New Belgian Data Protection Authority decision on video surveillance: don’t do permanent surveillance of employees. Questions remain, but without more background (name of the stores, history of theft within the stores etc.) it’s difficult to assess whether the BDPA was right in its assessment.
The decision mentions the fact that cameras were deployed in 6 stores, and placed in such a way that “staff is permanently under supervision”. Apparently, members of staff “regularly received remarks from the surveillance company”. [yes, that’s probably bad]
The BDPA concluded that such permanent surveillance of work was contrary to the principle of data minimisation.
But is it really?
One client for whom I worked had trouble fighting theft by employees in various remote stores. “Hire better people”, you might think, but it’s not always easy to assess trustworthiness and ensure it sticks. They felt that having a camera on above the area surrounding the till was the most appropriate way to protect the company’s goods. Would that suddenly be prohibited, following the BDPA’s logic?
In its decision, the BDPA stresses the fact that the surveillance company made remarks to the surveilled staff (it’s unclear regarding what), which suggests that the surveillance company was spending significant time looking at what they were doing. That might indeed be excessive.
But would occasional verifications have been OK? One would hope so, otherwise employee-facing cameras might as well have been declared illegal under all circumstances.
Surveillance companies are (normally) not asked to stay glued to one screen but are tasked with checking various screens regularly (and for several customers sometimes). While there may be permanence in general terms (throughout the day the surveillance company might check every now and again), there is no continuous surveillance of a given employee at every moment in the day.
And that “permanent” surveillance does have its uses. After all, if the camera has to be turned off every now and again during the day to avoid permanent processing of personal data, what is the point of having the camera if by some coincidence theft were to happen just when the camera is off?
So maybe the BDPA didn’t intend to make it that general, and maybe you don’t need to panic if you use employee-facing cameras. Just make sure that you don’t misuse them – and that you have guardrails to ensure the surveillance company is actually looking for the right things (and not just taking notes to evaluate staff performance).
Decision (in Dutch): https://lnkd.in/ezDMjUCZ
data protection cctv privacy gdpr
Did this analysis get you thinking? Reach out!
DataLaws.net is entirely open-access, and instead of getting your data in exchange for this content, how about another trade? If this commentary saved you research time or sparked an idea, feel free to invite me over for tea, chai or a hot chocolate next time you are around Brussels or Antwerp - or invite me over to your offices for a chat!
Get in touch ↗ Let's connect on LinkedIn ↗