France’s data protection authority fined a translation services company 20,000 euros ($22,376) for using video cameras to constantly surveil employees at their workstations.
The National Commission for Informatics and Liberties, known as CNIL, said June 18 that Uniontrad Co. violated the EU’s General Data Protection Regulation, which limits the use of CCTV cameras on employees and recommends that companies destroy footage after 15 days.
CNIL directed Uniontrad to post notices alerting employees of surveillance, set an appropriate data retention period, limit the use of cameras to avoid constant observation, increase protection of employee data, and create a password manager system with unique authenticators for emails and workstations.
“The permanent surveillance of employees, which is an intrusion on their private life, may only be carried out in exceptional circumstances,” the regulator said in its decision.
CNIL said it chose the size of the fine based on the company’s size—9 employees—and its financial status, which is “net negative.” The company must prove compliance with the ruling within the next two months or be fined an additional 200 euros ($224) per day.
Uniontrad was asked to take precautions to protect employee privacy after CNIL received four employee complaints over a two-year period. But CNIL said it received four more complaints a year later, in 2017.
The agency in February 2018 discovered a camera continually filming six employee workstations during an inspection, which also revealed that the company lacked appropriate employee data security and confidentiality protections. A follow-up inspection in October 2018 showed the company had failed to change its surveillance practices, CNIL said.
“It is the company’s refusal to take steps to comply, despite CNIL’s support for the compliance it has received, which in this case has justified a complaint procedure,” the regulator said.
Uniontrad didn’t immediately respond to a request for comment.