Blog
Blog » THE BIG BROTHER AT WORKPLACE – USING VIDEO TO MONITOR WORKERS IN HUNGARY
THE BIG BROTHER AT WORKPLACE – USING VIDEO TO MONITOR WORKERS IN HUNGARY
20 December 2017
Should you have employee permission for CCTV record at workplace? How to be compliant with data protection laws regarding video surveillance? What are the cases when the strict data protection rules do not apply? In this article we examine these questions on the basis of the EU Data Protection Regulation (GDPR).
Is CCTV monitoring data processing?
It may not sound obvious for many that not only the name, address and ID number of the employee are personal data, but also their look, fate and voice shall be considered so. This means that handling video and voice recordings about the employees is considered asb data processing just like processing the data mentioned above.
According to the General Data Protection Regulation (GDPR) of the EU, the employer may process such data, too, if it does not conflict the fundamental rights and freedom of the employee.
In accordance with the above, the Hungarian Labour Code entitles employers to monitor the behaviour of employees in relation with the employment relationship, but such control may not violate human dignity, and the private life of employees may not be monitored.
The CCTV operated by the employer has to be set according to the following 4 principles:
Information
Recording the employees and processing such data does not require the permission of the employees, because such action is based on the permission of the law. However, the employer must provide the employees with clear information, so that the employees should know what happens with their data.
With regard to the above, the employees must be informed especially about that they are working in an area that is observed via CCTV, and also the circumstances why such recording is made about that place, who can have access to the recordings, how long will they be stored, where will they be forwarded, and how can the employee watch the recording.
Purpose limitation
The employer must be able to give justification why a specific camera is at a specific place, and what is the purpose of the recording. The employer can use the recordings only according to the original purpose of the recording.
The purpose can be the security, health protection, labour protection of employees, accident investigation, etc. One camera can serve more purposes, but any use differing from the defined purpose is unacceptable.
It is important that it is true that the employer is entitled to monitor the employees, but the purpose of the recording can’t be only this. The employer is not allowed to continuously monitor the employees, because this would limit the privacy of the employees to an unjustified extent. Thus the camera can’t be placed in a position so it would monitor only one specific employee.
It is advised to place the camera so that it would serve also other purposes. For example, in case of an employee working at the cashier, the camera placed above to record the money handed over can be well justified, and may also protect the employee’s interests.
Also, where a dangerous machine is being used, the recording of the operation can serve the health and physical safety of the employee, so in case of emergency the help may come faster.
Because of the purpose limitation there are also places where it is prohibited to place camera. Such places are typically the changing rooms and the lavatory. The employee’s right for dignity in these places is so high that cannot be overwritten by any other interest.
Storage limitation
This principle has a strong relation with purpose limitation, because it is not reasonable to store the data forever. If the data doesn’t serve any purpose anymore (especially if there is nothing worth to mention in it), then such data should be deleted as soon as possible.
Such deadlines are regulated by the national law, that is in case of usual security purposes 3 working days, if the employee has no need to use the recordings. Employee may store the recordings for longer only in special cases, like protecting significant value or guarding dangerous material.
Security
Please don’t forget that the lawful obtaining of the personal data is not the only goal when we are talking about data protection. We have to make efforts so that unauthorised persons should not have access to them. The data protection includes also the protection of the data against third parties.
We can increase the security by a separate locked room, or by using passwords in computers.
CCTV or not?
As we described above, the CCTV recordings are regulated very strictly. However, just because there is a camera somewhere, doesn’t mean the automatic application of such provisions.
For example a fake camera does not record personal data, so there is no data process. This means that using a fake camera does not require meeting the strict requirements of the GDPR. Surely it is a good question whether it is worth to use a camera that is unable to record anything, but it can be generally said that people observe the rules better if they think they are controlled.
The real time camera without recording is another option offering more opportunities. This camera shows the observed place on a screen in a separate place without recording. This can be useful, if the employer would need 10 security person to guard all main spots of a site, but using CCTV it is enough to hire one person controlling all places by watching 10 monitors.
The real time camera is like setting up many mirrors so that we can see several directions from one place. As there is no recording, we can’t talk about data processing, so there is no need to comply with the strict rules of the GDPR.
According to the above, it may be better for the employer to measure whether it is really necessary to do video recording. If it is the good choice considering some places, all the cameras need to be set up carefully, according to the requirements of the EU Data Protection Regulation.
-
CJEU DECISION IN A GDPR-RELATED CASE: DOES THE VIOLATION OF THE GDPR AUTOMATICALLY CONSTITUTE NON-MATERIAL DAMAGE?
Does the infringement of the data subjects’ rights by the controller give automatically rise to compensation? Can the controller be exempted from liability solely on the basis that the damage was the result of the fact that its employee did not comply with its instructions? What are decisive criteria to determine the amount of damages? In this article we analyse the fresh decision of the CJEU which addressed the previous questions.
Read more » -
HUNGARY – PERSONAL SCOPE EXTENSION OF JURISDICTION CLAUSE TO NON-SIGNATORY UNDER BRUSSELS IBIS
Does the principle of independence of the choice-of-court agreement require that parties shall expressly transfer the dispute resolution clause in case of transfer of the main contract? When can the personal scope of a jurisdiction agreement be extended to a non-signatory? A Hungarian appellate court decided upon these questions under the Brussels Ibis Regulation in a recent judgment
Read more » -
SETTING ASIDE ARBITRAL AWARDS IN HUNGARY
Given that there is no right of appeal in arbitration proceedings, it is important to be aware of what other legal remedies are available to you against an arbitral award. According to the Hungarian Arbitration Act, the parties may request the competent state court to set aside the award, which is a “mandatory” remedy, which cannot be waived by the parties in advance.
Read more »