LinkBack URL
About LinkBacksThe DPA and GDPR cover all recorded data, not just on computers. Written records, recorded calls (including voicemail,) photos (digital or printed,) video and even stuff like microfiche all still count.Originally Posted by Top_gun
The DPA and GDPR cover all recorded data, not just on computers. Written records, recorded calls (including voicemail,) photos (digital or printed,) video and even stuff like microfiche all still count.
No doubt they do. However, my mode of thinking remains the same. DPA and GDPR are just generic data laws.
Article 8 is not restricted to just activities by government employers. In fact there are case laws where employees have used Article 8 in incidences with private companies who have breached their privacy. Bărbulescu vs Romania is one such example where Barbulescu worked for a private company and had his private communications monitored by his employers. Therefore, the principles of Article 8 does apply in the workplace including private employers.
If you read a bit more, it says this:
"What if your Convention rights have been breached by a private organisation or individual who’s not a public authority?
The Human Rights Act says courts should consider human rights in all cases they hear. This is because they're also public authorities and so must follow the Human Rights Act.
All courts in the UK must apply the law in a way which is compatible with human rights. This means they must interpret and give effect to the law in a way which is as close to the Human Rights Act as possible. They must do this in all cases they hear even if they don’t involve a public authority."
In this case human rights have not yet been breached, for the OP to claim that they'd need to fill the form in, allow it to be published and then take the company to court. Using the DPA they can refuse to give the information in the first place.
I don't expect ik9000 to go to court over this. The starting point for him is to have a reasonable discussion with his employer and getting the narrative right. ik9000 is in a strong position if he uses his right under Article 8 for privacy in the workplace rather than using a much more weaker argument like I don't feel comfortable in having my personal information published online or getting bogged down with DPA/GDPR matters. It would also make it extremely difficult for his employer to have a counter argument to his privacy right. Basically it boils down employee rights vs employer rights.
Yet on the same CA page, they sayIt seems like they need to make their mind up.
This means you can take action under the Human Rights Act if a public authority has breached your human rights. But you can’t take action against a private individual as they’re not covered by the Act.
More seriously, IF ik9000 works for a private company that carries out public functions, it is liable under the HRA for things it does carrying out those public functions, but not for other matters.
Private individuals cannot be held to account under the HRA at all.
But if the plaintiff can find some other legal basis for a court case, then and only then can the court apply it's own duty, as a public organisation to apply that law with due regard to the HRA.
Which means for the court's view to apply, to have to get it before a court, which means you need a basis for a case, which brings us right back to using the DPA/GDPR right to privacy.
Putting that another way, the HRA doesn't apply to private individuals or private organisations without a public function. So you can't use that for a court case.
However, the HRA does apply to the courts, who must follow it's principles if a case comes before them on some other grounds.
What other grounds might that be? GDPR right to privacy.
spacein_vader (25-05-2019)
General advice - when confronted with radical stupidity that's going to make you resentful at work, just say no straight away. When they ask, tell them why and tell them you're not doing it and that all it'll do is make you resrent working there. If that's not good enough for them then the company is becomming tyrannical and you need to get out of there fast. Once the door to the stupid is opened even a crack, they'll boot it in your face.
This is a lesson from someone who didn't say no to the stupid and is now fighting to shut the door.
As for going in all guns blazing, I would do the following in prep for anything like this:
1) Canvas other's opinions but don't stir up trouble. Are you going to have support if it blows up or not?
2) Approach it informally at first. Try and consider each of your points to a depth of three levels (i.e. three counterpoints they'll make on each point that you can shoot down). Odds are when they thought this through they only gave it a single level of analysis. 3 levels on every point means you win the discussion hands down.
3) Prepare your legally backed offence well in advance. It gives you the power and confidence to be forthright in your arguments at earlier stages.
4) Consider, if they're being difficult, letting it leak to someone who will grass that you have a legal argument prepared. If they get wind they may become suddenly more willing to negotiate to avoid it going there.
it's not that sort of company. Generally friendly and this will be well meaning but not thought through in terms of privacy. I already get mocked for not using whatsapp due to its t&cs and am seen as an oddball for it. People don't get the issue. This is the inevitable downside to it trying to present itself as a young trendy firm I guess.
what a completely engaging and thoroughly interesting thread guys, thanks for bringing this subject up and kudos to all concerned in sorting it
and no, I aint being sarky !
Cheers, David
spacein_vader (26-05-2019)
The Citizens Advice Bureau is right on both accounts. ECHR expects the UK courts to consider all aspects of ECHR in their decision making regardless of whether they're individuals, private or public bodies. Any failure in the consideration of human rights after the UK court decision then becomes a state vs the individual in ECHR.Yet on the same CA page, they say It seems like they need to make their mind up.
More seriously, IF ik9000 works for a private company that carries out public functions, it is liable under the HRA for things it does carrying out those public functions, but not for other matters.
Private individuals cannot be held to account under the HRA at all.
But if the plaintiff can find some other legal basis for a court case, then and only then can the court apply it's own duty, as a public organisation to apply that law with due regard to the HRA.
Which means for the court's view to apply, to have to get it before a court, which means you need a basis for a case, which brings us right back to using the DPA/GDPR right to privacy.
Putting that another way, the HRA doesn't apply to private individuals or private organisations without a public function. So you can't use that for a court case.
However, the HRA does apply to the courts, who must follow it's principles if a case comes before them on some other grounds.
What other grounds might that be? GDPR right to privacy.
Last edited by Top_gun; 25-05-2019 at 08:14 PM.
The point was that action cannot be taken against individuals, or against private companies unless they have a public function, under the HRA and even then only on matters relating to their public functions, if they have any.
So ik9000 cannot himself hold his empoyers to account under the HRA or Aryicle 8, unless they do some public function, as defined. He cabjot directly hold that over his employers. He can hold their GDPR obligations over them, or more diplomatically, point out those GDPR implications and if, in extremis, take legal action under that that isn't available under the HRA
Having got it to court, then the court, as a public organisation, has to consider the HRA principles, and apply them as far as is consistent with other legislation. But for that to hapopen, it already has to be before the court and ik9000 needs a basis for doing that. i.e. GDPR rights.
This thread was wbout what ik9000 can do.
He can point out their GDPR obligations to him, which are directly imposed on the employer, and directly actionable if breached. Or he can point out that if he finds a basis for court action, the court will then have to consider Article 8.
My view, and yours may differ, is that he has a far better argument to convince, in a friendly discussion, his employer, that at least part of what they are proposing is a clear breach of their GDPR obligations, rather than the indirect and somewhat circuitous route of the effect of Article 8 on the court, if he ever gets them there .... which presumably would be under GDPR anyway.
spacein_vader (25-05-2019)
I reiterate my points made in post #19 and #21.
ETA: I imagine ik9000's employer switching off while discussing the ins and outs of GDRP!
Last edited by Top_gun; 25-05-2019 at 10:45 PM.
They may switch off, but the fact remains they have a duty to him under GDPR that is actionable, but don't under the HRA, unless .... public function, etc,
Nobody thinks it's a good idea to take it to court but unless somebody does, a non-public function private company isn't subject to the HRA and only indirectly if they do. They are directly subject to the GDPR.
And I got posts #19 and #21. I just disagree that the HRA much helps ik9000. But then, neither your nor my opinion on that much matters. Spacein_vader, on the other hand, gave direct, qualified advice and offered practical help. Nice one, Mr. Vader. A perfect example, IMHO, of forum community spirit.
ik9000 (26-05-2019),spacein_vader (26-05-2019)
I don't know anything about the Human Rights Act beyond a quick Google but Saracens interpretation matches my limited understanding.
GDPR* has been in the news a lot over the past 12 months so hopefully most employers will have at least heard of it. Hopefully the situation would get nowhere near going to court but a polite chat should hopefully convince them to at least look for some guidance. The "For Organisations" part of the Information Commissioners Office website www.ico.org.uk is a good place to point them at to start as it has many guides to explain the real world impacts of data protection laws in relatively plain English.
*I appreciate I've used GDPR and DPA almost interchangeably. The DPA is the UK law enacting the European GDPR rules. While it's an oversimplification to suggest it's a copy and paste of GDPR in this case they are functionally the same.
Saracen, your idea that if you work for a public sector organisation then you have a right to privacy at work under your Human Rights but don't if you work for a private sector seems fundamentally wrong to me.
Sorry for the delay.
It might seem wrong, and it's not my idea .... but I have been assured by someone very qualified that it is the case. The fundamental point is that the scope of the HRA (and indeed, the ECHR) is to protect the rights of citizens from abuse by the state. That is then interpreted as organs of the state, i.e. public authorities. And thus it only applies to private companies if the state has effectively sub-contracted public functions to them and they therefore are effectively agents of the state.
That bit really is about preventing the state from avoiding liability by that kind of sub-contracting.
I'm sure we can all think of situations where, but for that provision, the state might shield itself that way. One example would be a private company running a prison. Another would be an intelligence organisation getting round the right to privacy by farming out illicit survrillance activities.
But in any event, the HRA/ECHR is about ensuring individuals fundamental rights are protected from abuse by the state.
Other legislation exists to protect us from abuses by private companies, ranging from data protection laws, to anti-discrimination laws, to working-time directives, to health and safety at work laws, to unfair dismissal, product liability, the Factories Act and so on.
It's not as if the HRA not applying to private companies (except in specified situatiobs) leaves us unprotected from those companies. It's that the HRA is there to do a job (protecting us from abuses by the state) and other tools are there to protect us from private companies.
It's all about the scope of the Act.
There are currently 2 users browsing this thread. (0 members and 2 guests)
Posting Permissions
Reply With Quote
