Court case 2019/04546 – Court Ruling (Ireland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Irish court found that Ballymaguire Foods violated an employee's rights by showing CCTV footage of him without proper transparency. This ruling is significant because it stresses that companies must clearly communicate how they use surveillance footage. Employers should ensure their privacy policies are clear and accessible.
What happened
Ballymaguire Foods showed CCTV footage of an employee during a meeting without adequately informing him about the use of that footage.
Who was affected
An employee of Ballymaguire Foods who was not present during the meeting where the CCTV footage was shown.
What the authority found
The court ruled that the company failed to be transparent about its use of CCTV footage, violating the employee's rights under GDPR.
Why this matters
This case highlights the importance of clear privacy policies and the need for companies to communicate effectively about data use. It sets a standard for how businesses should handle employee surveillance.
GDPR Articles Cited
The data subject was an employee of the company Ballymaguire Foods, the controller, and was responsible for supervising other 20 employees. During a meeting in March 2019, the Quality Control Manager showed CCTV footages to several managers and supervisors as an instance of poor food safety practice for the purpose of identifying corrective actions. While the data subject was not present in the meeting, they were informed about it by other employees. The data subject initially filed a complaint with the Irish DPA, but was not assigned to a complaint handler due to a backlog of complaints. Then, they filed a lawsuit before the Circuit Court, pursuant to [https://www.irishstatutebook.ie/eli/2018/act/7/section/117/enacted/en/html#sec117 section 117 of the 2018 Irish Data Protection Act]. In addition to claiming that the further processing of the CCTV footage was illegal, the data subject requested compensation for non-material damages on the grounds that they felt humiliated and more stressed at work after the incident. In response, the controller argued that employees were aware of the purposes of the CCTV system as informed in its privacy policy. In addition, it maintained that there was a legitimate interest in the use of the images and classified the alleged damages as mere "upset, anxiety and embarrassment". First, the Court found that the controller had failed in its duty of transparency as it had four different privacy policies in place, none of which were in the native language of the data subject. In addition, the Court highlighted that the controller cannot rely on legitimate interest without first carrying out an assessment of that interest in relation to the rights and freedoms of the data subject. For these reasons, it held that there was a violation of the data subject’s rights under the GDPR. Second, the Court referred to the decision rendered by the CJEU in the the UI v Österreichische Post case (Case C-300/21), in which it ruled that while there is
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 2019/04546 in IE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 2019/04546 - Ireland (2023). Retrieved from cookiefines.eu
Last updated: