Purple Sea M.I.K.E. – €15,000 Fine (Greece, 2021)

Two individuals submitted a complaint against their ex-employer, claiming that the company surveils its employees via CCTV video-surveillance, without prior notification. The company claimed that a CCTV system was indeed physically installed but the 5 cameras surveilling work areas were disabled via software, thus only public/common areas were being actively surveilled. The Greek DPA (HDPA) imposed a fine of €15,000 euros on a company for illegal installation and operation of a video surveillance system in the offices of the employees and in the kitchen of the workplace. HDPA held that despite the cameras in question being disabled via software (showing a black box instead of the live feed in the CCTV software), they remained operational and could still be reactivated via software at any point without notification, so they should be considered as part of the operational video-surveillance system. Thus, the HDPA found that using this system violates Articles 5(1)(a), 5(1)(b) and 5(2) GDPR. Also, the CCTV system in question falls under the provisions of HDPA's 1/2011 directive, which is the main point of reference for the use of CCTV video-surveillance systems in Greece - in this case, this refers to a ban on video-surveilling certain work areas. HDPA also held that the company should have informed its employees on the operational status of the installed cameras, whether they were in operation or not, quoting among other things, the "chilling effect" that a non-operational camera might have on employees who might think it is in operation.