Peering into the Kaleidoscope of Video Surveillance: A Lawyer's Perspective on the Risks and Regulations, by Mihaela Murariu at Grecu Partners Business Law Firm
Workplace video monitoring under GDPR: Understanding legal restrictions
In today's dynamic landscape, the employment scene is peppered with video surveillance systems. From Safeguarding assets to maintaining employee welfare, the purpose is multifaceted. Yet, these deployments amplify significant concerns surrounding an individual's privacy. To annihilate potential abuses arising from video surveillance in Romania, the General Data Protection Regulation (GDPR), and national legislation, notably Law no. 190/2018, adhere to strict rules.
Employers must adhere to the stringent criteria set forth by the GDPR and these Romanian laws to legitimately implement video monitoring, balancing their interests with employee rights. The rules governing these practices not only limit invasive data processing but also bolster employees' privacy.
In the spirit of GDPR’s core principles (Article 5), video surveillance in the workplace must be lawful, transparent, justified by legitimate interests, data minimalized, and restricted in duration. These principles essence the fundamental idea of safeguarding employees' privacy rights.
To exemplify the gravity of violation, a recent case by the National Supervisory Authority for Personal Data Processing (ANSPDCP) fined Cluj-Napoca Public Transport Company for the unlawful usage of audio-video surveillance systems in drivers' cabins. The company's transgressions included establishing monitoring without a valid justification, invading privacy, using the collected information for disciplinary actions that weren’t initially stated, and potentially jeopardizing passengers' privacy as well.
Yet, the dwindling presence of video surveillance tools can result in undesirable outcomes for both parties. Dependent on activity, companies may find managing security, theft prevention, accident causation root-cause analysis, and mitigating financial losses due to employee negligence quite the challenge. Consequently, data processing via video surveillance serves a direct connection to the risks associated with work-related activities.
Moreover, Law 190/2018 grants additional clarifications concerning employee scrutiny:
- Justifying the employer’s genuine interest for surveillance
- Informing employees in advance about the presence, objective, and analytical scope of monitoring
- Engaging social partners in any discussion regarding the introduction of surveillance systems
- Aiming for less intrusive methods whenever possible
- Storage duration being limited to 30 days, except under exceptional circumstances.
To ensure compliance with the data protection regulations and those safeguarding subjects’ rights and freedoms, operators must perform impact assessments.
Last but not least, it is essential to exercise maximum responsibility when utilizing video surveillance systems, upholding the law's conditions at all costs. The case of Cluj-Napoca Public Transport Company serves as a cautionary tale about the pitfalls that can potentially infringe upon employees' and other data subjects' rights. Employers must substantiate the necessity for surveillance, communicate with those affected, and shun invasive techniques that infringe upon privacy rights. Instead, alternative, less intrusive methods should always be explored before enforcing surveillance.
For any additional inquiries, please contact [email protected].
*This is Partner Content.
(Photo source: 135335589 by Chernetskaya | Dreamstime.com)
GDPR and National Legislation: A Synopsis
According to GDPR, employers are required to exhibit legitimate reasons for video surveillance, disclose the practice openly, minimize data collection, adhere to data retention policies, store footage securely, and grant access to authorized personnel.
In Romania, the ENFORCEMENT of GDPR and any additional national requirements interconnected to privacy and employee surveillance fall under the purview of the National Authority for the Supervision of Personal Data Processing (ANSPDCP).
Best Practices: Stability and Compliance
- Craft comprehensive video surveillance policies
- Update employee manuals to reflect these policies
- Provide training on video surveillance to maintain transparency and compliance
- In the European Union, specifically Romania, employers must legitimately justify their use of video surveillance, respect individual privacy, and adhere to data protection regulations like the General Data Protection Regulation (GDPR) and Law no. 190/2018 to balance employee rights with their interests.
- To comply with data protection regulations and uphold subjects' rights and freedoms, operators are advised to carry out impact assessments when utilizing video surveillance systems.
- Under the GDPR, employers are expected to exhibit legitimate reasons for video surveillance, disclose the practice openly, minimize data collection, adhere to data retention policies, store footage securely, and grant access to authorized personnel.
- In Romania, the National Authority for the Supervision of Personal Data Processing (ANSPDCP) is responsible for enforcing the GDPR and any additional national requirements related to privacy and employee surveillance.
