Blog » THE BIG BROTHER AT WORKPLACE – USING VIDEO TO MONITOR WORKERS IN HUNGARY
THE BIG BROTHER AT WORKPLACE – USING VIDEO TO MONITOR WORKERS IN HUNGARY
20 December 2017
Should you have employee permission for CCTV record at workplace? How to be compliant with data protection laws regarding video surveillance? What are the cases when the strict data protection rules do not apply? In this article we examine these questions on the basis of the EU Data Protection Regulation (GDPR).
Is CCTV monitoring data processing?
It may not sound obvious for many that not only the name, address and ID number of the employee are personal data, but also their look, fate and voice shall be considered so. This means that handling video and voice recordings about the employees is considered asb data processing just like processing the data mentioned above.
According to the General Data Protection Regulation (GDPR) of the EU, the employer may process such data, too, if it does not conflict the fundamental rights and freedom of the employee.
In accordance with the above, the Hungarian Labour Code entitles employers to monitor the behaviour of employees in relation with the employment relationship, but such control may not violate human dignity, and the private life of employees may not be monitored.
The CCTV operated by the employer has to be set according to the following 4 principles:
Recording the employees and processing such data does not require the permission of the employees, because such action is based on the permission of the law. However, the employer must provide the employees with clear information, so that the employees should know what happens with their data.
With regard to the above, the employees must be informed especially about that they are working in an area that is observed via CCTV, and also the circumstances why such recording is made about that place, who can have access to the recordings, how long will they be stored, where will they be forwarded, and how can the employee watch the recording.
The employer must be able to give justification why a specific camera is at a specific place, and what is the purpose of the recording. The employer can use the recordings only according to the original purpose of the recording.
The purpose can be the security, health protection, labour protection of employees, accident investigation, etc. One camera can serve more purposes, but any use differing from the defined purpose is unacceptable.
It is important that it is true that the employer is entitled to monitor the employees, but the purpose of the recording can’t be only this. The employer is not allowed to continuously monitor the employees, because this would limit the privacy of the employees to an unjustified extent. Thus the camera can’t be placed in a position so it would monitor only one specific employee.
It is advised to place the camera so that it would serve also other purposes. For example, in case of an employee working at the cashier, the camera placed above to record the money handed over can be well justified, and may also protect the employee’s interests.
Also, where a dangerous machine is being used, the recording of the operation can serve the health and physical safety of the employee, so in case of emergency the help may come faster.
Because of the purpose limitation there are also places where it is prohibited to place camera. Such places are typically the changing rooms and the lavatory. The employee’s right for dignity in these places is so high that cannot be overwritten by any other interest.
This principle has a strong relation with purpose limitation, because it is not reasonable to store the data forever. If the data doesn’t serve any purpose anymore (especially if there is nothing worth to mention in it), then such data should be deleted as soon as possible.
Such deadlines are regulated by the national law, that is in case of usual security purposes 3 working days, if the employee has no need to use the recordings. Employee may store the recordings for longer only in special cases, like protecting significant value or guarding dangerous material.
Please don’t forget that the lawful obtaining of the personal data is not the only goal when we are talking about data protection. We have to make efforts so that unauthorised persons should not have access to them. The data protection includes also the protection of the data against third parties.
We can increase the security by a separate locked room, or by using passwords in computers.
CCTV or not?
As we described above, the CCTV recordings are regulated very strictly. However, just because there is a camera somewhere, doesn’t mean the automatic application of such provisions.
For example a fake camera does not record personal data, so there is no data process. This means that using a fake camera does not require meeting the strict requirements of the GDPR. Surely it is a good question whether it is worth to use a camera that is unable to record anything, but it can be generally said that people observe the rules better if they think they are controlled.
The real time camera without recording is another option offering more opportunities. This camera shows the observed place on a screen in a separate place without recording. This can be useful, if the employer would need 10 security person to guard all main spots of a site, but using CCTV it is enough to hire one person controlling all places by watching 10 monitors.
The real time camera is like setting up many mirrors so that we can see several directions from one place. As there is no recording, we can’t talk about data processing, so there is no need to comply with the strict rules of the GDPR.
According to the above, it may be better for the employer to measure whether it is really necessary to do video recording. If it is the good choice considering some places, all the cameras need to be set up carefully, according to the requirements of the EU Data Protection Regulation.
CAN YOUR DEBTOR ESCAPE LIQUIDATION BY SETTING OFF CLAIMS IN HUNGARY?
The initiation of a liquidation procedure is an effective debt collection method, since the debtor may only avoid being liquidated by paying the claim if the conditions specified in the Act on Bankruptcy Proceedings and Liquidation (Bankruptcy Act) are met. For this reason, in the case of liquidation, one of the most common defences of the debtor is the reference to offsetting. But can the debtor refer to offsetting without limitation during liquidation? In our short article we answer this question.Read more »
SZIGET FESTIVAL FINED RECORD HUF 30 MILLION FOR GDPR BREACHES – WHAT WENT WRONG?
A few days prior to the first anniversary of the entry into force of the GDPR the Hungarian Data Protection Authority imposed the biggest data protection fine in Hungary so far. The target was the biggest Hungarian festival organizer company thanks to whom the public may enjoy the SZIGET, the VOLT or the Balaton Sound Festival. The Data Protection Authority reviewed the check-in system of the festival and the data processing in relation with the check-in. In our short article we summarize the mistakes the Authority identified.Read more »
CONSTRUCTION TRUSTEESHIP IN HUNGARY - GETTING PAID IN CONSTRUCTION PROJECTS AS SUBCONTRACTOR
Construction trusteeship, as mandatory collateral management of major private construction projects in Hungary, strives for protecting subcontractors against non-paying general contractor, by allowing direct payments from employer under certain conditions. How does it work in practice and what are the limits of subcontractor protection? We address these issues in this article.Read more »