A public sector employer wanting to conduct lawful staff surveillance must first ask the question, which legislation applies? If the surveillance involves covert techniques or equipment, it is easy to assume that Part 2 of the Regulation of Investigatory Powers Act 2000 (“RIPA”) applies and that the surveillance must be the subject of an written authorisation by a senior officer and, in the case of a local authority employer, Magistrates’ approval. However, the Investigatory Powers Tribunal has ruled in the past that not all covert surveillance of employees is regulated by RIPA.
In C v The Police and the Secretary of State for the Home Department (14th November 2006, No: IPT/03/32/H), a former police sergeant (C), having retired in 2001, made a claim for a back injury he sustained after tripping on a carpet in a police station. He was awarded damages and an enhanced pension due to the injuries. In 2002, the police instructed a firm of private detectives to observe C to see if he was doing anything that was inconsistent with his claimed injuries. Video footage showed him mowing the lawn. C sued the police claiming that they had carried out Directed Surveillance under RIPA without an authorisation. The Tribunal first had to decide if it had jurisdiction to hear the claim. The case turned on the interpretation of the first limb of the definition of Directed Surveillance i.e. was the surveillance “for the purposes of a specific investigation or a specific operation?”
The Tribunal ruled that this was not the type of surveillance that RIPA was enacted to regulate. It made the distinction between the ordinary functions and the core functions of a public authority:
“The specific core functions and the regulatory powers which go with them are identifiable as distinct from the ordinary functions of public authorities shared by all authorities, such as the employment of staff and the making of contracts. There is no real reason why the performance of the ordinary functions of a public authority should fall within the RIPA regime, which is concerned with the regulation of certain investigatory powers, not with the regulation of employees or of suppliers and service providers.”
The Tribunal also stated that it would not be right to apply RIPA to such surveillance for a number of reasons:
- RIPA does not cover all public authorities, and there was no sense in police employee surveillance being conducted on a different legal footing than, for example, the Treasury, which does not have the same surveillance rights under RIPA.
- The Tribunal has very restrictive rules about evidence, openness and rights of appeal. The effect of these would lead to unfairness for employees of RIPA authorities when challenging their employers’ surveillance as compared to those who were employed by non RIPA authorities.
This case suggests that, even where employee surveillance is being carried out for the purpose of preventing or detecting crime, the question has to be; is it for a core function linked to one of the authority’s regulatory functions? In the local authority context this would include, amongst others, trading standards, environmental heath and licensing. If the surveillance is not being done for one of these purposes it will not be Directed Surveillance and consequently will not be regulated by RIPA.
Of course just because RIPA may not apply, it does not mean that the employer can do what it likes. Whatever type of surveillance is conducted, the right to privacy, under Article 8 of the European Convention on Human Rights, protects employees within the work environment. This means that the surveillance must be carried out in a manner that is in accordance with the law and is necessary and proportionate. There have been a number of cases where employers have been criticised by the courts for failing to take account of the human rights issues when doing surveillance of employees e.g. Copland v UK (3rd April 2007 ECHR) concerning communications surveillance and Jones v Warwick University ((2003) 3 All ER 760) concerning a claim for personal injury. Compliance with the Data Protection Act 1998 (DPA) will be evidence that the surveillance has also been done in compliance with Article 8.
All employers, be they public or private sector, have to comply with the DPA when doing surveillance, as they will be gathering and using personal information about living individuals. The Information Commissioner has published the Data Protection Employment Practices Code, which sets out rules to be followed when dealing with employees’ personal data.
Part 3 of the code covers all types of employee surveillance from video monitoring and vehicle tracking to email and Internet surveillance. Indeed those public authorities who are doing surveillance of their employees which now, in the light of the above Tribunal case, cannot be authorised under RIPA also have to pay special attention to the code. Whilst the code is not law, it can be taken into account by the Information Commissioner and the courts in deciding whether the DPA has been complied with.
One of the other main recommendations of the code is that senior management should normally authorise any covert surveillance of employees. They should satisfy themselves that there are grounds for suspecting criminal activity or equivalent malpractice. They should carry out an impact assessment and consider whether the surveillance is necessary and proportionate to what is sought to be achieved i.e. the same considerations that public sector employers subject to RIPA would have to consider when doing a RIPA authorisation. This assessment is best done in writing using a “Non-RIPA” surveillance form (Our RIPA Policy and Procedures Toolkit contains such a form).
If covert surveillance of an employee results in his/her dismissal, the matter will usually end up before the Employment Tribunal in the form of unfair dismissal proceedings. Here the Tribunal will also have to consider whether evidence has been gathered fairly and lawfully. In City And County Of Swansea v Gayle UKEAT 0501_12_1604 (16 April 2013) Swansea Council conducted covert video surveillance on the claimant, when he was for good reason suspected of playing squash during work time, whilst claiming payment for being at work at the time. The surveillance confirmed he was seen at the sports centre on a succession of Thursdays when he should have been at work.
The Employment Tribunal upheld a claim for unfair dismissal (though awarding nil compensation, for contributory conduct) because of the Tribunal’s distaste for the employer’s use of covert surveillance. Its view was that Article 8 (right to privacy) was engaged and broken in doing so. It took account of the council’s lack of awareness of its obligations under the DPA and the Code.
These views were rejected on appeal to the Employment Appeal Tribunal. The appeal was allowed with a substituted finding that the dismissal was not unfair. The Tribunal did not accept that here there was any breach of Article 8(1) so as to require the Tribunal to consider the requirements of 8(2) at all. If, however, the Tribunal had done so it would have been bound to consider the legitimate aim which the Council claimed to have. Here one of two such aims might have been identified. The first was the prevention of crime, the second the protection of the rights and freedoms of others, the “others” here being the employers whose money was at stake and who had contractual rights in agreement with the claimant that he would behave in a way in which as it happened he did not.
This is an interesting case for employers. Dismissals will not necessarily be unfair when covert surveillance is used as part of the dismissal process. Employees acting fraudulently on employer’s time cannot expect their actions to be kept private from the employer. However, employers would be well advised to tread with caution. Following the correct procedures and being mindful of their obligations under the DPA (as well as Human Rights) will inevitably put an employer in a better position.
Employee surveillance may not always engage RIPA. However data protection and human rights laws will always have to be carefully considered. In cases of surveillance of staff e-mail and internet usage Section 4 of RIPA and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 will also need to be considered. For more on the latter please see our online training course (Email and Internet Monitoring: How to do it lawfully).
Act Now can help you get to grips with this difficult area. Please see our full program of surveillance law courses which can also be customised and delivered at your premises. If you want a quick update try our forthcoming webinars.
Listen to Ibrahim Hasan’s interview on BBC File on Four on Secrecy and Surveillance: of http://www.bbc.co.uk/programmes/b03bdsyk