On October 1, 2020, the Hamburg Data Protection Authority (“Hamburg DPA”) fined H&M, the Swedish clothing company, over €35 million for illegally surveilling employees at its service center in Nuremberg. This fine is the largest financial penalty issued by a German DPA to date for a violation of the European General Data Protection Regulation (“GDPR”), … Continue Reading
On April 28, 2020, the Dutch Supervisory Authority (“Dutch SA”) announced its decision to impose a fine of €725,000 on a company for unlawfully processing the biometric data of its employees. In 2018, the company concerned installed an access and time management system that collected and processed biometric templates of employees’ fingerprints. This initiative came … Continue Reading
Over the past several days, Germany Supervisory Authorities and health authorities have issued statements and guidance about the handling of personal data in the context of the ongoing COVID-19 pandemic. In this blog, we consider some these statements in greater detail, as well as their implications for employers and employees.… Continue Reading
Today, one of the most critical risks a company can face is the cyber risks associated with its own employees or contractors. Companies are confronting an increasingly complex series of cybersecurity challenges with employees in the workplace, including employees failing to comply with established cybersecurity policies, accidentally downloading an attachment containing malware or providing their … Continue Reading
On September 5, 2017, the Grand Chamber of the European Court of Human Rights (“ECtHR”) issued its ruling on appeal in the case of Bărbulescu v. Romania, concerning alleged unlawful workplace monitoring of Mr. Barbulescu’s private communications. Overturning the ECtHR’s prior ruling in the case (covered by Inside Privacy here), the Grand Chamber held that … Continue Reading
By Dan Cooper and Rosie Klement The EU’s Article 29 Working Party (“WP29”) has issued new guidance on data processing in the employment context. Adopted on June 8, 2017, the guidance primarily takes account of the existing data protection framework under the EU Data Protection Directive (Directive 95/46/EC), but also considers the developments coming into force … Continue Reading
On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights). This judgment will influence how other European national courts and regulators view … Continue Reading
Meena Harris, a member of Covington’s Global Privacy and Data Security Practice Group, spoke with LXBN TV about the National Labor Relations Board’s recent ruling that two employees of a sports bar and restaurant were unlawfully discharged for their participation in a Facebook discussion criticizing their employer. You can view the interview here.… Continue Reading
Last Friday, the National Labor Relations Board (“NLRB”) ruled that two employees of a sports bar and restaurant were unlawfully discharged for their participation in a Facebook discussion criticizing their employer. In the Facebook discussion that prompted the firings, a former employee complained in a status update that she owed more taxes than expected because … Continue Reading
By Lindsay Burke and Brian Fitzpatrick On March 10, 2014, the EEOC and the FTC issued joint guidance on how the anti-discrimination laws and the Fair Credit Reporting Act (“FCRA”) apply to background checks performed by employers for employment application purposes. This guidance is published in two documents, one directed at employers and the other … Continue Reading
New Jersey has enacted restrictions on the ability of employers to access employees’ social media accounts, becoming the twelfth state to enact such legislation. More than 30 state legislatures have considered bills on the topic in 2013, according to the National Conference of State Legislatures. New Restrictions in New Jersey New Jersey’s new law, signed … Continue Reading
A New Jersey federal court recently held that an employee’s Facebook wall posts were protected by the Stored Communications Act (“SCA”), 18 U.S.C. § 2701 et seq., in one of the first cases to analyze the SCA’s application to the Facebook wall. Ehling v. Monmouth-Ocean Hospital Service Corp.., No. 2:11-cv-3305 (WMJ) (D.N.J. Aug. 20, 2013). An … Continue Reading
Many employers have been surprised by recent rulings that two common employment policies run afoul of the National Labor Relations Act (“NLRA”) even if their employees are not union members. Based on a legitimate interest in preserving confidentiality and privacy, many employers have adopted social media policies limiting what employees may post on Facebook or … Continue Reading
After gaining prominence in 2012, state legislation restricting access to personal social media accounts by employers and schools has remained active. Three more states have enacted their own restrictions thus far in 2013, and bills are pending in more than two dozen other states, according to the National Conference of State Legislatures. In 2012, Illinois … Continue Reading
On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance on the use of personal devices for business purposes. The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov. According to the survey, 47% of adults in the UK use personal … Continue Reading
A bill reintroduced in the U.S. House of Representatives on Wednesday would prohibit employers and schools from requesting or demanding access to employees’ or students’ personal social-media accounts. The bill, titled the “Social Networking Online Protection Act,” would bar employers from requesting or requiring that employees or job applicants provide the employer access to personal … Continue Reading
New Jersey earlier this month became the latest state to bar college and university officials from demanding access to students’ or applicants’ personal online accounts. Gov. Chris Christie signed the law, which takes effect immediately, on Dec. 3. Under the new law, which applies to public and private higher-education institutions, schools cannot require a student or … Continue Reading
Last week, Judge Ungaro of the Southern District of Florida granted in part and denied in part a motion to dismiss in Burrows v. Purchasing Power, LLC. The court found that the plaintiff had asserted a plausible claim under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA), granted the plaintiff leave to amend his … Continue Reading
California is the latest state to enact legislation restricting the circumstances under which employers or schools can demand access to employees’ or students’ personal social media accounts. California Gov. Jerry Brown signed two bills into law on Sept. 27. The first, A.B. 1844, bars employers from requiring or requesting that employees or job applicants disclose … Continue Reading
By Brian Ryoo On May 30, National Labor Relations Board (“NLRB”) Acting General Counsel Lafe E. Solomon issued his third report on employer social media issues, focusing on “overbroad” employer social media policies. The report expresses concern about “ambiguous [policies] that contain no limiting language or context” and give employees insufficient notice of their protected … Continue Reading
A federal district court in New Jersey ruled this week that an employer might have invaded an employee’s common-law privacy rights by coercing a co-worker into giving the employer access to the employee’s Facebook profile. The plaintiff, a nurse and paramedic employed by a non-profit hospital service corporation, alleges that her supervisor forced a co-worker … Continue Reading
Lawmakers in Maryland and Illinois have introduced bills that would prohibit employers from requiring job applicants or employees to grant access to their social networking accounts. The bills arose from reports that employers have impliedly or explicitly required access to social networking accounts as a condition of hiring or employment. A few bills have been … Continue Reading
Earlier this week, California became the latest state to restrict the use of consumer credit reports in the employment context, as Gov. Jerry Brown signed into law A.B. 22. As we previously have blogged, a growing number of states–including Connecticut, Hawaii, Illinois, Oregon, Washington, and Maryland–have augmented the protections provided by the federal Fair Credit Reporting Act … Continue Reading
Yesterday, the Missouri State Senate voted unanimously to repeal controversial portions of the state’s Amy Hestir Student Protection Act, which restricts how teachers can use the Internet. If passed by the state House and signed by the governor, the repeal bill would eliminate restrictions on teachers’ maintenance of non-public “work-related” websites and social networking contact … Continue Reading