HDPA (Greece) - 23/2021: Difference between revisions

From GDPRhub
(SB)
No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 58: Line 58:
}}
}}


The Greek DPA a fine of €15,000 on an employer for illegal installation and operation of a video surveillance system. It held that a CCTV surveillance system is considered active and operational, even if its camera feeds have been disabled via software, as they can be easily reactivated without notification.
The Greek DPA fined an employer €15,000 for the illegal installation and operation of a video surveillance system. It held that a CCTV surveillance system is active and operational even if its camera feeds have been disabled via software, because these camera feeds can be easily reactivated without notification.


== English Summary ==
== English Summary ==

Latest revision as of 13:29, 14 July 2021

HDPA - 23/2021
LogoGR.jpg
Authority: HDPA (Greece)
Jurisdiction: Greece
Relevant Law: Article 5(1)(a) GDPR
Article 5(1)(b) GDPR
Article 5(2) GDPR
HDPA directive 1/2011
Type: Complaint
Outcome: Upheld
Started:
Decided: 17.02.2021
Published: 03.06.2021
Fine: €15,000 EUR
Parties: Purple Sea M.I.K.E.
National Case Number/Name: 23/2021
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Greek
Greek
Original Source: HDPA (in EL)
HDPA (in EL)
Initial Contributor: Adrian Pappas

The Greek DPA fined an employer €15,000 for the illegal installation and operation of a video surveillance system. It held that a CCTV surveillance system is active and operational even if its camera feeds have been disabled via software, because these camera feeds can be easily reactivated without notification.

English Summary

Facts

Two individuals submitted a complaint against their ex-employer, claiming that the company surveils its employees via CCTV video-surveillance, without prior notification. The company claimed that a CCTV system was indeed physically installed but the 5 cameras surveilling work areas were disabled via software, thus only public/common areas were being actively surveilled.

Holding

The Greek DPA (HDPA) imposed a fine of €15,000 euros on a company for illegal installation and operation of a video surveillance system in the offices of the employees and in the kitchen of the workplace.

HDPA held that despite the cameras in question being disabled via software (showing a black box instead of the live feed in the CCTV software), they remained operational and could still be reactivated via software at any point without notification, so they should be considered as part of the operational video-surveillance system. Thus, the HDPA found that using this system violates Articles 5(1)(a), 5(1)(b) and 5(2) GDPR.

Also, the CCTV system in question falls under the provisions of HDPA's 1/2011 directive, which is the main point of reference for the use of CCTV video-surveillance systems in Greece - in this case, this refers to a ban on video-surveilling certain work areas.

HDPA also held that the company should have informed its employees on the operational status of the installed cameras, whether they were in operation or not, quoting among other things, the "chilling effect" that a non-operational camera might have on employees who might think it is in operation.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.



  
    

  
  
    
  
    Category
              Decision
          

  
    Date
              03/06/2021

          

  
    Transaction number
              23
          

  
    Thematic unit
          
              11. Labor Relations
          15. Video surveillance
              
      

  
    Applicable provisions
          
              Article 5.1.a: Principle of legality, objectivity and transparency
          Article 5.1.b: Principle of limitation of purpose
          Article 5.2: Principle of accountability
              
      

  
    Summary
              The Authority imposed a fine of 15,000.00 euros on a company for illegal installation and operation of a video surveillance system in the offices of the employees and in the kitchen of the workplace in violation of articles 5 par. 1 a 'and c' and 5 par. 2 of the Regulation ( EU) 2016/679. In addition, the Authority ordered the cameras to be uninstalled and any collected material deleted.

The transmission of the image of the persons in the range of the cameras on the projection screen of the computer of the manager of the company, who had the technical ability to display the complete image on the screen or to cover it by darkening the screen, at any time and with easy through a relevant setting from the logger, even if this setting required the assistance of the camera installer, constitutes the processing of personal data which violates the provisions of the GCP. Furthermore, the existence of only cameras in areas that have already been judged by the Authority Directive 1/2011 that the installation and operation of video surveillance systems, such as offices and restaurants, is prohibited, violates the rights of employees and violates the provisions of the GCC.

          

  
    PDF Decision
              23_2021anonym.pdf543.59 KB
          

  


    
  
    Category
              Decision
          

  
    Date
              03/06/2021

          

  
    Transaction number
              23
          

  
    Thematic unit
          
              11. Labor Relations
          15. Video surveillance
              
      

  
    Applicable provisions
          
              Article 5.1.a: Principle of legality, objectivity and transparency
          Article 5.1.b: Principle of limitation of purpose
          Article 5.2: Principle of accountability
              
      

  
    Summary
              The Authority imposed a fine of 15,000.00 euros on a company for illegal installation and operation of a video surveillance system in the offices of the employees and in the kitchen of the workplace in violation of articles 5 par. 1 a 'and c' and 5 par. 2 of the Regulation ( EU) 2016/679. In addition, the Authority ordered the cameras to be uninstalled and any collected material deleted.

The transmission of the image of the persons in the range of the cameras on the projection screen of the computer of the manager of the company, who had the technical ability to display the complete image on the screen or to cover it by darkening the screen, at any time and with easy through a relevant setting from the logger, even if this setting required the assistance of the camera installer, constitutes the processing of personal data which violates the provisions of the GCP. Furthermore, the existence of only cameras in areas that have already been judged by the Authority Directive 1/2011 that the installation and operation of video surveillance systems, such as offices and restaurants, is prohibited, violates the rights of employees and violates the provisions of the GCC.

          

  
    PDF Decision
              23_2021anonym.pdf543.59 KB