• (2019, Mar) German court rules on the issue of using vehicle telematics services in the employment context. Read a related LinkedIn article here.
  • (2019, Mar) ICO (UK) warns that employees could face criminal prosecution if they access or share personal data unlawfully. Thus, individual employees of an organisation could be sanctioned for data protection law breaches.
  • (2019, May) The Garamukanwa v. UK decision of the European Court of Human Rights deals with the right to privacy and use of e-mails in employment disciplinary proceedings.
  • (2019, Sept) The Spanish Data Protection Regulator applied a fine on a restaurant that sanctioned an employee based on mobile phone video evidence submitted by another employee.
  • (2019, Oct) ECtHR: In López Ribalda and Others v. Spain, the Court decides that hidden video monitoring of employees did not violate their human rights because it was justified by suspicions of theft.
  • (2019, Dec) The Hungarian DPA has fined an organization for the unlawful search in the archived e-mail account of a former employee (see here an article in English).
  • (2020, Jan) German court rules on illegal use of an employee’s photo on Facebook, after the employment relationship ended (red here an article in English).
  • The Danish DPA decided concluded that an employer may refuse to allow a former employee access to work-related correspondence, including emails, on the grounds that the request is excessive, particularly when it involves a lot of information (see the press release in English here).
  • (2020, Jan) H&M risks fine in Germany for recording sensitive data of employees and storing it in such ways that all the managers had access.
  • (2020, Jan) The Cypriot DPA banned the use of a human resources automated tool which scored the types of sick leaves and profiled employees based on this criteria.
  • (2020, Aug) Scott Ikeda: UK ICO Opens Probe Into Barclays for Employee Surveillance.
  • (2020) The Spanish DPA decided to impose a warning on Add Event Staff, S.L. for infringing of Article 7 GDPR by not gathering consent separately for different processing activities related to job search and commercial purposes.
  • (2020, Oct) NautaDutilh: Belgian DPA fines post-dismissal use of e-mails in the case of an employee who left the organization.


  • (2020, Feb) This Entrepreneur article states a number of ways in which employers can, or have already, tracked the activity of their employees using tech.


  • (2019, Mar) German DPA: re-issued guidance on data processing in the employment context (available only in German here; see article in English here).
  • (2019, Nov) Brandenburg DPA: comment on the transfer of group employee data to a third country (see here an article in English).
  • (2020, Apr) French CNIL: final version of its standard (“Referential”) concerning the processing of personal data for core Human Resources (“HR”) management purposes.
  • (2020, Aug) Polish DPA (UODO): statement on employers’ monitoring of their employees’ emails. According to this statement, the employers have the permission to monitor the employees’ emails to ensure work operations, but without violating the secrecy of communications safeguarded.