The installation and operation of video surveillance systems, involving the capture or recording of images or sounds via the collection, storage, access, and transmission of personal data in the workplace, is a measure that employers may take to prevent potential financial damage due to criminal actions (e.g., theft in stores where the systems are installed). However, considering that these systems collect and process personal data of employees (such as their faces, movements, and overall activities), they represent an intervention in individual rights, such as the right to privacy (Article 9 of the Greek Constitution, Article 7 of the Charter of Fundamental Rights of the EU, and Article 8 of the European Convention on Human Rights), as well as the protection of personal data (Article 9A of the Greek Constitution, Article 8 of the EU Charter, and Article 8 of the ECHR). Naturally, restrictions are placed on the employer’s freedom to implement such actions. This issue was recently addressed in the ruling No. 337/2025 by the Piraeus Court of First Instance.

The Facts and Court Reasoning

The case concerned an employee hired by a customs brokerage and internet services company, initially employed in the company’s physical premises and, from March 2020, when pandemic-related restrictions began, working remotely. From the beginning of his employment until the transition to telework, the employee was under surveillance via a closed-circuit television (CCTV) system that focused on his workstation, which was installed without prior notification to him. The employee complained to the employer about this, but no action was taken. He subsequently filed a lawsuit, seeking, among other things, monetary compensation for the moral damage he suffered due to the violation of his personal rights from the use of the video surveillance system.

The Court of First Instance found ample evidence of the camera’s existence, focusing on the plaintiff’s workstation to monitor his performance and ensure he was consistently and appropriately engaged in his tasks. The court ruled that, since the installation of such a system did not serve any higher purpose, it was not permissible in the workplace and violated the principles of necessity and proportionality as outlined in Article 5(1) of the General Data Protection Regulation (GDPR). In fact, it was not proven that the CCTV system was a means to protect employees from criminal activities in the area or that it could prevent external risks as the defendant company claimed. As a result, the court accepted the plaintiff’s request and ordered the employer to pay him 500 euros with interest.

Considerations on the Decision

Regarding the protection of employees’ personal data, video surveillance is perhaps the most significant intrusion into their personality and privacy. Consequently, the legal review of its legitimacy must be stringent. Some have argued that using cameras in the workplace is categorically prohibited unless employees are informed in advance (Mon. Court of Athens 236/2022, Arm. 2024, 582). However, a more accurate perspective suggests that an exception exists to this absolute position based on Article 6(1)(f) of the GDPR, which allows processing when it is necessary for legitimate business interests, unless these interests are overridden by the employee’s fundamental rights to privacy and dignity. This requires balancing the employer’s interests in monitoring employees’ performance against the employee’s rights to privacy.

The principle of proportionality is central to this issue, as it helps determine whether the employer’s reason for using surveillance cameras is appropriate, cannot be satisfied with less invasive measures, and does not infringe on employees’ fundamental rights more than necessary. Specifically, the camera placements and data collection methods must be designed to ensure that only the minimum necessary data is collected to fulfill the processing purpose, without violating employees’ privacy.

The decision in question seems to follow these guidelines, applying the principle of proportionality and balancing the conflicting interests of the parties. The court rejected the defendant company’s argument that the CCTV system was intended to combat criminal activity, noting that the camera focused solely on the employee’s workstation, not the entrances and exits of the premises. Furthermore, the company’s line of business did not fall under sectors that would justify the use of surveillance systems due to exceptional circumstances, nor could it be considered a high-risk activity prone to criminal acts, such as a supermarket.

It’s also important that, even if the CCTV system was installed for crime prevention, the employee was not informed about it, violating the GDPR requirement to inform employees before they enter the monitored area. According to Article 12 of the GDPR, the data processor must inform employees about the processing of their data, including the purpose, and provide contact details for exercising their rights under GDPR regulations. The failure to meet this obligation was duly considered by the court when weighing the evidence.

Final Thoughts

While the court’s reasoning on the permissibility of surveillance is valid, the award of only 500 euros in moral damages seems insufficient. It is possible that the judge considered factors such as the fact that the CCTV system only recorded images, not sound (though this is not definitively stated in the decision). However, the overall amount awarded seems inadequate to address the moral harm caused to the employee, given the circumstances, including the lack of prior notification and the nature of the company’s operations.

Source: www.grammenoslegal.gr

Yannis Gerelkis is a trainee lawyer