Technology is notoriously fast moving and it is also cheaper than it once was. We can all now afford to have devices in our pockets that even big corporations could not have dreamed of buying only 20 years ago. This creates new opportunities for everyone; it also creates new cases for tribunals.
The Italian Supreme Court (Corte di Cassazione) recently held an employer liable for a privacy-related offence (and imposed a EUR 600 fine) for hiding a CCTV camera in a place of work. The camera was placed in the air conditioning conduit and pointed at a room where work was normally carried out. The reason for the employer’s surveillance was the theft of a number of documents, which had occurred six days previously. The case in itself was straightforward. The judges recognised that the surveillance was carried out in a way that did not respect the right to privacy of the worker normally in the room (she was female, recorded continuously and had to apply medication to her leg during the period she was filmed). Furthermore, the judgment is a criminal law decision: employment law is mentioned only as a reference.
What is relevant for employers is that this decision (and others in similar recent cases) provides assistance in understanding and specifying the limits on employers’ power to investigate and monitor their premises and protect their assets. A number of recent laws, not least the GDPR, which becomes directly applicable in EU Member States from 25 May 2018, put a special focus on a practice (DIY investigation of employees by employers) that has become increasingly common for companies all over the world. These types of investigation can take a number of forms, from a camera hidden in an air conditioner to the most sophisticated internal audit process imaginable. But all possible monitoring methods must be governed by a general and clear requirement: balance.
Employers are required to balance their interest in asset protection and their right to combat fraud and theft against their employees’ right to privacy. Data protection laws, local rules on monitoring and technology itself play crucial roles; company policies and internal rules are also vitally important. Any investigation needs to be carried out with all these issues in mind. If data is managed according to procedures and rules, employees are informed of their rights and obligations, mandates are given in an appropriate and clear manner then investigations can run smoothly and legally, and the ‘bad guys’ will lose. If, on the other hand, investigations are put in place simply because a CCTV camera is now affordable, then there is a real risk of not resolving the issue under investigation, violating employees’ privacy and having the criminal chamber of the Corte di Cassazione condemn you for unlawful monitoring in the workplace.
Italy is currently experiencing a period of increased activity around the issues mentioned above: GDPR, important reforms relating to long-distance monitoring and a brand new whistleblowing law, in addition to all the debates, decisions and administrative guidelines these changes bring. Hopefully these developments will create a legal context that can keep pace with the rapid evolution of technology (and the age-old problem of fraud) in the workplace.