By decision no 62/2007 the Hellenic Data Protection Authority signaled the way towards rightful use (installation and operation) of CCTV systems as well as other biometric systems at workplaces. The Authority ruled that the operation of biometric systems and closed-circuit television at workplaces is illegal, when certain conditions are not fulfilled. In more detail, pursuant to Art. 2 para. A of Law 2472/1997 on Personal Data Protection and Community Directive 95/46, sound and image data relating to people constitute personal data. Furthermore, according to the Hellenic Data Protection Authority’s Guidelines 1122/2000, regarding closed-circuit television systems, storage and transmission of people images, collected via steady cameras, operating constantly or frequently in a permanent mode, constitute personal data processing pursuant to Art. 2 para. D of Law 2472/1997, and according to the same Guidelines, this is not permitted, as it insults a person’s private life and personality. An exception to this rule is provided only when processing of personal data is aimed at protecting people, goods or traffic control, and only upon fulfillment of the condition that the area, where the cameras are installed, and the way of monitoring are determined and specified in a way that ensures collection of information absolutely indispensable for the aforementioned goal.
In relation to the specific case and facts, the arising issue in question was whether the aim via operation of cameras in the specific workplace, which allegedly has been the protection of pharmaceutical products from theft, adulteration or alteration, could be achieved through less onerous and insulting means, according to the principle of proportionality, as well as the determination of the level at which these specific means could achieve the said goal. Under the given facts of the particular case, the constant surveillance was deemed to be capable of causing to the employees, who actually were not aware of the conditions under which the monitoring was taking place, a sense of “fear” in a preventive way for any possibly unlawful action they might commit in the future. This feeling was deemed to offend employees’ personality. Moreover, the particular mode of operation of the installed cameras could not, in the Hellenic Data Protection Authority’s opinion, contribute effectively to theft prevention. More rigid methods of control during entrance or exit of the employees in the areas of pharmaceutical products distribution were considered softer means to constant surveillance.
To conclude, the recent decision of the Hellenic Data Protection Authority, praising and safeguarding the fundamental right to privacy and free personality of employees, paves the way for a more discreet conduct on part of employers in relation to the application of modern technologies at workplaces in the name of security, thus, drawing a bold line between lawfulness and illegality of similar measures, depending primarily on the intended goal and the conditions upon which this technology is applied, which should always be in compliance with the principles of purpose and proportionality.