160 likes | 258 Views
Ide kerülhet az előadás címe. CCTV operation at work Belgrade, 11 th April 2013. Ide kerülhet az előadás címe. Introduction. Employer’s interests → monitoring employee s in connection with the ir work ↕ Privacy of the employee Legal basis of data processing
E N D
Ide kerülhet az előadás címe CCTV operation at work Belgrade, 11th April 2013 Ide kerülhet az előadás címe
Introduction • Employer’s interests → monitoring employees in connection with their work • ↕ • Privacy of the employee • Legal basis of data processing • data subject’s consent freely and expressly given • hierarchical relationship • employee’s financial dependence
Legal background • No detailed regulations • DPA’s recommendation • DPO conference • WP 29 opinion on consent • Act on Personal and Property Guards (Act CXXXIII of 2005)
Opinion of the WP29 • Opinion 15/2011 on the definition of consent • Consent is a tool that gives the data subject control over the processing of his data • Key elements: indication, freely given, specific,unambiguous, explicit, informed • Legal basis of data processing: - data subject’s consent (freely given?) - Article 7 (f) of the Directive - C-468/10. and C-469/10. (24th November 2011) direct effect → the provision can be invoked before national court
Article 7 (f) of the directive 95/46 • (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1 (1).
Legitimate processing of data • strictly necessary for reasons directly related to the intended purpose of the employment relationship • may not be at the expense of human dignity • shall be communicated to the workers affected in advance • respect of the principles of the Privacy Act
Legitimate processing of data Necessity „The personal right of workers may be restricted if deemed strictly necessary for reasons directly related to the intended purpose of the employment relationship and if proportionate for achieving its objective.” (Labor Code Section 9)
Legitimate processing of data Necessity • defense of human life, physical integrity, personal freedom • safekeeping of hazardous substances • defense of property • defense of investment papers, business papers
Legitimate processing of data Human dignity „Employers shall be allowed to monitor the behavior of workers only to the extent pertaining to the employment relationship. The employers’ actions of control, and the means and methods used, may not be at the expense of human dignity. The private life of workers may not be violated.” (Labor Code Section 11)
Legitimate processing of data Human dignity • unlawful → aim of the monitoring is to influence the behavior of the employee • prohibited in dressing rooms, showers, doctors’ offices, rest rooms • different regulation → end of working hours and no lawful access to the building
Legitimate processing of data Information „The means and conditions for any restriction of personal rights, and the expected duration shall be communicated to the workers affected in advance.” (Labor Code Section 11)
Legitimate processing of data Information • The employer gives information about: • written and clear information • legal basis of data processing • purposes of the data processing • surveyed area • system operator • location and duration of storage of records • data security measures • the name of the controller • possibility of due process
Legitimate processing of data • Warranty requirements • Surveyed area: • in accordance with the purpose • restricted to their own area • information for the data subject about each camera • Period of storage: • main rule: 3 working days • in exceptional cases 30 or 60 days
Enforcement actions Dual set of tools • in an ombudsman-type role • investigate • legislative opinions • participation in court proceedings • annual report • recommendations • conference of data protection officers • as an authority • data protection authority proceedings • data protection records • authority sanctions
Enforcement actions Data protection administrative sanction procedure • Reparative: • order: • correction • blocking, erasure or destruction • informing of relevant parties • making resolution public • prohibit: • illegal data control, data processing • transfer abroad • Preventative: • Fine: • range: 100 t – 10 m Ft • criteria by which the range is applied: • all circumstances of the case, i.e.: • number affected • extent of illegality • whether the infraction is repeated
Thank you for your attention Contact 1125 Budapest, Szilágyi Erzsébet fasor 22/C. 1530 Budapest, Pf. 5. Tel.: +36 391-1403 Tel.: +36 391-1410 ugyfelszolgalat@naih.hu www.naih.hu