Protecting Workers from Surveillance: Why Unions Are Demanding GDPR Compliance
In today's workplaces, surveillance is everywhere. From CCTV cameras to AI-driven tracking of keystrokes and mouse movements, many employers are watching their workers more closely than ever before.
But when does this monitoring cross the line from security to outright invasion of privacy? For trade unions across Europe, the answer is clear: too often. And that's why they're using the General Data Protection Regulation (GDPR) to push back.
The Growing Threat of Workplace Surveillance
Employers justify surveillance in the name of security, efficiency or even "employee well-being." But too often, these systems are used to control workers, intimidate them or unfairly assess performance. We are all familiar with the reasoning behind such systems.
When something sounds beneficial for all parties, it usually has hidden downsides. Workplace monitoring sounds like a great tool until the implications for personal privacy, employee trust, and psychological wellbeing are factored in.
The Major Concerns of Unions about Surveillance
The three major concerns unions have expressed are:
1. Invasive Monitoring Practices
The deployment of surveillance technologies that monitor employees' every move, from ever-present CCTV surveillance to AI-driven systems that track keyboard strokes and mouse movements, has raised significant privacy concerns. Such practices are not always simple to justify and are potentially illegal under EU privacy laws.
2. Lack of Transparency
Employees are frequently unaware of the extent and purpose of surveillance measures in their workplaces. This opacity violates GDPR principles, which mandate clear communication about data collection practices.
3. Unauthorised Data Sharing
Instances where surveillance footage is shared internally beyond necessary personnel infringe upon data minimisation principles and suggests a potential misuse of personal data.
In workplace surveillance, it is not always simple to quantify the harm or to foresee how employee rights might be eroded over time.
Notable Cases of Union Surveillance Pushback
Amazon in France
In December 2023, the French data protection authority (CNIL) imposed a €32 million fine on Amazon France Logistique. The company was found to have implemented an "excessively intrusive system" for monitoring employee activity and performance, violating EU data protection rules.
Belgium's Surveillance Practices
The Belgian Data Protection Authority addressed a case where continuous employee surveillance via CCTV was deemed unnecessary for security purposes. The surveillance violated the principle of data minimisation under GDPR, leading to corrective measures.
These cases set a powerful precedent: employers who violate GDPR can and will be held accountable.
What Unions Are Doing?
To protect their members, unions are:
Educating workers about their privacy rights.
Challenging employers on their surveillance policies.
Pushing for stricter enforcement of GDPR.
Encouraging the use of redaction tools to ensure that surveillance footage is only used when absolutely necessary and in compliance with privacy laws.
One key initiative is IndustriAll Europe's GDPR toolbox, which equips union representatives with the knowledge and strategies to safeguard personal data in the workplace.
Surveillance can carry a huge price for workers, which cannot always be quantified because the implications are vast. Many employees struggle to understand the full extent of monitoring they're subjected to.
Employer Responsibilities Under GDPR
Employers have a legal duty to:
Justify surveillance - surveillance must be necessary, proportionate and lawful.
Be transparent - workers must be informed about how their data is being collected and used.
Restrict access - surveillance data should only be accessible to authorised personnel.
Minimise data collection - only the minimum necessary personal data should be gathered and retained.
Investing in proper data handling reduces the risk of non-compliance problems such as business disruption, fees, penalties and settlement costs.
In the context of the current discussion, responsible data handling also assuages union concerns about excessive surveillance and privacy invasion,
Time for Action on Compliance
Surveillance is here to stay, but that doesn't mean workers should surrender their right to privacy. Unions must and will continue to demand that employers follow GDPR and introduce redaction tools to protect workers from unnecessary and unlawful surveillance.
With continued worker education on their privacy, and by taking a stand against invasive surveillance, employees can make sure that technology benefits employees and not just those in authority.
The true cost, or value, of workplace privacy is the trust established between employers and employees, which is one of building blocks for a productive workplace.
Using GDPR to Protect Workers' Rights
Unions can use GDPR to advocate for stronger worker protections.
Demanding Employer Accountability
To engage with employers on data protection, unions should:
Request meetings with the employer's Data Protection Officer (DPO) to discuss policies affecting workers.
Advocate for data protection discussions within workplace consultation structures, such as works councils.
Request documentation on the employer's data processing practices, including data protection impact assessments (DPIAs).
Inquire about sector-wide GDPR codes of conduct that the employer may be following.
Key Questions to Ask Employers
When employers implement new data protection measures or technology affecting workers, unions should ask:
What data is being collected, stored and used, and for how long?
Is personal data involved, and if so, how is it anonymised?
What legal basis justifies processing data?
How will workers' rights under GDPR be upheld?
Has a Data Protection Impact Assessment (DPIA) been conducted, and what were the findings?
Whatever the cost of compliance, the cost of non-compliance is considerably more, as the losses that result from data privacy failures go beyond a monetary value.
Holding Employers Accountable
If a worker or group of workers suspects their personal data has been misused, they can:
Submit a Subject Access Request (SAR) under GDPR Article 15 to obtain a copy of their data.
Request corrections or deletion of incorrect or unnecessary data.
Lodge a complaint with the national data protection authority.
In a technology-aware era, as soon as workers realise that their data is not secure or is being misused, organisations risk a loss of trust that results in massive workplace disruption.
Conclusion
Data breaches and privacy violations can be costly for companies of any size. Investment in proper data protection is necessary at all levels, including encryption, access control and data redaction.
Fines, legal fees and business disruption are all potential consequences of failing to meet regulatory requirements for worker privacy.
Redaction tools represent an essential technology that can reduce compliance risks and associated costs while protecting worker dignity.
Facit Workplace Video Redaction Solutions
Facit’s video redaction software, Identity Cloak, is in the main used by organisations to guard against data privacy violations when dealing with customer data, such as when fulfilling a SAR.
However, we are receiving more enquiries about the use of workplace video redaction, which may be the result of union concerns and publicity about invasive workplace surveillance.
Get in touch to discover how we can help you with privacy compliance in the workplace and when dealing with customer and third-party data.
Related Articles
