This was a case before the ECtHR and the applicants were all workers in supermarket chain. After the employer noticed irregularities between stock levels and what was actually sold daily, surveillance cameras were installed to address suspected theft. The workers were told about the store’s visible cameras but not others which had been covertly located. After admitting their guilt several workers were dismissed with reliance on covert images. The workers alleged breach of Article 8 and data protection rights.

At first instance, the Spanish court upheld the dismissals and found the security measures to be justified, appropriate, necessary and proportionate. Further, it considered that no other equally effective means of protecting the employer's rights would have interfered less.

The ECtHR disagreed with this reasoning and found that Article 8 had been violated. On these facts, a fair balance between the parties had not been achieved. The use of video surveillance in the workplace was said to be considerable intrusion into private life which extends to personal appearance. The Court held that to be in compliance with data protection laws, employees must be "explicitly, precisely and unambiguously" informed of the existence of a personal data file, how the data will be processed, the purpose for collection and the recipients of the data. The appeals were allowed.

Practical Lessons

This case highlights the conflicting position of data protection law which seeks to protect fundamental rights as well as the rights of an employer to monitor both employees and customers. Previous ECtHR case law, such as the case of Köpke, appeared to favour employers in such situations as covert surveillance was held to be necessary. By the time the facts of the Lopez case occurred the Spanish data protection legislation had established the right of the data subjects (the employees) to be informed of any means of collecting and processing their personal data. The right of the applicants here to be informed of the existence of covert surveillance was clearly protected by law and a reasonable expectation of privacy existed. While employers should ensure a clear surveillance policy is in place and make employees aware of its contents, less intrusive ways of achieving the same purpose is a sensible option. The General Data Protection Regulations (GDPR) will replace the existing Data Protection Act in May of this year and employers will likely be seeking to review their own procedures (including the monitoring of employees) to ensure compliance with the new law.
http://www.distretto.torino.giustizia.it/documentazione/D_12213.pdf