Covert Monitoring of Employees and the Right to Privacy under Article 8 ECHR: Can these two be reconciled?

18-02-2019

Authors: Séamus Given, Sally Doyle and Niamh Fennelly

Click here to view the briefing in PDF format.

It is generally accepted that the monitoring of employees at work is intrusive. Employees have a legitimate expectation that they can keep their personal lives private and that they are also entitled to a degree of privacy in their work environment. While there has been much said about the data privacy protections in the General Data Protection Regulation (GDPR), employees’ privacy has long had protection in the Irish Constitution and the European Convention on Human Rights (ECHR).

Two recent European Court of Human Rights decisions examine employers’ monitoring of employees in the context of the Article 8 right to a private life.

Ribalda & Ors v Spain (2018)

In this case, five applicants – supermarket cashiers accused of theft – argued that the covert video surveillance ordered by their employer without previously informing them had violated their right to privacy under Article 8 of the ECHR. The Court observed that although the employer had given the workers notice of the installation of visible cameras, other cameras had also been installed which were hidden, and the workers were not informed of those.

The Court took account of the following factors in reaching its decision:

  • a number of people had seen the footage before the applicants, including their union representative and the employer’s lawyer;
  • the workers had not been told of, or consented to, the covert surveillance of them; and
  • the footage had been taken over a number of weeks, at all hours and had captured images of workers other than those suspected of theft.

The following passage from the judgment is of particular interest:

“Furthermore, in the present case and unlike in Köpke, the covert video surveillance did not follow a prior substantiated suspicion against the applicants and was consequently not aimed at them specifically, but at all the staff working on the cash registers, over weeks, without any time limit and during all working hours. In Köpke the surveillance measure was limited in time – it was carried out for two weeks – and only two employees were targeted by the measure. In the present case, however, the decision to adopt surveillance measures was based on a general suspicion against all staff in view of the irregularities which had previously been revealed by the shop manager.”

The Court concluded that the employer should have safeguarded its property (on the basis that it believed the applicants had been stealing from it) by other means which had less impact on the workers’ privacy, and should have notified the workers in advance of the installation of the surveillance systems. the Court believed that the Spanish courts had failed to strike a fair balance between the applicants’ rights to respect for their private lives and the employer’s interest in the protection of its property rights.

Libert v France (2018)

In this case, the applicant alleged that his employer had violated his right to privacy when it opened files on the hard disk of his computer without him being present. The applicant had been suspended and, on his reinstatement, discovered that his work computer had been seized. He was informed that the person who replaced him during his suspension had alerted his superiors to documents which caught his attention on the applicant’s work computer. The applicant was dismissed by reason of the items found on the computer.

As the applicant was employed by the State owned SNCF, he contended that there was interference with his right to privacy by a public body.

The Court considered whether the interference complained of had a legal basis and was satisfied that it had – at the material time, domestic law allowed the employer, within limits, to open files stored on an employee’s work computer.

The Court then considered whether the interference pursued a legitimate aim and found that it did not. The employer had argued it was necessary to open the files stored on the applicant’s computer for the legitimate aim of preventing a crime. However, this was not accepted by the Court as the opening of the files was not done in the context of criminal proceedings against the applicant. The Court did however acknowledge that the interference was intended to safeguard the protection of the “rights of others”, that is to say those of the employer, who might legitimately wish to ensure that employees are using the employer’s computer facilities placed at their disposal for the purpose of carrying out their duties.

Finally, the Court considered whether the interference with the right to privacy was necessary in a democratic society:

“The notion of necessity implies that the interference corresponds to a pressing social need and, in particular, that it is proportionate to the legitimate aim pursued…. the domestic courts had to ensure that the introduction by an employer of measures to monitor correspondence and other communications, irrespective of the extent and duration of such measures was accompanied by adequate and sufficient safeguards against abuse. It stressed, in this context that proportionality and procedural guarantees against arbitrariness were essential.

… French positive law contains provisions for the protection of private life. The principle is that, whilst the employer can open any professional files stored on the hard disks of the computers placed at the employees’ disposal for the purposes of their duties, it cannot surreptitiously open files identified as being personal “save in a case of serious risk or in exceptional circumstances”. It can only open such files in the presence of the employee concerned or after the latter has been duly called.”

The Court noted that the computer files in this case had not been clearly identified as personal. In the circumstances, the Court concluded that no breach of the right to privacy under Article 8 of the ECHR arose.

Conclusion

The principles used by the European Court of Human Rights in assessing the limits to the right to a private life under Article 8 are similar to the principles contained in the GDPR. These decisions make clear that the Court will place a heavy emphasis on the proportionality of measures used to monitor employees and whether such measures pursue a legitimate aim before it will find that no breach of the right to privacy under Article 8 of the ECHR has occurred.

Download PDF