing requests for vetting in this jurisdiction. The procedure is based on the consent of the person to the release of certain types of information held by An Garda Síochána in respect of that person.
How the vetting process works
a) Who can be requested to undergo vetting?
The Central Vetting Unit within An Garda Síochána conducts vetting for organisations that are registered with the Unit for this purpose. At present, employees/volunteers/students are requested to consent to a vetting procedure before working in the following roles:
Prospective employees of the Health Service Executive and agencies funded by the Health Service Executive where the work involves access to children and vulnerable adults;
New teachers in the primary and post-primary sector;
New employees and volunteers in the youth work sector and certain sports organisations;
Staff, students and volunteers in the childcare sector;
Staff working in care homes for older people.
Vetting also takes place in relation to:
State employees;
Employees covered by the Private Security Services Act 2004.
Standard procedures are in place for organisations registered with An Garda Síochána for vetting purposes. For vetting to occur, vetting subjects must complete a formal Garda Vetting Application Form. Vetting subjects must give written authorisation for An Garda Síochána to disclose to the registered organisation details of all prosecutions, successful or not, pending or completed and/or details of all convictions, recorded in the State or elsewhere in respect of them held on record by An Garda Síochána. Only specific people recognised as authorised signatories in the approved organisations can submit signed authorisation forms to the Garda Vetting Unit for processing. Once processed, vetting results are transmitted from the Garda Central Vetting Unit directly to the authorised signatory that submitted the application in respect of the individual for further consideration by the organisation.
b) Information that may be released as part of the vetting process
When a vetting subject gives their written permission for An Garda Síochána to disclose details of all prosecutions, successful or not, pending or completed and/or details of all convictions, recorded in the state or elsewhere in respect of them to a registered organisation, all such details as held on record by An Garda Síochána in respect of the vetting subject are disclosed. In the case where vetting subjects have been prosecuted, notwithstanding the court outcome in respect of the prosecution, the factual details contained in the resultant court outcome are disclosed to the authorised signatory.
c) Dispute Resolution
All organisations registered for Garda Vetting participate in a dispute resolution procedure designed to address any instance in which a vetting subject disputes the details contained in the relevant Garda Vetting disclosure. The procedure may be activated by the vetting subject by indicating the basis of their dispute in writing to the authorised signatory who received the Garda Vetting disclosure. The authorised signatory then resubmits the complete application file to the Garda Central Vetting Unit for the conduct of further checks.
d) Probation Act 1907 and Vetting
In instances where, in the court outcome, the court applies the provisions of the Probation Act 1907, the charges are dismissed. However, in order to avail of the provisions of the Probation Act 1907, the case is marked as ‘proved’. While individuals often consider that they do not have a formal criminal record, when a person gives their written authorisation for vetting to be conducted the authorised signatory for the registered organisation is informed of the charge as a ‘non-conviction’ rather than a formal conviction.
e) Age
There is no Garda Vetting for people under the age of 16. However, if a candidate is aged 16/17 and requires vetting (e.g. to enter a child care course in college) the consent of a parent or guardian is sought by An Garda Síochána.
f) Retention of vetting forms by An Garda Síochána Central Vetting Unit
When the Garda Vetting Unit has complied with a vetting request, the original vetting application form is returned to the authorised signatory for the registered organisation. The Garda Vetting Unit does not retain a copy of this documentation. Information about the retention of these forms by registered organisations is dealt with in the next section.
Important data protection guidance regarding the use/storage and retention of information received by an organisation which carries out vetting
a) Can information received as part of the vetting process be shared by one organisation with another?
As mentioned previously, the Office of the Data Protection Commissioner supports the current procedure for managing requests for vetting in this jurisdiction.
As outlined in Section 2 of this guidance note, the consent given by an individual for vetting is specifically linked to the disclosure of their information to a specific registered organisation to allow the organisation to make an assessment decision about allowing that individual to take on a particular role within that organisation. The Office of the Data Protection Commissioner does not consider it appropriate that information disclosed to one named organisation for this sole purpose would be shared by that organisation subsequently with any other organisation, even with consent (except where the registered organisation is clearly undertaking the vetting on behalf of a related organisation). There are a number of data protection reasons for this.
Firstly, as the vetting process may involve the provision of sensitive personal information about a person, it is absolutely imperative that there is no drift in terms of the use to which such information may be put or in terms of the identity of the organisation using the information (other than within the restricted context outlined previously).
Secondly, An Garda Síochána ensures that confidentiality and data protection requirements are met by restricting vetting disclosures to persons trained as authorised signatories. The further disclosure of such information to other parties, even with the consent of the vetting subject, would not be appropriate and will increase the potential for breaches of data protection rights.
Aside from data protection concerns, An Garda Síochána wish to ensure the integrity of the vetting process. To achieve this it is necessary that each organisation should separately vet each person rather than share potentially dated information that was supplied as part of a previous vetting request.
b) Secure storage of vetting information
The secure storage of vetting disclosures made by An Garda Síochána to authorised signatories is another key data protection consideration in this area. The content of such disclosures constitute sensitive personal data. Therefore they must be held in a secure manner with access restricted to a small number of authorised personnel.
Vetting disclosures may only be used for the purpose for which they were provided to an organisation in accordance with the consent of the vetting subject. They cannot be further processed or disclosed to other parties.
c) Retention of vetting information
Personal data must be destroyed when the purpose for which it was sought has expired. This can be problematic in relation to the continued holding of vetting disclosures as the Data Protection Commissioner is concerned that their long-term retention creates the potential for unauthorised access and use. Accordingly, the Office of the Data Protection Commissioner recommends that vetting disclosures should be routinely deleted one year after they are received except in exceptional circumstances. In case of future queries or issues in relation to a vetting disclosure, the reference number and date of disclosure may be retained on file and this can be checked with An Garda Síochána. This practice is sufficient for all organisations engaged in vetting, including organisations subject to external statutory inspection of staff vetting practices.
In regard to all unsuccessful employment applications, the vetting disclosure and all other personal data collected in the recruitment process should be deleted after a year in line with standard advice in this area. It is important that organisations are aware that an individual has the right to make a request for a copy of information held about them.
This requirement that an organisation does not share with another organisation information on individuals received as part of the vetting process does not prevent the supply of the vetting response to the vetting subject. It is good practice to give it to them and in any case they would have a right to access a copy of their personal data under section 4 of the Data Protection Acts 1988 & 2003.
Can Garda Vetting be carried out by employers in sectors other than those mentioned in Section 2 of this guidance note?
In general, An Garda Síochána will only carry out vetting for approved organisations in designated sectors. Such a service is not generally available to other employers. While An Garda Síochána are required to provide information from their records in response to access requests from individuals, the responses to such requests are not of the standard applied to vetting applications.
Under section 4(13) of the Data Protection Act,s it is an offence for an employer to require an employee or prospective employee to make an access request related to their employment (an “enforced subject access request”).
Frequently Asked Questions – FAQ Data protection in the workplace
3.1 What type of background checks can I carry out on potential employees?
3.2 How can I seek Garda vetting of a potential employee?
3.3 What is the position in relation to enforced subject access requests?
3.4 When applying for a new job, can a prospective employer seek the PPSN of candidates as part of the application process?
3.5 How long can an organisation retain employee data?
3.6 Can my employer keep a copy of my passport?
3.7 Can my employer access my email or internet usage?
3.8 Can my employer post my photograph on the internet / intranet without my consent?
3.9 Can my employer use GPS / Vehicle Tracking Systems?
3.10 Can a sales representative take a list of clients when leaving the employment?
3.11 A Company is being taken over by another company. Does the new organisation need consent before medical files are transferred?
3.12 I have supplied my CV and other personal information in response to a job advertisement which I now suspect was a bogus advertisement, is there anything I can do to minimise the risk of fraudulent activity?
3.13 Requests for Presentations and Training
3.1 What type of background checks can I carry out on potential employees?
The key to compliance with data protection is to inform the potential employee of any potential checks that may be undertaken and seek their specific consent for certain types of checks, e.g. qualification checks, character reference checks.
Any information that is legitimately in the public domain can generally be accessed within the context of data protection requirements without giving rise to concerns. The person should be provided with any such information, however, in order that they can have an opportunity to provide comments on it.
An employer is entitled to ask an employee to declare if they have any previous relevant criminal convictions which might impact of the desirability of them performing a particular task. However, an employer should only be concerned about convictions that relate to the particular job on offer. For example, a job involving driving may justify the employer asking about previous driving convictions. This requirement may be updated shortly via a Spent Convictions Bill which was recently introduced by the Government which will allow potential employees (not where they are dealing with children or vulnerable adults or other sensitive positions) in certain situations the option not to provide such information.
Organisations/employers seeking to access information held by a credit referencing organisation about prospective or current employees could present data protection concerns. Any forced requirement placed upon employees to seek credit history information from the Irish Credit Bureau, for example, for employment screening purposes could be considered a breach of the Data Protection Acts.
Certain sectors, for example where employees have contact with children or vulnerable adults, are permitted to make use of Garda Vetting checks which are carried out with the consent of the person.
3.2 How can I seek Garda vetting of a potential employee?
Under the Data Protection Acts information about the commission or the alleged commission of an offence by a person falls within the definition of sensitive personal data.
Currently, there is no comprehensive statutory basis which underpins the vetting process. The Vetting Bill currently before the Oireachtas will provide that basis when enacted. The Office of the Data Protection Commissioner supports the current procedure for managing requests for vetting in this jurisdiction. The procedure is based on the consent of the person to the release of certain types of information held by An Garda Síochána in respect of that person.
At present the only garda vetting services on offer concern the vetting of persons in contact with children or vulnerable adults. Vetting also takes place in relation to certain State employees working in sensitive areas. Vetting has also been extended to employees covered by the Private Security Services Act 2004 (bouncers, nightclub security staff etc).
More information is available here.
3.3 What is the position in relation to enforced subject access requests?
An ‘enforced access request’ is where an applicant is obliged by a potential employer or organisation they are dealing with to make an access request under Section 4 of the Data Protection Acts to a data controller. The individual would typically then be asked to subsequently provide this information to their employer/prospective employer/organisation they are dealing with.
An employer who requires an employee or prospective employee to make such an access request commits an offence under the Data Protection Acts.
In the case of An Garda Síochána, it advises that the information released under an access request should not be considered as a formal vetting procedure for employment or other purposes.
3.4 When applying for a new job, can a prospective employer seek the PPSN of candidates as part of the application process?
An employer should only seek your PPSN if you are successful at the recruitment process and are actually taking up employment with the organisation. An employer requires the PPSN of each employee for Revenue purposes. There is no basis for a prospective employer to capture a candidate’s PPSN at the application stage.
3.5 How long can an organisation retain employee data?
The Data Protection Acts state that personal information held by Data Controllers (an organisation) should be retained for no longer than is necessary for the purpose or purposes for which it was obtained. If the purpose for which the information was obtained has ceased and the personal information is no longer required, the data must be deleted or disposed of in a secure manner. However, the Acts do not stipulate specific retention periods for different types of data, and so organisations must have regard for any statutory obligations imposed on them as a data controller when determining appropriate retention periods.
In relation to HR records, it is our understanding that, in accordance with the Organisation of Working Time Act 1997, employers are required to keep records of holidays, public holidays, special leave, rest breaks, start and finish times of each employee for each day and sick leave for a period of 3 years.
There are also requirements in relation to the retention of financial/tax records, as well as obligations to retain certain categories of information for superannuation/pension purposes.
In relation to the retention of recruitment records for unsuccessful candidates, we would consider a retention period of 12 months to be appropriate.
3.6 Can my employer keep a copy of my passport?
An employer may ask to see your passport at recruitment stage if this is necessary to show that you are entitled to work in Ireland. An employer may note such passport details on your personnel file. It should not be necessary for an employer to retain a copy of your passport and such action could be a breach of the Data Protection Acts.
3.7 Can my employer access my email or internet usage?
Please see our guidance note on staff monitoring available here
3.8 Can my employer post my photograph on the internet / intranet without my consent?
A photograph of a person constitutes their personal data and therefore any use of that photograph must be in accordance with the Data Protection Acts.
Staff should be informed of all such uses that will be made of their image and given an opportunity to object to such use.
3.9 Can my employer use GPS / Vehicle Tracking Systems?
The use of tracking systems in general can give rise to data protection issues if not deployed in a manner that takes account of the legitimate privacy expectations of individuals.
Staff monitoring, including a GPS system, must comply with the transparency requirements of data protection law. Staff must be informed of the existence of the surveillance and also clearly informed of all the purposes for which the personal data will be used.
We expect any organisation deploying vehicle tracking devices to abide by the following rules:
· The data controller must inform drivers of the purpose(s) for which the personal information processed by the tracking device will be used.
· The personal information processed by the tracking device may not be used for a purpose other than the stated purpose(s).
· Data controllers should devise and make available to drivers a policy on the use of tracking devices. This document should also set out the data controller’s policy on the use of company vehicles for private use.
· If a company vehicle is permitted to be driven for personal use outside of working hours, a privacy switch must be fitted and should be trained on its operation.
· New employees should be made aware of the existence of tracking devices on company vehicles and should be trained on the operation of the privacy switch.
3.10 Can a sales representative take a list of clients when leaving the employment?
A fundamental principle of data protection is ‘fair obtaining and processing’. Under Section 2(1)(a) of the Data Protection Acts, 1988 and 2003 “the data, or, as the case may be, the information constituting the data shall have been obtained, and the data shall be processed, fairly”. In general, the fair obtaining principle requires that every individual about whom information is collected is aware of what is happening.
Accordingly the list cannot be brought from one company to another as the clients consent would be required in order to comply with the fair processing principle.
3.11 A Company is being taken over by another company. Does the new organisation need consent before medical files are transferred?
As part of a due diligence process, it is understood that certain personal data may be transferred. Ideally the possibility of this should be envisaged in the company data protection policy. In so far as possible aggregate data should be provided. Sensitive personal data should never be transferred in advance of a formal legal take-over. Once the take-over is completed the new legal entity will take on the obligations of the data controller and will be responsible for all data.
3.12 I have supplied my CV and other personal information in response to a job advertisement which I now suspect was a bogus advertisement, is there anything I can do to minimise the risk of fraudulent activity?
If you have provided details of your bank account in your reply to the advertisement, you should contact your bank to tell them what has happened. This will allow your bank to apply special checks to your account in case the people behind the bogus ad tried to get access to it.
You should also consider applying to the Irish Credit Bureau to have a protective registration recorded on your ICB Credit Report. This will alert banks and financial institutions if an attempt is made to open a bank or credit card account in your name. You should write to the Irish Credit Bureau, ICB House, Clonskeagh road, Dublin 14 requesting that a protective registration be appended to your credit report. You should include your full name, address, date of birth, telephone number and a copy of a utility bill (to help verify your identity). This protective registration will be held on record for a period of 12 months, after which it will automatically be purged.
3.13 Requests for Presentations and Training
The Office of the Data Protection Commissioner aims to assist organisations in so far as possible in understanding and meeting their responsibilities under the Data Protection Acts. Equally we seek to better educate the public in relation to their rights under the Acts.
In this respect, the Office receives a large number of requests to give presentations/training but, given our limited resources we can only respond positively to a limited number of them. We typically try to respond positively to requests where the “spread” of the audience is such that there is likely to be a significant multiplier effect from the presentation to a large number of organisations or people.
To assist all organisations seeking assistance in relation to data protection rights and responsibilities, we have developed a range of resources that we hope are helpful.
One key resource is our DVD “My Data – Your Business?” which illustrates how data protection principles apply in a normal business environment (public or private). It is accompanied by a “Facilitators Guide” which encourages group-discussion on how the data protection principles apply in practice in a particular setting. The DVD can be viewed and downloaded on our website (www.dataprotection.ie, under “Publications and Forms”) and copies can be obtained for free from our Office.
We also have on our website some generic PowerPoint presentations which can be downloaded and adapted for use within a specific organisation (these are at www.dataprotection.ie under “Presentations”).
Finally, we have some printed booklets “Guide for Data Controllers” which spell out the data protection obligations on organisations and “Guide to Your Rights” which outlines the rights which individuals have under the Acts. These are also available from our website, www.dataprotection.ie, under “Your Responsibilities” and “Your Rights” respectively. Hard copies are also available free of charge from our Office.
If there are particular questions that arise and that are not answered having reviewed the material available, we would be more than happy to try to answer them to the best of our ability by e-mail or phone.
Case Study 6:
Data Controller breaches data protection law in regard to use of covert CCTV footage
I received a complaint in October 2006 from a data subject regarding the unfair obtaining by her employer of her personal information and its subsequent use as evidence to terminate her employment. The data subject had been employed in a supervisory capacity at the Gresham Hotel in Dublin for a number of years. In January 2005 she was called to a meeting by hotel management, at which she was informed that covert cameras had been installed some time previously in the hotel for the purposes of an investigation. The investigation was initiated on foot of a complaint received by the hotel regarding cash handling at the bar. The data subject was not the subject of the investigation, she was not made aware of the investigation nor was she informed of the covert CCTV recordings. At the meeting, the data subject was confronted with a series of questions and was asked to explain some of her actions which had been recorded by the covert cameras. Later in 2005, she was dismissed from her employment with the hotel. Evidence taken from the covert CCTV recordings was used in the decision to terminate the data subject’s employment. No criminal prosecutions took place following the hotel’s investigation nor was the data subject interviewed by An Garda Síochána.
As part of the detailed investigation into this complaint, my Office initially sought the observations of The Gresham Hotel regarding this issue, drawing particular attention to the fair obtaining principle of the Data Protection Acts 1988 & 2003. The use of recording mechanisms to obtain data without an individual’s knowledge is generally unlawful. Such covert surveillance is normally only permitted on a case by case basis where the data is gathered for the purposes of preventing, detecting or investigating offences, or apprehending or prosecuting offenders. This provision automatically implies an actual involvement of An Garda Síochána or an intention to involve An Garda Síochána.
In response to our initial queries, the hotel stated that the cameras were installed for a legitimate and specified purpose -the investigation of a complaint regarding cash handling in this area. It stated that it was of the opinion that the processing of this information was necessary for the protection of a legitimate legal interest, the protection of property of the hotel in response to a specific concern it had. The hotel also emphasised in its early correspondence with my Office that at no point were the cameras hidden or covert and it presumed that all employees would have seen them.
During our investigation, the data subject supplied photographs of electrical type data boxes/sockets that were located in the bar area of the hotel as it was her understanding that the covert cameras were hidden within these boxes. My Office forwarded copies of these photographs to the hotel requesting clarification on the matter. In response it indicated that these electrical type data boxes were telephone connections, microphone connections and internet connections and were never used as a means to record images for CCTV footage.
As part of our investigation, my Office visited the Gresham Hotel for the purpose of viewing the CCTV footage in question and to inspect the area in which the CCTV footage had been recorded. During this inspection, as well as viewing the footage, we were shown two electrical type boxes located just below ceiling level in the bar area and these boxes were identified as having been the location for the covert cameras. The location of the boxes also matched the views of the bar area which could be seen in the CCTV footage. The boxes were marked “1” and “2” and they appeared to be the same as the electrical boxes which appeared in the photographs which were previously supplied by the data subject. This clearly conflicted with the earlier information which the hotel had supplied to my Office as part of its investigation. Following this inspection, my Office was satisfied, on the basis of all of the information which had been compiled during our investigation, that the data protection rights of the data subject had been breached. Covert CCTV cameras had been installed to investigate specific incidents. The data subject was not the subject matter of this investigation. The personal data of the persons captured on the footage was obtained for one purpose – the investigation of specific incidents in the hotel. In the case of this data subject, her personal data was further processed in a manner incompatible with the original purpose. Furthermore, the data subject’s personal data was not processed in accordance with the requirements of ‘fair processing’ as she had not been informed by the data controller, at the time when the data controller first processed her data, of the purpose for which it intended to process her personal data.
As the Acts require me to try to arrange, within a reasonable time, for the amicable resolution by the parties concerned of the matter which is the subject of a complaint, my Office asked both parties to consider this approach. Within a few weeks, a settlement was agreed between the parties. I was pleased that my Office was able to close its investigation file on the basis that an amicable resolution had been reached.
Case Study 7:
Aer Lingus – Disclosure of employee information
Early in 2007, my Office received a significant number of complaints from employees of Aer Lingus regarding an alleged disclosure of their personal information by Aer Lingus to a third party without their consent. According to the complainants, the Human Resources Division of Aer Lingus had passed on the names, staff numbers and place of employment of its staff to HSA Ireland without the knowledge or consent of the employees concerned. Staff of Aer Lingus had become aware of this matter when they received personally addressed promotional literature from HSA Ireland, a healthcare organisation offering a range of health care plans. In this promotional literature, a copy of which was received in my Office, HSA Ireland informed the Aer Lingus employees that Aer Lingus had agreed to allow it to directly distribute the information to them.
Section 2 of the Data Protection Acts, 1988 and 2003 sets out the position in relation to the collection, processing, keeping, use and disclosure of personal data. It provides that data should be obtained and processed fairly, kept for only one or more specified purposes and it should be used and disclosed only in ways compatible with that purpose or those purposes. It also provides that personal data should not be processed by a data controller unless at least one of a number of conditions is met – one of those conditions being the consent of the data subject to the processing.
In response to initial contact from my Office regarding the alleged disclosure of personal information, Aer Lingus confirmed that it had passed on the personal data of its staff to HSA Ireland and it set out the background to how it had occurred. It explained that the company had previously operated and administered a Staff Welfare Fund to assist employees in certain circumstances in relation to personal and family medical expenses. As this fund had closed, Aer Lingus committed to putting another scheme in place and it negotiated with HSA Ireland to offer a replacement scheme to employees. In order to increase staff awareness of this new scheme, it was decided that it would be in the best interests of staff to write to them directly at their place of employment. Employee names and staff numbers were provided to HSA Ireland by means of a mail merge file. Aer Lingus was of the opinion that this disclosure was legitimate in accordance with what it regarded as a bona fide employment purpose. It also confirmed that consent had not been sought or obtained from its employees prior to the forwarding of the employee details to HSA Ireland.
My Office reminded Aer Lingus of its obligations under Section 2 of the Data Protection Acts with regard to the processing of personal data and it pointed out that the personal data of its staff should not have been disclosed to a third party without the consent of the employees concerned. In the circumstances, my Office sought and obtained confirmation from Aer Lingus that it had now destroyed the mail merge file containing the names and staff numbers which it had forwarded to HSA Ireland. Confirmation was also received from HSA Ireland that it had not retained records of Aer Lingus employee names, addresses, payroll or payslip numbers on any database.
My Office was satisfied by the steps taken by Aer Lingus and HSA Ireland in terms of corrective action. By way of clarification, we pointed out that the key issue from a data protection perspective was that Aer Lingus had facilitated contact from a third party to its employees concerning the availability of a staff welfare scheme while the same information could have been promulgated to those employees without raising any data protection concerns had Aer Lingus sent it directly to its employees instead.
I fully recognise that employers may, from time to time, wish to communicate details of various schemes to their employees. This can easily be achieved without infringing on the data protection rights of employees if the employer supplies the information directly to its employees or by some other means in conformity with the Data Protection Acts. My Office had only in the weeks before these complaints were received conducted an audit of Aer Lingus which had generally found a high level of compliance with data protection requirements. The occasion of the audit could have been used to seek advice from my Office on this issue.
My Office is always available to give advice to data controllers and the public alike in relation to data protection responsibilities and rights.
Case Study 12:
Biometrics in the workplace – need for staff consent
I received a number of complaints from staff employed at a logistics company in relation to the proposed introduction of a biometric system at that company for the purpose of time and attendance. These staff considered that their data protection rights would be infringed by being required to provide their employer with a fingerprint. The use of a biometric system impacts on several data protection principles including proportionality, fair obtaining, accuracy and security of personal data.
My Office commenced its investigation by contacting the company and referring it to the extensive guidelines on our website in relation to biometrics in the workplace. During our investigation, a meeting was held with a representative of the company to discuss the matter. In a privacy impact assessment, the company outlined its reasons for the introduction of the biometric system as health and safety, security, administration and cost effectiveness. It also provided details of the type of biometric system it intended to use – a touch verification system. The system requires a fingertip to be inserted into a reader which converts the fingertip into an encrypted algorithm and then the employee enters their unique pin number onto a pad. The system then stores a numeric sequence on a central database. It was claimed that the numeric sequence cannot be reversed or used for any other purpose except for verification and it is also encrypted.
The company also stated that it had looked into other forms of recording time and attendance and found that the biometric system would be the most efficient and cost effective. It also said that other systems could possibly be open to abuse. It stated that it had, in the past, experienced problems regarding abuse in relation to recording attendance. It also assured my Office that all employees, except for the staff who complained to my Office, had consented to the use of the touch verification system. The company said that it had held information sessions in each of its company branches and that written documentation and training had been given to all employees. Any employees who had objections to the system or wanted more information were also invited to address these with management. It also confirmed that the staff who complained to my Office had not been required to start using the system.
The approach of my Office is to try to understand the circumstances that lead a particular data controller to introduce a biometric system using the personal data of its employees, bearing in mind that the scan of a fingerprint is personal data even if converted into an algorithm. My Office reviewed the privacy impact assessment submitted in this case and the company’s responses to our queries. Taking into account the company’s cooperation in the matter, it was agreed that the staff concerned should use a pin code system rather than the biometric system for recording time and attendance. This would not give rise to any issues under the Data Protection Acts. Furthermore, these staff would not be required to use the biometric system in the future, without the company first taking the matter up with my Office. On that basis, I was happy to conclude the matter given that the issues raised by the individuals who made the complaints to my Office had been addressed. I was satisfied that the company had not breached the data protection rights of those staff as it had not required them to use the biometric system against their wishes.
CASE STUDY 14/96
Use of closed circuit television (CCTV) – privacy implications
In recent times, several parties have sought advice on the privacy implications of the introduction of CCTV systems and have asked if such systems are regulated by the Data Protection Act. My advice has been that developments in both technology and the law suggest that such systems will shortly be governed by data protection legislation if this is not already the case. Accordingly it would be prudent for those responsible for the introduction of CCTV systems to consider and apply the principles underlying the Data Protection Act from the outset.
Video images captured and kept by CCTV systems may well come within the definition of “personal data” set out in section 1 of the Act as follows:
data relating to a living individual who can be identified either from the data or from the data in conjunction with other information in the possession of the data controller.
This definition depends in turn on the definitions of “data” and “processing”:
“data” means information in a form in which it can be processed;
“processing” means performing automatically logical or arithmetical operations on data and includes-
extracting any information constituting the data . . . .
However it is clear that while CCTV technology has many uses in the prevention and detection of crime, its misuse could lead to widespread infringement of the privacy rights of the individual. The application of the ordinary data protection rules should avoid such problems. Firstly and most importantly, every user should specify the precise purpose for which the system is used (section 2 (1) (c) (i) refers). Secondly, the user should ensure that he is obtaining personal data fairly (section 2 (1) (a)). People should be made aware that a CCTV system is in operation, the purposes for which it is used and who is responsible for it. Thirdly, there should be clear guidelines to ensure that the information collected is adequate, relevant and not excessive in relation to the specified purpose (section 2 (1) (c) (iii)). For example, a system which scanned private gardens – where the specified purpose was to monitor a particular street in the interests of public safety – would contravene this requirement.
I am aware that CCTV technologies are a growing source of concern to many people interested in preserving their privacy rights. My counterparts in other administrations are also considering these issues with a view to seeing how existing data protection principles can be applied so as to achieve the benefits that CCTV systems offer without compromising the privacy rights of those whose images are captured. To those responsible for the use of CCTV systems in public places I recommend consideration of a UK publication – Watching Brief: A Code of Practice for CCTV.
Case Studies 2009
Case study 14:
Employer breaches Acts by covert surveillance using a private investigator
In October 2008, I received a complaint from an individual concerning the processing, without his knowledge or consent, of both his and his children’s personal data by his employer. The complaint involved the obtaining and processing of his personal data and that of his children by way of a private investigator producing footage of his movements and his children’s movements on a DVD for the company without his knowledge or consent.
My Office commenced an investigation into the matter by writing to the company. We informed it of its obligations under the Data Protection Acts and we asked for its comments on the complaint. The company informed my Office of the circumstances which led to it hiring a private investigator to check on the employee’s activities. According to it, the complainant was employed as a sales representative and, as such, spent virtually all of his time away from the company’s premises. It stated it became concerned that the employee was not carrying out his duties as required by his contract of employment and it decided it was necessary to check on his activities in his sales territory. A private investigator was engaged to check on the employee’s activities in order to establish whether or not he was performing his duties. The private investigator recorded the movements of the employee for a period of approximately one week and produced a DVD of those movements which he provided to the company. Some of the recordings produced on the DVD also contained images of the employee’s children.
My Office remained concerned about the justification for the processing of the employee’s personal data by way of the private investigator recording his movements. We asked that the company review any documentation it had which it believed may suggest that the processing of the employee’s personal data in this way was justified. We subsequently received a range of documents in that regard. My Office also asked if it had taken any steps to address the concerns it had about the employee’s activities prior to the hiring of the private investigator – to which it replied that it believed there were no other steps it could have taken. It also informed my Office that it felt it needed to make observations of the employee’s company car over a period of at least a week before it could be satisfied that the employee had a case to answer. The company stated that it did not have the resources internally to check this over such a period of time and for that reason the private investigator was asked to check and report. Having considered the case put forward by the company and the documentation submitted, my Office informed it that we considered that the processing of the employee’s personal data by way of a private investigator recording the employee’s movements was not justified as it had not taken appropriate steps to highlight its concerns to the employee prior to making the decision to hire a private investigator to record his movements. My Office also requested that the DVD in question be destroyed and we subsequently received confirmation of its destruction from the company.
The complainant subsequently requested a decision under Section 10 of the Acts. My decision found that the company had contravened Section 2(1)(a) of the Acts by the processing of the employee’s personal data and that of his children, in the recording of images by a private investigator acting on its behalf, without his knowledge or consent.
Covert surveillance of individuals is very difficult to reconcile with the Data Protection Acts. As a minimum and this may not even make such surveillance legal, there must be strong and evidence based justification for such surveillance in the first instance.
Back to Top
Case study 11:
Lawful use of CCTV cameras by an employer
We received a complaint in September 2010 from solicitors acting on behalf of a data subject. The complaint stated that CCTV cameras were installed in the data subject’s workplace without her knowledge and that the purpose of the cameras was to identify disciplinary issues relating to staff. The complaint also stated that CCTV evidence was obtained and used to dismiss the data subject for gross misconduct.
Recognisable images captured by CCTV systems are personal data. Therefore they are subject to the provisions of the Data Protection Acts. To satisfy the fair obtaining principle of the Data Protection Acts with regard to the use of CCTV cameras, those people whose images are captured on camera must be informed about the identity of the data controller and the purpose(s) of processing the data. This can be achieved by placing easily-read signs in prominent positions. A data controller must be able to justify obtaining and using personal data by means of a CCTV system.
With regard to the installation of covert CCTV cameras, our position is that the use of recording mechanisms to obtain data without an individual’s knowledge is generally unlawful. Covert CCTV surveillance is normally only permitted on a case-by-case basis where the information is kept for the purposes of preventing, detecting or investigating offences, or apprehending or prosecuting offenders. This provision automatically implies an actual involvement of An Garda Síochána or an intention to involve An Garda Síochána. Covert surveillance must be focused and of short duration and only specific (and relevant) individuals/locations should be recorded. If no evidence is obtained within a reasonable period, the surveillance should cease.
If the surveillance is intended to prevent crime, overt cameras may be a more appropriate measure, and less invasive of individual privacy.
In this case we requested the data subject’s solicitors to provide us with a copy of all correspondence that was exchanged in relation to the matter. On examining this correspondence, we noted that the data subject’s employer considered it necessary to install the covert CCTV cameras because some members of staff informed the employer that money had gone missing from their purses. We also noted the involvement of An Garda Síochána in the decision to install the covert cameras. We subsequently informed the data subject’s solicitors that we did not consider that a basis arose in the Data Protection Acts to progress an investigation.
This case demonstrates the use of covert CCTV by a data controller in compliance with the Data Protection Acts. For personal data captured on covert CCTV to be fairly obtained and fairly processed under the Data Protection Acts, the installation of covert CCTV must involve An Garda Síochána or a clear intention to involve An Garda Síochána, as was the case in this instance.
Case Study 9:
Unlawful use of CCTV to remotely monitor an employee
.
In October 2010, I received a complaint from an individual who stated that he considered that his personal privacy was being affected in his workplace through the inappropriate use of a CCTV system which his employer had installed. The complainant was employed by Westwood Swimming Ltd in Leopardstown as an administrator. In support of his complaint the individual cited two separate occasions, three months apart, when he received phone calls from his employer who was not on the premises at the time. In both of these phone calls the employer allegedly described to him what he had been doing at a particular time, i.e. that he was conversing with and working on a computer used by an individual from the office next door (who had a different employer). The complainant stated that subsequent to these incidents he had received two separate written warnings. He also stated that the CCTV system was installed without prior staff notification as to the reason for its installation or its purpose.
My Office contacted Westwood Swimming Ltd and we informed it of its obligations under the Acts in respect of CCTV usage. We advised that any monitoring must be a proportionate response by an employer to the risk he or she faces taking into account the legitimate privacy and other interests of workers. We further advised that in terms of meeting transparency requirements, staff must be informed of the existence of the CCTV surveillance and also of the purposes for which personal data are to be processed by CCTV systems. We provided it with copies of our guidance material on the use of CCTV and staff monitoring. It was asked to outline how the processing of personal data as complained of complied with the Acts and to give details of any signage that was in place on the premises informing individuals that there was CCTV in operation and its purpose.
Westwood Swimming Ltd in response stated that the CCTV system was installed with the priority focus being security of the office due to the amount of cash and credit card slips with customer information on hand. It informed us that a secondary purpose for the CCTV was the fact that it had received numerous complaints from its customers stating that the office was not open or that the office was open and
unattended which gave it further concern for the security of cash/credit cards. It confirmed that its staff had not been informed in writing of the installation and purpose of the CCTV. However, it indicated that staff were well aware of the reasons behind the new system as the cameras were overt and the recorder and screen showing views and recordings were in the office in full view of both staff and clients. It stated that the system was installed during working hours in full view of the staff and no query, question or complaint was received from either the staff or clients. It also referred to having signage in place informing people of CCTV being in operation. In this regard, it provided us with a copy of a notice posted at its main entrance listing the various services available at the centre. While it was noted on the bottom of the signage that CCTV cameras were in operation it gave no indication as to its purpose.
Westwood Swimming Ltd acknowledged that the CCTV footage had been reviewed by it in respect of the incidents cited by the complainant.
After consideration of the response received from Westwood Swimming Ltd, my Office informed it that we were satisfied that it had used a CCTV system to monitor an employee and that such monitoring was in breach of the Data Protection Acts. We asked that it immediately confirm to us that it would cease the practice of monitoring employees by remotely accessing the system from a live feed or by any other means. In response, it provided us with a commitment that its employees would not be monitored remotely or by other means using CCTV. It confirmed that the cameras in the office would be removed, any disciplinary actions taken against the employee concerned on foot of the use of CCTV would be discarded, and that it would ensure that the employee would not suffer as a result of any information seen on camera.
At the request of the complainant, I issued a formal decision on this matter in March 2011 which stated that the leisure centre contravened Section 2(1)(c)(ii) of the Data Protection Acts by the further processing of CCTV images which were stated to have been obtained for security purposes in a manner incompatible with that purpose. These contraventions occurred in the two instances when the CCTV was used to monitor the performance of the complainant in the course of his employment.
The improper use of CCTV to monitor employees is a matter of increasing concern to me. Even where employers have sought to legitimise the use of CCTV to monitor staff by referring to it in their company handbook, the position remains that transparency and proportionality are the key points to be considered by any data controller before using CCTV in this manner. We would only expect CCTV footage to be reviewed to examine the actions of individual staff members in exceptional circumstances of a serious nature where the employer could legitimately invoke the provisions of Section 2A (1) (d) of the Acts (“the processing is necessary for the purposes of the legitimate interests pursued by the data controller ?except where the processing is unwarranted in any particular case by reason of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject.”). This was clearly not the case in the circumstances which formed the basis of this complaint.
Case Study 9:
Data controller legitimately uses CCTV in disciplinary proceedings.
This Office received a complaint which stated that a supermarket instructed a third party to remove a CCTV hard-drive, containing CCTV footage of the complainant’s image, from the store where the complainant worked as store manager and that no member of the supermarket staff accompanied this third party contractor during the removal. The complainant alleged that the supermarket viewed three weeks of CCTV footage which contained the complainant’s image and used this CCTV footage to ground a disciplinary hearing against the complainant. The complaint stated that at no point was the complainant consulted in relation to the removal, viewing or processing of the CCTV footage.
We commenced an investigation of the matter by writing to the supermarket outlining the details of the complaint. In response, the supermarket informed us that it was contacted by an external third party alleging irregularities in the cash management process in its store. An investigation into these irregularities was initiated and CCTV footage was secured in that process in line with the company’s purpose for CCTV, namely to ”protect against inventory loss by criminal actions.” It said that the CCTV recorder was removed by an authorised contractor, who did not carry out any maintenance which requires supervision, but solely removed the unit and transferred it to its regional distribution centre where it was securely kept in a locked room and footage was only reviewed by employees tasked with the investigation into the allegation. It informed us that the contents of the CCTV footage was explained verbally to the complainant to allow him to explain the irregularities in the cash handling process. The supermarket told us that, as a retail business which is handling large sums of monies on a daily basis, it felt that its actions were guided by a legitimate interest to protect its vested rights and property.
We sought information from the supermarket regarding the ‘external third party’ who retrieved the CCTV footage from the store, and whether the CCTV footage in question demonstrated an “inventory loss by criminal actions.” It informed us that the third party who retrieved the CCTV footage was its contracted CCTV service provider. It said that, in this incident, the contractor did not carry out any processing, but merely took the CCTV recorder from the store to the regional distribution centre. It further stated that the CCTV footage showed actions that were questionable, but that no conclusions were drawn from the footage as to whether the actions were of a criminal nature or a performance and conduct issue. It was satisfied from the complainant’s explanations that the actions were not of a sinister nature, but instead constituted a total disregard for internal cash management procedures. It said that the complainant was subsequently disciplined for this matter.
We conveyed the explanation provided by the supermarket to the solicitor acting for the data subject. In response it was argued that the employer had already established that there was no cash missing by inspecting the safe and accordingly, there was no need to then review CCTV footage. It was further stated that the amount of CCTV footage viewed was excessive and disproportionate as the irregularities in relation to cash handling took place over a seven day period, but three weeks of CCTV footage was examined by the supermarket during the course of its investigation into the cash handling irregularities.
In response to this, the supermarket stated that the irregularities brought to its attention by the external third party were of such a complex and serious nature that it was not possible to fully investigate the matter by conducting a safe count alone. It further stated that it acted reasonably and proportionately and in compliance with data protection legislation when investigating the irregularities in the cash management process. We wrote to the supermarket seeking further specific information regarding the irregularities reported to it and how the investigation of same progressed. It informed us that it was notified by an external third party about irregularities in the cash management process. Two issues were identified, both of which involved substantial sums of money. The supermarket commenced its investigation of the matter as soon as the issues were identified. It stated that: “In order to preserve the CCTV footage for the investigation and to protect it from being overwritten, the DVR unit had to be removed by the contractors. CCTV footage from the 3rd January to 23rd January was viewed by the investigators, due to the fact that it was impossible to investigate the irregularities which took place on the 9th and the 16th of January in isolation, and given that the entire cash management for that period was relevant for the investigation.” It was further stated that the complainant was afforded the opportunity to view the entire footage in line with fair HR policies and proceedings.
The complainant sought a formal decision of the Data Protection Commissioner on his complaint. The key issue that arose for consideration under the Data Protection Acts was whether the supermarket acted in accordance with the requirements of the Acts when it processed CCTV footage which contained images of the complainant. The supermarket viewed CCTV footage for the period of 3 January 2012 to 23 January 2012. This footage was viewed as part of an investigation to determine whether any fraudulent or criminal activities had taken place following the reporting of irregularities to the supermarket by a third party and an alert being raised by its own internal processes. Section 2A(1)(d) of the Acts provide that a data controller shall not process personal data unless “the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject.” The Data Protection Commissioner considered that, when the supermarket viewed the CCTV footage for the period, it did so in the pursuit of its own legitimate interests. The Commissioner did not consider that the processing of personal data in this case was unwarranted by reason of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject. Following the investigation of the complaint against the supermarket regarding its processing of the complainant’s personal data in the form of CCTV footage, and having regard to the legitimate interests of the employer in this case, the Commissioner was unable to conclude that a contravention of the Data Protection Acts took place in this instance.
This Office is receiving an increasing number of complaints concerning the use of CCTV in a range of environments. Many are against employers and the alleged use by them of CCTV to monitor employees as they go about their workplace duties. The use of CCTV in employment situations must be proportionate and transparent and the default position is that CCTV should only be used for stated valid purposes such as security. CCTV footage should not be used as a tool for staff performance monitoring. Having examined the issues raised in this complaint, however, it was considered that the data controller in this instance presented this Office with a genuine security reason for processing the CCTV images of the complainant and accordingly, the processing could not be deemed to contravene the Data Protection Acts.
Case Study 15:
Client list taken by ex-employee to new employer
In January, 2013 we received a complaint from an individual in relation to receipt of unsolicited correspondence to her home address, from a company with whom she had no business relationship. The correspondence referred to the individual’s existing pension plan with another company and offered a review of the individual’s existing assets or advice concerning her future provision. The letter also indicated the sender’s intention to phone the recipient to discuss the matter further. The individual stated that she was annoyed and aggrieved that her personal and financial details were now in the hands of a company of which she had no knowledge.
The individual contacted the company with which she had set up her pension plan and they confirmed to her that the person who had sent her the unsolicited letter had left their employment in December 2011.
Section 2 of the Data Protection Acts, 1988 and 2003 (the Acts), provides that personal data shall be fairly obtained and processed and shall not be further processed without the prior consent of the individual concerned. We asked the new employer to confirm whether the employee had brought in data relating to clients that he obtained from his time working in his previous employment. We also asked the new employer to confirm what consent, in line with the Data Protection Acts, it had to process such data.
Our letter also informed the new employer that it should be aware that contacting an individual by phone, for the purposes of electronic direct marketing, without first receiving their consent, is an offence under Statutory Instrument No 336 of 2011.
The new employer confirmed that, having conducted its own internal investigation into the matter, that approximately fifty former contacts of the employee were written to. It stated that no follow up phone calls were made. The new employer confirmed that any such data that the employee possessed had been destroyed and that no further attempts would be made to contact those individuals.
The complaint was resolved on an amicable basis when the company provided this Office with a letter of apology dated 28 January, 2013 to forward, on its behalf, to the individual concerned.
However, in early April, 2013 this Office received a data security breach notification from the former employer informing us that another of their clients had informed them that she had received a letter from one of its former employees soliciting business. The nature of the letter, although addressed to a different client, was similar to the incident previously investigated by this Office in January 2013. The letter was dated 15 January, 2013 thus predating the confirmation of 28 January, from the new employer, that the client data had been destroyed.
Our investigations of such instances are twofold. We contact the company responsible for sending the unsolicited correspondence and we also deal with the company responsible for the data, to determine whether the security procedures it has in place to protect against the unauthorised access and disclosure of personal data are sufficient.
In this instance we requested the former employer to inform us of the policies it had in place regarding the security of client information in circumstances where an employee is moving to a new employment. We also requested to be provided with a copy of the data protection element of the contract of employment.
When providing this Office with a copy of the Confidentiality and Solicitation agreement signed by the former employee, the former employer also provided us with a copy of another letter sent to one of their clients by the former employee. The letter was dated 15 April, 2013 and was similar in nature to the letters sent to individuals in January 2013. However, on this occasion, the unsolicited correspondence made no reference to contacting the individual by telephone.
This information contradicted the confirmation we had received from the new employer in January 2013 that all data relating to the employee’s previous employment had been destroyed. On becoming aware of this development, this Office had no option but to have two of our Authorised Officers carry out a site inspection, as provided under Section 24 of the Acts, at the premises of the company. To assist with the site inspection, we requested the former employer to provide us with a copy of the client list of the former employee.
The purpose of the site visit by the Authorised Officers was twofold. Firstly to ascertain how it happened that a letter dated 15 April, 2013 issued to a client of the former employer, despite assurance from the new employer, in a letter dated 28 January, 2013 that all client data from their employee’s previous employment had been destroyed. Secondly to carry out a search of the company’s systems to satisfy ourselves that there was no further data in the company’s possession relating to the clients of the previous employer. Using the data provided by the original employer, the Inspection Team carried out a search on the computer systems for individuals’ names and addresses. The Inspection Team was satisfied that no further customer data remained.
We informed the new employer, on the morning of the site inspection, of our intention to visit his place of business that afternoon. We had not informed the new employer, prior to the site visit, of our knowledge of the letter dated 15 April, 2013. The new employer cooperated with the inspection.
Our investigation of the matter concluded on the basis of our receipt of written confirmation in May 2013 from the Managing Director of the new employer, stating that he fully accepted that breaches had occurred and outlining the actions his company was taking to prevent a recurrence. The Managing Director also confirmed that he personally oversaw the destruction of the data held by the employee.
This Office has noticed a significant increase in the number of data security breach notifications we are receiving in relation to this type of matter. We may first become aware of the matter via the receipt of a complaint from an individual relating to their receipt of unsolicited communications or from our receipt of a data security breach notification from the data controller. While there are obvious business related implications to such incidents, the focus of this Office’s investigation concerns the basic principles of data protection relating to security, fair obtaining and processing of personal data.
Case Study 12:
Unfair use of CCTV data
The subject matter of this complaint was the use by the data controller of CCTV footage in a disciplinary process involving one of its drivers. The data controller, Aircoach, advised that it was reviewing CCTV footage from one of its coaches as part of dealing with an unrelated customer-complaint issue when it happened to observe a driver using her mobile phone while driving a coach.
As is often the case with such complaints, the complainant objected to the use of the CCTV footage as evidence in a disciplinary process that was taken by Aircoach against her, the basis of the objection being that it was unfairly obtained.
Aircoach informed us that it had introduced CCTV across its fleet in order to further enhance safety and security for both staff and customers. It further advised that all staff are informed that CCTV is installed and of the reasons behind its use, but admitted that it was not until the middle of 2014 that significant efforts were made to fully inform both staff and customers as to the presence of CCTV on its coaches.Aircoach provided us with a copy of its new CCTV policy and it also provided us with photos showing the CCTV signage on the coach entrance doors, adding that the process of putting appropriate signage in place on its coaches commenced in January 2014 and was concluded by October 2014.
The law governing the processing of personal data, including CCTV images, is provided for under Section 2 of the Data Protection Acts 1988 and 2003. Processing includes, among other things, the obtaining and use of personal data by a data controller and it must be legitimate by reference to one of the conditions outlined under Section 2A(1) of the Acts. In addition, a data controller must also satisfy the fair-processing requirements set out under Section 2D(1) of the Acts, which requires that certain essential information is supplied to a data subject before any personal data is recorded.
The investigation in this case established that, at the time of the relevant incident on 19 February 2014, the roll-out of CCTV signage by Aircoach had commenced; however, the company failed to properly or fully inform staff that CCTV footage might be used in disciplinary proceedings. Any monitoring of employee behaviour through the use of CCTV cameras should take place in exceptional cases rather than as a norm and must be a proportionate response by an employer to the risk faced, taking into account the legitimate privacy and other interests of workers. In this case, when processing the complainant’s image, Aircoach was not aware of any particular risk presented and, by its own admission, was investigating an unrelated matter. While it subsequently transpired that the incident in question was indeed a very serious matter, involving alleged use by a driver of a mobile phone while driving, there was no indication at the time of the actual processing that this was the case and the processing therefore lacked justification. In addition, the fair-processing requirements set out in Section 2D were not fully met and fair notice of the processing for the specific purpose of disciplinary proceedings was not given to drivers whose images might be captured and used against them. In those circumstances, the processing could not be said to have been done in compliance with the Acts and the Commissioner found that Section 2(1)(a) had been contravened.
It is important to note that the processing of CCTV images in disciplinary proceedings against an employee is very much circumstance-dependent. Thus, while on this occasion the employer was found to have been in contravention of the Acts because the images were processed without justifiable cause or fair notice to the employee in question, in other circumstances the processing might be regarded as being proportionate and fair, especially if the processing is done in response to an urgent situation and the employer has the correct procedures in place. Employers should therefore be careful to ensure that a comprehensive CCTV policy is in place and followed if they wish to stay within their legal obligations.
ARTICLE 29 Data Protection Working Party
This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 14 of Directive 97/66/EC.
The secretariat is provided by Directorate E (Services, Intellectual and Industrial Property, Media and Data Protection) of the European Commission, Internal Market Directorate-General, B-1049 Brussels, Belgium, Office No C100-6/136.
Opinion 4/2004 on the Processing of Personal Data by means of Video Surveillance Adopted on 11th February 2004
THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA set up by Directive 95/46/EC of the European Parliament and of the Council of
24 October 1995
having regard to Articles 29 and 30 paragraphs 1 (a) and 3 of that Directive,
having regard to its Rules of Procedure and in particular to Articles 12 and 14
thereof,
HAS ADOPTED THE PRESENT OPINION:
1. FOREWORD
Public and private bodies have been having increased recourse to image acquisition
systems in Europe for the past few years. This circumstance has raised a lively debate
both at Community level and in the individual Member States in order to identify
prerequisites and limitations applying to the installation of equipment giving rise to
video surveillance as well as the necessary safeguards for data subjects.
The experience gathered in the latest years also following transposition at national
level of Directive 95/46/EC showed the huge proliferation of closed circuit systems,
cameras and other more sophisticated tools that are used in the most diverse sectors.
Furthermore, the development of the available technology, digitalisation and
miniaturisation considerably increase the opportunities provided by image and sound
recording devices also in connection with their deployment on intranets and the
Internet.
In addition to the processing operations in the employment context, which have
already been addressed by the Working Party in a detailed document (Opinion 8/2001
on the processing of personal data in the employment context), the growing
proliferation of video surveillance techniques can be easily appreciated by all citizens.
There is also a growing trend towards interconnection of video surveillance systems.
A non-exhaustive analysis of the main applications shows that video surveillance can
serve quite different purposes , which can be grouped, however, into a few main
areas:
1) protection of individuals,
2) protection of property,
3) public interest,
4) detection, prevention and control of offences,
5) making available of evidence,
6) other legitimate interests.
Different prerequisites also apply to the installation of video cameras and similar
devices.
In a few cases, using a video recording system may actually be compulsory on the
basis of specific Member States provisions – this has been the case, for instance, in a
few casinos -, or else it serves a purpose to which special importance is attached by
the data subjects’ relatives – e.g. in connection with the search for missing children
and adults. On the other hand, extravagant instances of such use can be quoted –
mainly concerning third countries –, in which facial recognition systems have been
deployed in order to prevent bigamy or where a local police authority has decided to
make publicly available images concerning the hard life led in prison by nonconsenting
convicts.
Therefore, whereas video surveillance appears to be somehow justified under certain
circumstances, there are also cases in which protection is sought impulsively by
means of video cameras without adequately considering the relevant prerequisites
and arrangements. This is sometimes due to the economic benefits granted on a large
scale by public bodies as well as to the offer of better insurance terms in connection
with the use of video surveillance equipment.
There is a psychological effect related to video surveillance as well, whereby it is
sometimes regarded by public opinion, wrongly or not, as an “invaluable tool” on
account of its having been useful in the detection of offences.
This is therefore a multifarious, continuously evolving sector, in which several
techniques are already available.
The present working document is meant to provide an initial analysis starting from
the existence of partially different regulations as well as from the presence of overdetailed
provisions in the individual national laws, which require a more systematic
and harmonised approach.
This working document concerns surveillance aimed at the distance monitoring of
events, situations and occurrences, whereas it does not directly consider other
instances in which certain events are publicised on an occasional and/or tendential
basis in connection with, for instance, transparency of the activity of local authorities
and/or parliamentary bodies.
Each operator will then be able to further specify the indications provided herein,
both in the relevant sector and as regards future technological developments that the
Working Party intends to investigate.
Additionally, the principles considered here apply to the acquisition of images,
possibly in association with sound and/or biometric data such as fingerprint data
The above principles may also be taken into account, where concretely applicable, in
connection with the processing of personal data that is not performed by video
equipment but rather via other types of surveillance i.e. distance control – as is the
case, for instance, with satellite-based GPS systems.
This working document is aimed, in the first place, at drawing attention to the wide
scope of criteria for the assessment of lawfulness and appropriateness of installing
individual video surveillance systems.
However, account has been also taken of the following aspects:
a) it is necessary for the relevant institutions in Member States to evaluate video
surveillance from a general viewpoint, also with a view to promoting a globally
selective as well as systematic approach to this matter. The over-proliferation of
image acquisition systems in public and private areas should not result in placing
unjustified restrictions on citizens’ rights and fundamental freedoms; otherwise,
citizens might be actually compelled to undergo disproportionate data collection
procedures which would make them massively identifiable in a number of public
and private places.
b) The trends applying to the evolution of video surveillance techniques could be
usefully assessed in order to prevent the development of software applications
based both on facial recognition and the study and forecasting of the imaged
human behaviour from leading inconsiderately to dynamic-preventive
surveillance – as opposed to the conventional static surveillance, which is aimed
mostly at documenting specific events and their authors. This new form of
surveillance is based on the automated acquisition of the facial traits of
individuals as well as their “abnormal” conduct in association with the
availability of automated alerts and prompts, which possibly entail discrimination
dangers.
2. INTERNATIONAL LEGAL INSTRUMENTS.
a) Convention of Human Rights and Fundamental Freedoms
The protection of privacy is ensured by Article 8 of the Convention of Human
Rights.
b) Council of Europe Convention No. 108/1981 for the protection of
individuals with regard to automatic processing of personal data.
The scope of this Convention is not limited like Directive 95/46/EC to first
pillar activities (see infra). Video surveillance activities entailing the
processing of personal data fall within the scope of application of this
Convention. The Consultative Committee set up by this Convention has stated
that voices and images are considered personal data if they provide
information on an individual by making him/her identifiable even if
indirectly.
The Council of Europe is currently finalising a set of guiding principles for
the protection of individuals with regard to the collection and processing of
data by means of video surveillance. These principles should further specify
the safeguards applying to data subjects contained in the provisions of
Council of Europe instruments.
c) Charter of Fundamental Rights of the European Union
The Charter of Fundamental Rights of the European Union provides in Article
7 for the protection of private and family life, home and communication and
in Article 8 for the protection of personal data.
3. SURVEILLANCE UNDER DIRECTIVE 95/46/EC.
The specific features of the processing of personal information included in sound
and image data have been expressly highlighted by Directive 95/46/EC (hereinafter
referred to as “the Directive”), which refers to them expressly in several points.
The Directive ensures the protection of privacy and private life as well as the larger
gamut of protection of personal data with regard to fundamental rights and freedoms
of natural persons (art. 1, par. 1).
A considerable portion of the information collected by means of video surveillance
concerns identified and/or identifiable persons, who have been filmed as they
moved in public and/or publicly accessible premises. Such an individual in transit
may well expect a lesser degree of privacy, but not expect to be deprived in full of
his rights and freedoms as also related to his own private sphere and image.
Consideration is also to be given here to the right to free movement of individuals
who are lawfully within a State’s territory, which is safeguarded by Article 2 of
Additional Protocol No. 4 to the European Convention for the Protection of Human
Rights and Fundamental Freedoms.
This freedom of movement may only be subject to such restrictions as are necessary
in a democratic society and proportionate to the achievement of specific purposes.
Data subjects have the right to exercise their freedom of movement without
undergoing excessive psychological conditioning as regards their movement and
conduct as well as without being the subject of detailed monitoring such as to allow
tracking their movement and/or triggering “alarms” based on software that
automatically “interprets” an individual’s supposedly suspicious conduct without
any human intervention – on account of the disproportionate application of video
surveillance by several entities in a number of public and/or publicly accessible
premises.
Specificity and sensitivity of the processing of sound and image data concerning
natural persons are highlighted in the initial recitals of the Directive. In addition to
the considerations that will be made below as to the scope of application, these
recitals and the relevant articles in the Directive clarify that
a) the Directive applies, in principle, to this matter by also having
regard to the importance of the developments of the techniques used
to capture, manipulate and otherwise use the specific category of
personal data collected in this way (see recital no. 14),
b) the principles of protection of the Directive apply to any information
– including sound and image information – concerning an identified
or identifiable person, by taking account of all the means likely
reasonably to be used either by the controller or by any other person
to identify the said person (see Article 2, subheading a), and recital
no. 26).
In addition to the above specific references, the Directive obviously produces all its
effects within the framework of its individual provisions relating, in particular, to
1) Data quality. Images must be processed fairly and lawfully as
well as for specified, explicit and legitimate purposes. Images
must be used in accordance with the principle that data must be
adequate, relevant and not excessive, and not further processed
in a way that is incompatible with those purposes; they must be
kept for a limited period, etc. (see Article 6),
2) Criteria for making data processing legitimate. Based on these
criteria, it is necessary for the processing of personal data by
means of video surveillance to be grounded on at least one of
the prerequisites referred to in Article 7 – unambiguous
consent, necessity for contractual obligations, for compliance
with a legal obligation, for the protection of the data subject’s
vital interests, for the performance of a task carried out in the
public interest or in the exercise of official authority, balancing
of interests,
3) The processing of special categories of data, which is subject to
the safeguards applying to the use of either sensitive data or
data concerning offences within the framework of video
surveillance (as per Article 8),
4) Information to be given to data subjects (see Articles 10 and
11),
5) Data subjects’ rights, in particular the right of access and the
right to object to the processing on compelling legitimate
grounds (see Articles 12 and 14 a ),
6) The safeguards applying in connection with automated
individual decisions (as per Article 15),
7) Security of processing operations (Article 17),
8) Notification of processing operations (as per Articles 18 and
19),
9) Prior checking of processing operations likely to present
specific risks to the rights and freedoms of data subjects (under
Article 20), and
10) Transfer of data to third countries (as per Article 25 and ff.).
Specificity and sensitivity of the processing of sound and image data are finally
acknowledged in the last article of the Directive, in which the Commission
undertakes to examine, in particular, the application of the Directive to this subject
matter and to submit any appropriate proposals which prove to be necessary, taking
account of developments in information technology and in the light of the state of
progress in the information society (see Article 33).
4. NATIONAL PROVISIONS APPLYING TO VIDEO SURVEILLANCE
In several Member States case studies have already been carried out concerning video
surveillance based either on constitutional provisions5
or specific legislation or on orders
and other decisions issued by the competent national authorities6
.
In a few countries there are also specific provisions applying irrespective of the
circumstance that video surveillance may entail the processing of personal data. Under
these regulations, installation and deployment of CCTV and similar surveillance
equipment are to be authorised in advance by an administrative authority – which may be
represented, in whole or in part, by the national data protection authority. Such
regulations may differ in connection with the public or private nature of the entity
responsible for operating the relevant equipment.
5. AREAS WHERE DIRECTIVE 95/46/EC IS WHOLLY OR PARTLY INAPPLICABLE
The Directive does not apply to the processing of sound and image data for purposes
concerning public security, defence, State security and the activities of the State in
areas of criminal law and/or in the course of any other activity which falls outside the
scope of Community law9
. Nevertheless, many Member States, in transposing
Directive 95/46/EC, covered such issues in a general way, by providing, however, for
specific exemptions.
A) In a few countries, the processing operations performed for the above
purposes are also subject in any case to safeguards in compliance with
Convention no. 108/1981 and the relevant Council of Europe
recommendations as well as with certain national provisions (see Article
3(2) and recital no. 16 of Directive 95/46/EC). In the light of its peculiar
features and the existence of specific provisions also related to the
investigational activities carried out by police and judicial authorities as
well as for State security purposes10 – which may include video
surveillance that is “hidden”, i.e. carried out without providing information
on the premises -, this category of processing operations will not be
addressed in detail in this document.
However, the Working Party would like to stress that, similar to several
other processing operations of personal data that likewise fall outside the
scope of the Directive, video surveillance performed on grounds of actual
public security requirements, or else for the detection, prevention and
control of criminal offences should respect the requirements laid down by
Article 8 of the Convention of Human Rights and Fundamental Freedoms
and both be provided for by specific provisions that are known to the
public and be related and proportionate to the prevention of concrete risks
and specific offences – e.g., in premises that are exposed to such risks, or
in connection with public events that are likely reasonably to result in such
offences11. The effects produced by video surveillance systems should be
taken into account – e.g. the fact that unlawful activities may move to other
areas or sectors -, and the data controller should always be specified clearly
in order for data subjects to exercise their rights.
The latter requirement is also related to the circumstance that video
surveillance is increasingly implemented jointly by police and other public authorities (e.g., local authorities) and/or private bodies (banks, sports
associations, transportation companies) – which carries the risk of blurring
the individual roles and responsibilities as regards the tasks to be
discharged 12.
B) Secondly, the Directive does not apply to processing operations performed
by a natural person in the course of a purely personal or household activity
(see Article 3(2) and recital no. 12).
Whilst the above circumstances may pertain if, for instance, video
surveillance is implemented for the distance control of what happens inside
one’s home – e.g., to prevent thefts, or in connection with management of
the so-called e-family -, this is not the case if the video surveillance
equipment is installed either outside or close to private premises with a
view to protecting property and/or ensuring security.
In the latter cases, it may be, in the first place, that the system is not
deployed by individual owners as regards the doors giving access to their
own premises, but rather by several owners on the basis of an agreement or
else by a consortium or condominium in order to monitor several entrances
and areas in a tenement – which makes the Directive applicable to the
relevant activities.
Whenever the system is managed for the benefit of an individual family
and to monitor a single door, landing, parking, etc., the fact that the
Directive does not apply on account of the exclusively personal utilisation
as well as of the unavailability of the data to third parties does not exempt
the system controller from respecting legitimate rights and interests of his
neighbours and other persons in transit. In EU Member States, these rights
and interests are actually protected irrespective of data protection
principles by the general (civil law) provisions safeguarding personal
rights, image, family life and the private sphere – one need only think, for
instance, of the visual angle of a camera installed outside the door of a flat,
which may allow systematically recording the clients of a medical clinic
and/or law firm located on the same floor and thereby cause undue
interference with professional secrecy.
Special attention will have to paid to the orientation of video equipment,
the need for posting notices and information and the timely deletion of the
images – to be performed within a few hours – if no housebreaking or
offences are found to occur.
C) Finally, Article 9 of the Directive foresees that Member States shall
provide for exemptions or derogation from some of its provision where the
processing is carried out solely for purposes of journalism or literary or
artistic expression, in particular in the audio-visual field (see recital no.
17). Only the exceptions necessary to reconcile the right to privacy with
the rules governing freedom of expression must be provided13. In this
connection, special care will be required in particular when installing web
cams and/or cameras on line, in order to prevent flaws and gaps in the
protection of individuals under video surveillance for purposes that may be
found to consist in advertising and/or tourist promotion activities 14.
6. VIDEO SURVEILLANCE AND PROCESSING OF PERSONAL DATA
In the light of the diverse situations mentioned, the Working Party is of the opinion
that attention should be drawn to the fact that Directive 95/46/EC applies to the
processing of personal data, including image and sound data by means of CCTV and
other video surveillance systems, wholly or partly by automatic means, and to the
processing otherwise than by automatic means of personal data which form part of a
filing system or are intended to form part of a filing system.
Image and sound data that relate to identified or identifiable natural persons is
personal data:
a) even if the images are used within the framework of a closed circuit
system, even if they are not associated with a person’s particulars,
b) even if they do not concern individuals whose faces have been
filmed, though they contain other information such as, for instance,
car plate numbers or PIN numbers as acquired in connection with
the surveillance of automatic cash dispensers,
c) irrespective of the media used for the processing – e.g., fixed and/or
mobile video systems such as portable video receivers, colour
and/or BW images -, the technique used – cabled or fibre optic
devices -, the type of equipment – stationary, rotating, mobile -, the
features applying to image acquisition – i.e. continuous as opposed
to discontinuous, which may be the case if image acquisition only
occurs in case a speed limit is not respected and has nothing to do
with video shootings performed in a wholly casual, piecemeal
fashion – and the communication tools used, e.g. the connection
with a “centre” and/or the circulation of images to remote
terminals, etc. .
Identificability within the meaning of the Directive may also result from
matching the data with information held by third parties, or else from the
application, in the individual case, of specific techniques and/or devices.
Hence, one of the first precautions to be taken by the data controller is to check
whether the video surveillance entails the processing of personal data as it relates
to identifiable persons. If so, the Directive applies regardless of national
provisions requiring, in addition, authorisation for public security purposes.
This may be the case, for instance, with equipment located either at the entrance
of or inside a bank, where said equipment allows identification of customers;
conversely, in certain circumstances the applicability of the Directive may be
ruled out for air survey images that cannot be usefully magnified or else do not
include information related to natural persons – as may be collected to identify
water sources or waste disposal areas – as well as for equipment providing
sweeping images of motorway traffic.
7. OBLIGATIONS AND APPROPRIATE PRECAUTIONS APPLYING TO THE DATA CONTROLLER
A) Lawfulness of the Processing
Also in the light of the requirement that processing must be lawful (as per Article 6
(a) of the Directive), the data controller must verify in advance whether the
surveillance is compliant with the general and specific provisions applying to this
sector – such as laws, regulations, codes of conduct having legal relevance. These
provisions may also be laid down in connection with public security purposes as
well as with purposes other than those related to personal data protection – e.g. the
need to obtain ad-hoc authorisations by specific administrative bodies and comply
with their instructions.
All suitable measures must be taken in order to ensure that video surveillance is in
line with data protection principles, and inappropriate references to privacy should be
avoided 15.
In this regard, account should also be taken of best practices as may be set forth in
recommendations issued by supervisory authorities as well as in other self-regulatory
instruments.
It is also necessary to check the remaining domestic law provisions – including
constitutional principles, civil and criminal law provisions – as regards, in particular,
those applying to the “droit à l’image”16 or the protection of one’s domicile; account
must be taken of the relevant case law, which may have ruled that premises other
than those related to one’s household – such as hotel rooms, offices, restrooms,
cloakrooms, in-house phone booths, etc. – are to be regarded as private premises.
Where the equipment has been installed either by private entities or by public bodies,
especially local authorities, allegedly for purposes of security or else for detecting,
preventing and controlling offences, special care will have to be taken, when
determining and informing on said purposes, as to the tasks that may be lawfully
discharged by the data controller – given that certain public functions may only be
exercised under the law by specific non-administrative bodies such as, in particular,
law enforcement agencies.
This issue has been raised specifically in respect of a few local authorities having no
direct competence over public order and public security matters, which nevertheless
carry out auxiliary activities for surveillance purposes. Likewise, surveillance that is
often accounted for on grounds of crime control is actually aimed at making available
evidence in case criminal offences are committed.
B) Specificity, Specification and Lawfulness of Purposes
The data controller should ensure that the purposes sought are neither unclear nor
ambiguous, also in order to be provided with a precise criterion when assessing
compatibility of the purposes aimed at by the processing (see Article 6 b) of the
Directive).
This clarification is also necessary with a view to listing the purposes both in the
information to be provided to data subjects and in the relevant notification, as well as
in connection with the prior checking to be possibly carried out with regard to the
processing in pursuance of Article 20 of the Directive.
It should be clearly ruled out that the images collected may be used for further
purposes with particular regard to the technical reproduction opportunities – e.g. by
expressly prohibiting copying.
The relevant purposes should be referred to in a document where other important
privacy policy features should be also summarised – in respect of such major issues
as documenting the time when images are deleted, possible requests for access by
data subjects and/or lawful consultation of the data.
C) Criteria Making the Processing Legitimate
The data controller should verify that the video surveillance complies not only with
the specific provisions referred to under A), but also with at least one of the criteria
making the processing legitimate under Article 7 of the Directive – as regards
specifically personal data protection.
Apart from the less frequent cases in which a legal obligation is to be fulfilled –
reference has been made to the activities in a casino – or where processing is
necessary to protect vital interests – e.g., for the distance monitoring of patients in
resuscitation units -, it often happens that a data controller is required to perform a
task in the public interest or in the exercise of official authority possibly by
complying with specific regulations – e.g. to detect road traffic offences or violent
conduct on public transportation means in high-crime areas – as per Article 7 e) of
the Directive; alternatively, the data controller may pursue a legitimate interest which
is not overridden by the data subject’s interests or fundamental rights and freedoms
(see Article 7 f) ).
In both cases, though especially in the latter one, the sensitive nature of the
processing operations requires careful consideration of the scope of the tasks, powers
and legitimate interests concerning the data controller. Superficiality and the
groundless extension of the scope of such tasks and powers should be absolutely
banned in carrying out this analysis.
As regards, in particular, the balancing of different interests, special attention will
have to be paid, also by hearing the parties concerned in advance, to the possibility
that an interest deserving protection may be in conflict either with installation of the
system or with certain data retention arrangements or other processing operations 17.
Finally, as regards obtaining the data subject’s consent, the latter will have to be
unambiguous and based on clear-cut information. Consent will have to be provided
separately and specifically in connection with surveillance activities concerning
premises where a person’s private life is led18.
Lawfulness of the processing should be also assessed by taking account of the
provisions in the Directive laying down specific safeguards for the data relating to
offences (see Article 8(5) of the Directive) 19.
Additional measures and arrangements might result from the preliminary assessment of
the processing in accordance with the prior checking mechanism, if video surveillance
carries specific risks for individuals’ rights and freedoms (see Article 20 of Directive
95/46/EC).
Processing operations by means of video surveillance should always be grounded on
express legal provisions if they are carried out by public bodies.
D) Proportionality of the Recourse to Video Surveillance
The principle that data must be adequate and proportionate to the purposes sought
means, in the first place, that CCTV and similar video surveillance equipment may
only be deployed on a subsidiary basis, that is to say:
for purposes that actually justify recourse to such systems.
The proportionality principle entails that these systems may be deployed if other
prevention, protection and/or security measures, of physical and/or logical nature,
requiring no image acquisition – e.g. the use of armoured doors to fight vandalism,
installation of automatic gates and clearance devices, joint alarm systems, better and
stronger lighting of streets at night etc. – prove clearly insufficient and/or inapplicable
with a view to the above legitimate purposes.
The same principle also applies to the selection of the appropriate technology, the
criteria for using the equipment in concrete, and the specification of data processing
arrangements as also related to access rules and retention period.
It should be avoided, for instance, that an administrative body may install VS
equipment in connection with minor offences – e.g. in order to reinforce the ban
on smoking in schools and other public places or else the prohibition to leave
cigarette stumps and litter about in public places.
In other words, it is necessary to apply, on a case by case basis, the principle of
adequacy in respect of the purposes sought, which entails a sort of data
minimisation duty on the controller’s part.
Whilst a proportionate video surveillance and alerting system may be considered
lawful if several episodes of violence occur in an area close to a stadium, or if
repeated assaults are committed on board buses in peripheral areas or near bus
stops, this is not the case with a system aimed either at preventing insults against
bus drivers and the dirtying of vehicles – as described to a data protection
authority -, identifying citizens liable for minor administrative offences such as
the fact of leaving waste disposal bags outside litter bins and/or in areas where no
litter is to be left about, or detecting the persons responsible for occasional thefts
at swimming halls.
Proportionality should be assessed on the basis of even stricter criteria as regards
non-publicly accessible premises.
The exchange of information and experiences among the competent authorities of
different Member States may be helpful in this regard;
The above considerations apply, in particular, to the increasingly frequent use of
video surveillance for the purpose of self-defence and protection of property –
above all near public buildings and offices including the surrounding areas. This
type of implementation requires assessing, from a more general viewpoint, the
indirect effects produced by the massive recourse to video surveillance – i.e.,
whether the installation of several devices is really an effective deterrent, or
whether the offenders and/or vandals may simply move to other areas and
activities.
E) Proportionality in Carrying Out Video Surveillance Activities
The principle under which data must be adequate, relevant and not excessive
entails careful assessment of the proportionality of the arrangements applying to
the data processing once the lawfulness of the latter has been validated.
The filming arrangements will have to be taken into account in the first place, by
having regard, in particular, to the following issues:
a) the visual angle as related to the purposes sought 21 – e.g., if the
surveillance is performed in a public place, the angle should be such as
not to allow visualising details and/or somatic traits that are irrelevant to
the purposes sought, or else the areas inside private places located nearby,
especially if zooming functions are implemented,
b) the type of equipment used for filming, i.e. whether fixed or mobile,
c) actual installation arrangements, i.e. location of cameras, use of fixedview
and/or movable cameras, etc.,
d) possibility of magnifying and/or zooming in images either at the time the
latter are filmed or thereafter, i.e. as regards stored images, and possibility
to blur and delete individual images,
e) image-freezing functions,
f) connection with a “centre” to send sound and/or visual alerts,
g) the steps taken as a result of video surveillance, i.e. shutting down of
entrances, calling up surveillance staff, etc. .
Secondly, it is necessary to consider the decision to be taken as to retention of
images and retention period – the latter having to be quite short and in line with
the specific features of the individual case.
Whilst in a few cases a system only enabling closed circuit visualisation of
images, which are not recorded, may be sufficient – e.g., in the case of the tills at
a supermarket –, in other cases – e.g. to protect private premises – it may be
justified to record the images for a few hours and automatically erase them, no
later than at the end of the day and at least at the end of the week. An exception to
this rule will obviously be the case in which an alert has been issued or else a
request has been made deserving specific attention; in such cases there are
reasonable grounds to await, for a short time, the decision to be possibly taken by
either police or judicial authorities.
To quote another instance, a system aimed at detecting unauthorised accesses of
vehicles to city centres and restricted traffic areas should only record images in
case a breach is committed.
The proportionality issue should also be taken into due account whenever less
short retention periods are deemed to be necessary which should not be in excess
of one week22 – e.g., as regards video surveillance images that may be used to
identify the persons frequenting the premises of a bank prior to performing a
robbery.
Thirdly, attention will have to be paid to the cases in which identification of a
person is facilitated by associating the images of the person’s face with other
information concerning imaged conduct and/or activities – e.g., in the case of the
association between images and activities performed by clients in a bank at an
easily identifiable time.
In this regard, account will have to be taken of the clear-cut difference existing
between temporary retention of video surveillance images obtained by means of
equipment located at the entrance of a bank and the definitely more intrusive
establishment of data banks including photographs and fingerprints provided by
bank clients with the latter’s consent.
Finally, consideration will have to be given to the decisions to be made in respect
of both the possible communication of the data to third parties – which in
principle should not involve entities that are unrelated to the video surveillance
activities – and their total or partial disclosure possibly abroad or even online –
also in the light of the provisions concerning adequate protection, see Article 25
and ff. of the Directive.
Obviously, the requirement that images should be relevant and not excessive also
applies to the matching of information held by different controllers of video
surveillance systems.
The above safeguards are meant to implement, also operationally, the principle
referred to in the domestic laws of a few countries as the principle of moderation
in the use of personal data – which is aimed at preventing or reducing, to the
greatest possible degree, the processing of personal data.
This principle should be implemented in all sectors by also having regard to the
fact that many purposes can be actually achieved without making recourse to
personal data, or by using really anonymous data, even though they may initially
seem to require the use of personal information.
The above considerations also apply in the presence of the justified need to
streamline business resources 23 or else improve the services delivered to users 24.
F) Information to Data Subjects
Openness and appropriateness in the use of video surveillance equipment entail
the provision of adequate information to data subjects pursuant to Articles 10 and
11 of the Directive.
Data subjects should be informed in line with Article 10 and 11 of the Directive.
They should be aware of the fact that video surveillance is in operation, even
where the latter is related to public events and shows or else to advertising
activities (web cams); they should be informed in a detailed manner as to the
places monitored.
It is not necessary to specify the precise location of the surveillance equipment,
however the context of surveillance is to be clarified unambiguously.
The information should be positioned at a reasonable distance from the places
monitored – unlike what has been done in a few cases, in which location of
information plates at 500 metres from the areas under surveillance has been
considered acceptable – also in the light of the filming arrangements.
The information should be visible and may be provided in a summary fashion, on
condition that it is effective; it may include symbols that have already been
proved useful in connection with video surveillance and no-smoking information
– which may differ depending on whether the images are recorded or not. The
purposes of the video surveillance and the relevant controller will have to be
specified in all cases. The format of the information should be adjusted to the
individual location.
Specific, well-grounded limitations to the information requirements may only be
allowed in the cases referred to in Articles 10, 11 and 13 of the Directive – e.g., a
temporary limitation may apply in respect of the data collected in the course of
investigations carried out lawfully by defence counsel, or else with a view to
exercising the right of defence, for as long as provision of the information may
jeopardise achievement of the specific purposes sought.
Finally, specific attention should be given to the appropriate way to furnish blind
persons with the information.
G) Additional Requirements
In connection with such additional requirements, precautions and safeguards as
are referred to in data protection legislation and are summarised under point 3)
above – also with regard to the need for the processing of personal data to be
notified to and subject to the supervision of an independent authority in line with
Articles 18, 19 and 28 of the Directive -, the Working Party would like to draw
attention, in particular, to the following issues:
a) A limited number of natural persons, to be specified, should be allowed to
view or access the recorded images, if any, exclusively for the purposes
sought by means of the video surveillance or else with a view to
maintenance of the relevant equipment in order to only verify its proper
operation; alternatively, this may occur on the basis of either a data
subject’s request for access or the lawful order issued by police or judicial
authority for crime detection purposes.
Whenever video surveillance is only aimed at preventing, detecting and
controlling offences, the solution consisting in the use of two access keys
– of which one would be held by the controller and the other one by the
police – may prove useful in many cases to ensure that images are only
viewed by police staff rather than by unauthorised staff – without
prejudice to the data subject’s legitimate exercise of his right of access by
means of a request made during the short image retention period.
b) Appropriate security measures should be implemented in order to prevent
occurrence of the events referred to in Article 17 of the Directive,
including dissemination of information that may be helpful to protect a
right of the data subject, a third party or the data controller himself – also
with a view to preventing manipulation, alteration or destruction of data
and related items of evidence.
c) Quality of the images recorded, if any, is also fundamental – in particular
if the same recording media are used repeatedly, which entails the risk of
failing to fully erase previously recorded images.
d) Finally, it is fundamental for the operators concretely involved in video
surveillance activities to be adequately trained in and made aware of the
steps to be taken to fully comply with the relevant requirements. Training
of controllers and operators as also related to the relevant risks and the
mechanisms to correctly identify the imaged individuals can be
considered to be a useful measure as well.
H) Data Subjects’ Rights
The peculiar features of the personal data collected do not rule out exercise by
data subjects of the rights referred to in Articles 13 and 14 of the Directive, with
particular regard to the right to object to the processing. Directive 95/46 indeed
allows the data subject to object at any time to the processing of data relating to
him on compelling legitimate grounds relating to his particular situation.
The data subjects’ right to oblivion and the usually short retention period of the
images do narrow the scope of application of the data subjects’ right to access
personal data that make them identifiable; however, this right is to be safeguarded
especially if a detailed request is made such as to allow the relevant images to be
easily retrieved. Account will have to be also taken of the need to temporarily
safeguard the rights of third parties.
Any limitations grounded on the efforts to be made for retrieving the images,
where such efforts are found to be clearly disproportionate in terms of researches,
costs and resources on account of the short retention period of the images, should
be laid down exclusively by primary legislation (see Article 13(1) of the
Directive) with due regard for the data subject’s right to defence in respect of
specific events that may have occurred in the period considered.
I) Additional Safeguards in connection with Specific Processing
Operations
It should be prohibited to perform video surveillance exclusively on account of
the racial origin of the persons imaged, their religious or political opinions, their
membership in trade unions or sexual habits (Article 8 of the Directive).
Without aiming at an exhaustive list of the multifarious applications of video
surveillance, the Working Party would like to stress the need to pay greater
attention – in principle, where appropriate, within the framework of the prior
checking of processing operations mentioned in Article 20 of the Directive – to a
few contexts in which images concerning identified or identifiable persons are
collected, since these contexts should be evaluated on a case-by-case basis.
Reference is made, in particular, to the following cases as resulting from
experiences and/or tests already in progress:
a) permanent interconnection of video surveillance systems as managed by
different data controllers,
b) possible association of image and biometric data such as fingerprints (e.g.
at the entrance of banks),
c) use of voice identification systems,
d) implementation, in line with proportionality principles and based on
specific provisions, of indexing systems applying to recorded images
and/or systems for their simultaneous automatic retrieval, especially via
identification data,
e) use of facial recognition systems that are not limited to identifying
camouflages of persons in transit, such as fake beards and wigs, but are
based on the targeting of suspected offenders – i.e. on the ability of the
system to automatically identify certain individuals on the basis of
templates and/or standard identity-kits resulting from certain outward
features (such as colour of a person’s skin, eyes, protruding cheekbones,
etc.), or else on the basis of pre-defined abnormal behaviour (sudden
movements, repeated transit even at given intervals, way of parking a
vehicle, etc.). In this connection, human intervention is appropriate also in
the light of mistakes possibly occurring in these cases as also mentioned
with regard to point f) below,
f) possibility to automatically trace routes and trails and/or reconstruct or
foresee a person’s behaviour,
g) taking of automated decisions based either on a person’s profile or on
intelligent analysis and intervention systems unrelated to standard alerts –
such as the fact of accessing a place without the required identification or
else a fire alert.
8. VIDEO SURVEILLANCE IN THE EMPLOYMENT CONTEXT
In its Opinion no. 8/2001 on the Processing of Personal Data in the Employment
Context, adopted on 13 September 2001, and in its Working Document on the
Surveillance of Electronic Communications in the Workplace, adopted on 29 May 2002
this Working Party has already drawn attention, in more general terms, to a few
principles aimed at safeguarding data subjects’ rights, freedoms and dignity in the
employment context.
In addition to the considerations made in the above documents, to the extent that they are
actually applicable to video surveillance, it is appropriate to point out that video
surveillance systems aimed directly at controlling, from a remote location, quality and
amount of working activities, therefore entailing the processing of personal data in this
context, should not be permitted as a rule.
The case is different as regards video surveillance systems that are deployed, subject to
appropriate safeguards, to meet production and/or occupational safety requirements and
also entail distance monitoring – albeit indirectly 28.
The implementing experience has shown additionally that surveillance should not include
premises that either are reserved for employees’ private use or are not intended for the
discharge of employment tasks – such as toilets, shower rooms, lockers and recreation
areas; that the images collected exclusively to safeguard property and/or detect, prevent
and control serious offences should not be used to charge an employee with minor
disciplinary breaches; and that employees should always be allowed to lodge their
counterclaims by using the contents of the images collected.
Information must be given to employees and every other person working on the
premises. This should include the identity of the controller and the purpose of the
surveillance and other information necessary to guarantee fair processing in respect of
the data subject, for instance in which cases the recordings would be examined by the
management of the company, the recording period and when the recording would be
disclosed to the law enforcement authorities. The provision of information for instance
through a symbol can not be considered as sufficient in the employment context.
9. CONCLUSION
The Working Party has drafted this working document to contribute to the uniform
application of the national measures adopted under Directive 95/46/EC on the area
of video surveillance.