ECHR on Hidden Cameras on the Workfloor: Two Interferences with Art. 8 ECHR

(Case of Lópex Ribalda and others v.s Spain, ECtHR 09 January 2018 appl. 1874/13 and 8567/13 and Case of Antovic and Mirkovic v. Montenegro, EctHR 28 November 2017, 70838/13)

Recently the European Court of Human Right (ECtHR) decided on two separate cases of hidden cameras on the workfloor. In the first case, the University of Montenegro decided to place cameras in the classrooms, vexing several professors. The second case was about a Spanish supermarket which placed hidden cameras to prevent theft among employees. These cameras proved to be very effective, six employees where caught. However, the hidden cameras are also unlawful, according to the ECHR. In this article, these cases will be briefly discussed as well as their influence on the Dutch law.

The professors and supermarket employees: an outline of the cases

So, the first case regards the University of Montenegro. The dean of this university decided to place cameras in the classrooms, supposedly to protect the property of the university. According to the dean, there were cases of damaged property, drinking in the classrooms and even animals were taken inside the classrooms.Apparently, the professors were not amused by the camera surveillance. According to them, there is absolutely no reason for camera surveillance. After all, the classrooms are always closed outside class hours and only contained some old chairs and tables, which are bolted to the floor. Basically, according to them, it is almost impossible to damage any university property. The local data protection authority (DPA)  interfered on request of the professors. The DPA ordered the university subsequently to remove the cameras. It took the University more than a year after that order to remove the cameras. This led the professors to file for damages, which case was ultimately brought before the ECtHR. 

Apparently, not only deans lie awake at night because of stolen or damaged property. This is also a serious problem for Spanish supermarket entrepreneurs. This supermarket entrepreneur had to deal with a monthly cash deficit of up to € 25.000,-. Obviously, he suspected that his employees had something to do with that. So he decided to place hidden cameras above the checkouts. Obviously without telling his employees beforehand. The cameras proved to be very successful. Six employees were caught and fired. In the dismissal proceedings, the employees argued that their privacy was infringed because of the hidden cameras. Spanish data protection law requires subjects to be always informed of the processing of personal data beforehand. As the supermarket entrepreneur did not inform his employees beforehand, he acted against the law. The Spanish courts, however, agreed that the entrepreneur acted against the law by not informing his employees beforehand, but as the entrepreneur faced serious theft in his company, he was allowed to do so. So, the dismissal held before the Spanish court. The employees, therefore, went to the ECtHR to collect damages.

The legal framework of the ECHR in case of privacy infringements

Both cases revolve around the use of cameras on the workfloor and, obviously, whether such use is an infringement on art. 8 ECHR. The ECtHR uses various legal frameworks to assess different types of privacy infringements. For instance, the ECtHR uses a balancing test in cases regarding free speech and a ‘necessity’ test in case of a privacy interference for security reasons.

In the present cases the ECtHR used a basic necessity test which means that, after establishing admissibility, it determines whether there is, in fact, an interference of art. 8 ECHR.

If an interference is ascertained the second question is whether the breach is allowed under the second paragraph of art 8 ECHR. A breach is allowed if: (1) it is allowed by law (2) it is necessary in a democratic society (3) for the rationales named in art. 8 – 2 ECHR.

The present cases revolve around the first criterium: whether the breach is allowed by law.

Do cameras on the workfloor violate privacy?

Privacy in the sense of art. 8 ECHR also extends to the workplace. The right to privacy includes the right to form a personality, which personality also includes the relationships which one forms with other humans. A lot of these relationships form in the workplace. This means that in the workplace there is also some sense of privacy.

“Article 8 thus guarantees a right to “private life” in the broad sense, including the right to lead a “private social life”, that is, the possibility for the individual to develop his or her social identity. In that respect, the right in question enshrines the possibility of approaching others in order to establish and develop relationships with them … The Court has already held that the notion of “private life” may include professional activities or activities taking place in a public context (see Bărbulescu, cited above, § 71, and the authorities cited therein). It is, after all, in the course of their working lives that the majority of people have a significant, if not the greatest, opportunity to develop relationships with the outside world, and it is not always possible to distinguish clearly which of an individual’s activities form part of his professional or business life and which do not (see Niemietz, cited above, § 29). There is therefore a zone of interaction of a person with others, even in a public context, which may fall within the scope of “private life” (see Peck, cited above, § 57), professional life being part of it (see Fernández Martínez, cited above, § 110 in fine).”

However, the workplace is also some sort of public space which people enter in exchange for a reward. This means that the right to privacy is not as strong as in one’s own home. According to earlier case law, an employee can therefore only invoke the right to privacy if there was a reasonable expectation of privacy.

The ECtHR is clear in the present cases. Camera surveillance on the work floor is always a serious violation of the privacy of employees. It does not matter whether the cameras are visible or hidden. To reformulate that: the employees have a reasonable expectation (of privacy) not to be monitored with cameras on the workfloor.

Is the infringement of the privacy allowed under the second paragraph of art. 8 ECHR?

As explained, the second paragraph of art. 8 ECHR allows certain privacy interferences if these meet the strict requirements of that paragraph.

In both cases, the ECHR decided that the camera surveillance is not according to the law and therefore not allowed under the second paragraph of art. 8 ECHR.

In the professor-case, the ECHR merely followed the local data protection authority in its conclusion that the camera surveillance was not according to the local data protection law and therefore not allowed under the second paragraph of art. 8 ECHR. The chosen approach means that the ECHR de facto also explored the second question, as the local data protection law only allows the use of personal data if the use is proportional and necessary. However, it allows the ECHR conclude fairly easily that the privacy infringement is not allowed, without having to investigate it.

The supermarket-case is in some sense the opposite. In the supermarket-case, the use of hidden cameras is clearly against national law. The national law, after all, dictated that subjects should always be informed beforehand about the use of camera surveillance. The supermarket owner failed to fulfill this legal obligation, the reason why the camera surveillance is not according to the law.

The Spanish courts seem to condone this omission in view of the interest the owner has to catch the thieves. The ECHR is less lenient: you cannot act a little bit unlawful. As the owner did not fulfill his legal obligation, the camera surveillance is against the law and therefore not allowed under art. 8 ECHR.

In his dissenting opinion, Judge Dedov questions this decision of the ECtHR. After all, the employer faced some serious losses and hidden camera surveillance is not very effective if the subjects are informed beforehand. Although strictly correct, the strict notion of the ECtHR means that the applicants are allowed to profit from their own wrongdoing. Judge Dedov, therefore, argues that the ECtHR should verify whether the actions of the supermarket owner are against the general principle of the law.

The majority of the court, however, interpreters the Spanish law textually.

It seems that the ECtHR measures the national judgments differently. In the case of the professors, it merely joins with the opinion of the local data protection authority. In the Spanish supermarket case, it contradicts the decision of the Spanish courts. However, one should notice that the ECtHR and the ECHR fulfill a very specific role in the legal system. The ECHR is meant to provide a certain minimum standard of human rights. Member states are allowed to provide higher standards themselves. This means that the ECtHR could follow the judgment of the Spanish DPA as no one contests that it meets the minimum standards. However, the judgment of the Spanish courts did not meet these standards and should therefore be

Both the Dutch and Spanish data protection laws are based on the EU Privacy Directive. Art. 10 and 11 of this directive dictate that data subjects should be informed beforehand of data processing. However, art. 13 allow member states to adopt an exception to this obligation if this exception is necessary to protect several interests, among which: the prevention, investigation, detection, and prosecution of criminal offenses. Apparently, the Spanish government did not use this exception. However, the Dutch government implemented this exception in art. 43 of the Wet bescherming persoonsgegevens (Law on the protection of personal data). This means that hidden camera surveillance (without informing the subjects beforehand) is allowed in The Netherlands under certain circumstances, as a Dutch court observed recently.

It is noteworthy that art. 23 of the General Data Protection Regulation (GDPR) also allows a similar exception to the information right by national or EU law. However, art. 23-2 GDPR dictates that such exception should contain specific conditions regarding topics like the purpose of the processing, categories of personal data, safeguards to prevent abuse etc. etc.

The Dutch government intends to use this exception. The (Dutch) Proposal for the Implementation of the GDPR, includes such exception under art. 41. However, art 41 of the Proposal does not contain specific conditions regarding the topics mentioned in art. 23 GDPR. The proposal merely dictates that the data controller should ‘consider’ these topics. It is questionable whether art. 42 of the Proposal is specific enough to meet the requirements of art. 23-2 GDPR. If not, the exception is not according to law, which would mean that hidden camera surveillance (without notice beforehand) is not allowed under art. 8 ECHR.


The two cases teach us that the ECtHR reads local privacy laws very literally if these laws protect the privacy. It means that employers should follow these laws strictly or risk committing a privacy infringement, even if following the law would lead to unreasonable results.

The Dutch government should also notice these two cases when implementing the GDPR. A wrong implementation of the GDPR could lead to a de facto prohibition on the use of hidden cameras.

On a less serious note, we now know that the ECtHR values the privacy of a professor severely less than the privacy of a supermarket employee. After all, the professors only received € 1.000, each in non-pecuniary damages for the infringement. The supermarket employees, however, are awarded € 4.000,- each in non-pecuniary damages. Well, it seems that the ECtHR applied some ancient Roman wisdom : Quod licet Iovi, non licet bovi.