A Spanish supermarket suspected that some employees were stealing from their tills so they installed secret CCTV cameras to try and catch the suspects in the act. They caught five cashiers stealing money, who were subsequently dismissed. Despite the dismissals being procedurally fair, the European Court of Human Rights (ECHR) held that this covert surveillance breached the employees' right to privacy and the individuals—who were also found guilty of theft—were awarded 4000 euros in damages. The ECHR held that the Spanish courts had failed to strike a fair balance the employee's right to privacy and the employer's legitimate interest in safeguarding its business.

Comment

The decision highlights the need for employers to properly consider the impact that surveillance in the workplace will have on an individual's right to privacy. They should always choose the least intrusive method of infringing on privacy even where they have a genuine reason for doing so. With the GDPR coming into force in May of this year, employers should conduct impact assessments if they are considering any kind of employee monitoring.

ICO Guidance

The ICO guidance makes clear that secret surveillance is rarely likely to be justified, and if it is considered necessary, the surveillance should be for as limited a period as possible and affect as few people as possible. Tailored and considered data protection policies will be vital in justifying any form of employee monitoring be it CCTV, interception of emails or otherwise. So to avoid having to pay out for privacy breaches, be sure to carry out a privacy impact assessment as your first step.