- If an employer wishes to use CCTV in the workplace, the ICO must be notified as to why they intend to use it. This is part of the registration process for a data controller under the DPA. An employer cannot then use the information collected for any other reason. For example, if the organisation is using CCTV to monitor crime, it cannot then use it to monitor staff. Employers should, before using surveillance cameras, carry out an impact assessment, decide if alternatives are possible and only go ahead if the use of cameras meets a legitimate aim.
- Staff must be informed that they may be recorded and where cameras are located. To make this undisputable the employer should use clear and visible signs.
- Levels of CCTV surveillance in work must be proportionate to the reasonable expectation of privacy. In certain areas with a higher level of expected privacy, such as near toilets, changing rooms, kitchen and break areas, it is unlikely to be acceptable to have cameras.
Maintaining integrity in these areas is essential. Employers need to be aware that staff can request to see the recordings kept of them by making a subject access request, and the data must be provided no longer than 40 days after a request is received.
"
It seems that the UK law is reasonable. (At least for a country that has a high level of surveillance)
A few years back my employer took over a floor of offices that had previously been occupied by a small financial services company - they had installed loads of very obvious cameras in the ceilings. Although I was pretty sure they weren't connected to anything I went around and disconnected all of the cables going into the cameras just to make sure!
I don't find it "reasonable" to be filmed all the time while I'm at my desk. Things like that always end up being abused, not matter that "the ICO must be notified as to why they intend to use it".
Plus it create a terrible working culture. The work place feels not part of my social life anymore. Why would I feel motivated to do better ? Do be part of a mission ? To feel some meaning ? I'm not doing my part anymore, I'm doing my time.
Cameras on the parking ? Sure.
Cameras on the shops and other places receiving customers ? Ok.
Cameras on areas with risky data or money ? Make sense.
But keep the cameras outside of my freaking office. I've quit for less than that.
>An employer cannot then use the information collected for any other reason. For example, if the organisation is using CCTV to monitor crime, it cannot then use it to monitor staff.
>Employers need to be aware that staff can request to see the recordings kept of them by making a subject access request
The second kind of undermines the interest sought to be protected by the first. I can imagine nefarious reasons for wanting to see the same frames of footage that you happen to be in.
Considering the subject access request will have to be processed by somebody watching the video with you in it, I can't imagine a nefarious use for making a subject access request.
I think not uproaring is a very rational response to the threat model:
- You already have little expectation of privacy at work. Your computer has a sysadmin account for the company, and probably not a sysadmin account for you. Your Springsteen tickets are logged and potentially cached in the printer's memory. At most places, coworkers can see what you're doing in person. So there's no strong reason to expect more crackdown on occasional personal use of work time/resources than there has been in the past.
- There are easy options (especially for people who get an NYT salary) for private work and private computing: doing things at home, using your cell phone (not on the corporate network, no corporate login, and probably too small to see on the cameras), taking a quick break to a nearby cafe, printing your tickets at FedEx, etc. (Many of those are much more anonymous than possible at work, e.g., leave your phone at your desk, email to printandgo@fedex.com from a throwaway account, and pay in coins.)
- The stated rationale—responding to violent attacks—makes sense, is quite worthwhile individually in expectation (even a slight reduction in your chance of getting killed is quite valuable), and if believed implies insufficient staffing to effect a panopticon. There's probably just one security guard downstairs, at most.
- There's other personally beneficial reasons to want cameras at work, e.g., helping you (whichever side you find yourself on!) in harassment claims. In particular I'd actively want low-resolution cameras, enough to identify people but not enough to read standard-sized text on paper or screen, covering every office or conference room with a door that closes.
My own workplace has cameras everywhere other than the bathrooms. We're told this at orientation, and also told that nobody is actively watching them. This seems totally fine to me. If there were security cameras in the bathrooms / privacy rooms / etc., or in my apartment, or in hotel rooms, or anything else, that would be quite different.
Waiting at the auto repair shop today, a woman came in asking to speak to the manager because she believed the shop had removed the tires from her rental car and replaced them with different rims. The manager was able to appeal to the fact that there were security cameras directly watching the bay to get her to file a police report instead. I talked to my mechanic later, a young black man. He said another customer once accused him of stealing the emblem off his BMW, and the cameras cleared him. Cameras really can protect employees who do a good job.
This is an interesting take. I think the nuance here is that we're talking about very disparate industries. Blue collar work may benefit from such kind of monitoring, while white collar work may not (maybe it does, I don't have an opinion).
The camera is a prop there. No policeman is going to do more than smile and nod at the crazy lady accusing a mechanic of stealing tires from a rental car.
> helping you (whichever side you find yourself on!)
Consider the case where a supervisor makes unwanted physical contact with a subordinate. I wouldn't be so quick to assume that the company would hand over evidence to the subordinate if s/he made the claim. If they act in the best interest of the company, they would delete the footage and reprimand the superior. What company would hand over evidence that could cost them an expensive harassment suit?
Cameras can absolutely be a liability [1]:
> a partner at a big law firm came up afterward to say that his firm had taken out the security cameras in its stairwells. “We picked up so much sexual activity on the cameras, after midnight, that it was a liability to have the videotape in our possession
Where do these people work? And how do I get a job there?
Seriously, though. Even when I was a cooperative engineering student (ie. low 20's ages, lot's of partying, everybody pretty far from home for 3 months), people weren't fucking in the stairwells. Good grief.
Most of the places I worked, I generally have difficulty coming up with a single person who I would even want to have sex with.
they work in biglaw. They are ivy-league-educated over-achievers who are in multiple-6-figures of student loan debt. They already beat the odds to even get the job, then have ~5 years to work as an 'associate' lawyer making roughly what an experienced software engineer makes (this is after or contingent upon passing the bar exam, and many biglaw firms are in NY or CA which have two of the top-5 most difficult bar exams to pass) before they either are promoted to partner or get fired. This is not to mention putting up with acerbic and powerful coworkers, putting in 60-80 hours/week, while always being one mistake away from being fired. I don't wish that fate on anybody. checkout abovethelaw.com or the series Suits (it's heavily fictionalized, but it gives you a good perspective) for an insider's look at that lifestyle.
Consider offices of thousands of people who often work past midnight for weeks on end. My ex worked at a top-10 lawfirm - their IT and building support teams worked in shifts so that you could get food brought or documents printed 24/7. In many of these firms, people have little to no life outside the office. My ex told me one of the female partners had talked to her about how it worked quite well to mix with family: she said good night to her children every night, by video call.
In an environment like that when you have thousands of people who often find themselves working late and having no other outlet, of course stuff goes on in the office.
While she was there a partner was caught on camera with one of his secretaries in the company pool.
I am expressing (hopefully humorous) disbelief in the provided claims given my own experience.
As you apparently don't have relevant experience, you seem to be unable to add or subtract authenticity to the claims.
I suspect an uncharitable answer is: "One or more of our senior partners likes to accost people in the stairwells."
A more charitable explanation is that it could be a more "New York" thing in that people are at the office, drunk, late for various reasons (office parking is a good spot to park the car for late events; hit the office before riding mass transit for 30-40 minutes for a pit stop; etc.)
- as evidenced by this article, and some of the posts here, people who haven’t gotten used to permanent surveillance do have an expectation of privacy. And cameras are different than people watching you because it’s one-way, and at scale.
- allowing people to do minor personal tasks at work is expected in a professional career such as journalism. It’s not a sweatshop, peoples’ productivity doesn’t neatly correlate with hours worked anyway. And you’re expected to be readily available outside of work hours anyway, so this should cut both ways.
- shooting happen within just a few minutes and the effect of cameras is debatable, especially if there is no armed and trained security.
- The NYT is a sort of high value target. I would not expect to get into their offices without proper ID.
- Is there some epidemic of false harassment claims everyone is worried about? As far as I know there was one case that had consequences at the Times (Glenn Thrush) and he admitted to the behavior. Also like 90% of harassment is verbal, which cameras don’t capture. The rest seems to happen in hotel rooms and bars, which these cameras also don’t address.
While you need ID, all that proves is that you have been asked to attend. You can get access to the building (ok after hours) by signing up to a meetup and providing your name. Also by virtue of the work they do, relative strangers will come in frequently as sources, experts, etc.
Shootings tend to happen relatively quickly (though often longer than people think the Virginia Beach shooter wasn't contained for 15 minutes), but they tend to have very long and potentially dangerous sweeps to clear the area. You don't want a response team to accidentally shoot a guy holding a stapler or something.
The NY Times building is a single block from Times Square where there are enough heavily armed response teams to depose several island governments 24/7. Also being in the area somewhat regularly there are regular and counterterrorism police directly in front and across the street often during daylight hours.
The Times is kind of the exception that proves the rule. If you aren't literally feet from an armed response that can bring down everything from an armored car to a helicopter (only rumored, but repeatedly so) it probably won't do as much good. In their particular situation though, I suspect it could save lives if a rare event occurs. Which is always a hard thing to balance.
Also, more generally, I assume the NYT's security team has a more considered and more informed opinion on this than anyone in this discussion does. I stated that I think their rationale makes sense: that doesn't mean I think I agree with it. I'm not qualified to. I have no actual idea if it will help, but if they say it will help, it doesn't sound bonkers (the way that e.g. "making everyone in an airport stand in a long crowded line to take their shoes off will reduce mass casualty events" sounds bonkers).
Almost everywhere, including as far as I know in France, such limitations tends to disappear for anyone who can control their own working hours to at least a certain extent (whether or not that control is genuine is often a matter of contention) to make up for it.
I'm not an advocate of permanent surveillance, nor am I used to it. As stated in the comment I expect no surveillance in my home, at hotels, etc., and I expect little enough surveillance on the street that I can walk to a FedEx and pay in cash without being facially-recognized all the way. I am, however, used to the norms of my life at work being different from the rest of my life. When I do browse the web on my work computer, my employer might monitor it (and I have a personal laptop at work for this exact reason). When I develop copyrightable writing/code/etc., my employer owns it, even if it's not totally relevant to my job. I don't tell off-color jokes or flirt with people the way I could outside of work, nor do I have any desire to. Work is different from the rest of your life, because you're doing a task for your employer, and your employer controls the space. If your employer wants to install a camera, that's like you installing a camera in your own home—totally reasonable in common spaces, creepy in bathrooms. I think analogizing being surveilled at work to being surveilled in general makes as much sense as analogizing losing copyright over your writing at work with losing copyright in general.
(There might be a problem that people are at work too much of their lives, or that people should work for themselves or worker-owned coops instead of for bosses, or something, but those seem like independent problems; trying to solve symptoms of those problems and ignoring the underlying issue doesn't seem productive.)
Precisely because allowing people to do minor personal tasks at work is the norm in the industry, I think there is little risk that cameras will prevent people from doing minor personal tasks. Mine is the same: I feel quite comfortable checking personal email / IM / Hacker News on my personal laptop at work despite having a camera somewhere looking at me and easily being able to tell when I'm not looking at my work screen. Basically, I think that if they wanted to crack down, there are easier ways to do that than cameras, so they don't, and cameras won't make them decide to start cracking down.
And to be clear, I'm much more interested in video evidence to back up harassment claims than to deny them. I'm of the opinion that a lot goes unreported because complainants know there isn't much evidence. But you make a good point about lots of it happening off-site.
Expectation of privacy does not depend on you getting used to it. A workplace can be monitored by the business that's paying for it and is a good idea to reduce risk and litigation.
Nobody cares about a few personal tasks at work but it's important to have video evidence when something serious occurs. And yes there are false harassment claims, and having even a single case avoided because of footage is worth it for both the person and company involved.
> Your computer has a sysadmin account for the company, and probably not a sysadmin account for you.
I know that's the case some places, but I've never worked anywhere where that was the case. And that includes a company with 10k employees. It's nowhere near universal.
That is also much less of a restriction than it used to be: Most of us have personal computers on our body most of the time, as you point out.
But expectation of privacy is largely down to how you choose your society to be. Many countries have restrictions on what employers are legally able to do with that access for that reason. E.g. Norway has strict limitations on to what extent employers can even look at your corporate e-mail account without your consent because there is considered to be an extent of expectation of privacy there too, and tries to strike a balance between protecting that and protecting the needs of the employer.
A lot of Norwegian labour law around privacy boils down to whether employees have a legitimate reason for reducing the expectation of privacy, and how to minimize that invasion, rather than accepting that "you already have little expectation of privacy at work" is a valid excuse for eroding it further. Part of the rationale here is that people spend sufficient time at work that it is unrealistic to expect there to be no co-mingling of personal life and work, and so there is a need to create limited spheres of privacy even at work, and it is rare that this conflicts with legitimate employer concerns (and "you should spend 100% of your time exclusively on work tasks" is not considered legitimate) in ways that can't be reasonably resolved.
I find it troublesome how many people don't even question whether or not this kind of erosion of privacy serves legitimate purposes.
> At most places, coworkers can see what you're doing in person.
There is a very different dynamic there, though, which you can easily test: People have different levels of awareness of a person looking in their direction vs. a camera. If I had a manager standing behind me all the time, I'd quit.
A camera is better in some respects (you don't have someone standing there) and worse in some respects (it is actually there all the time and you don't know when someone is looking)
Whether or not it's truly invasive largely boils down to how it is handled. Active monitoring is very different from knowing someone might look at the recordings to look for evidence for in the case of specific types of events, for example.
I would assume that the retention schedule and process around the video is designed to benefit to protect the employers interests.
“Nobody watching” is meaningless. Amazon offers facial recognition as a service, and many tools exist to identify and classify data in video. The computer is watching, and it will be configured to see whatever is in the interest of the folks controlling the machine.
When I was younger, I had a boss that had security cameras around our small office. When he was at home (which was half the week), he would watch us through the cameras.
These cameras also had two-way audio, so I would be having a conversation with my co-worker and he would butt into the conversation..through the camera.
I only lasted about 3 months before I quit. There is still an active, private, Facebook group with ex-employees of this company. The boss was so horrible..it's almost like people needed a support group.
In my company our product person was working remotely. For a short stint he was elevated to head of engineering, even though he had absolutely no idea about how engineers work. It was around that time that he presented the idea of a webcam pointed at us with open audio all day, so that he could be in the loop.
We quickly shot down that idea, together with his recommendation to "have trello constantly open in one of our monitors".
During his stint the complete engineering team including me practically evaporated, only one or two people stayed on... He's still going on, as he's friends with the CEO.
This anecdote is probably a bit off topic to the article as this was not for "security", but it goes to show how many people are so open to the idea of cameras to solve their little problems.
The camera bit in that case doesn't seem so bad to me - as long as he'd do it two way, and it was positioned so that it wasn't much different from a "portal" to someones desk, and audio similarly calibrates so he wouldn't hear muted conversations at other peoples desks. From the "trello constantly open" bit it sounds like he had something more excessive in mind though.
Same but different tyrant-boss but no two way audio.
We didn't have gigabit broadband back then, therefore whenever the boss was on the cameras the internet went slow. Therefore we always knew that if the internet was slow we had to be on best behaviour.
We never told him how we knew when he was watching or let him know that we knew, it was an office wide open secret amongst us though. Funny times.
The off topic highlight was when a young French girl was being interviewed. I happened to be in earshot and I almost fainted. Straight up she was asked about her plans to start a family. They didn't want to hire someone who might cost them maternity pay down the line, hence the opening question that brazenly got straight into the sexism. She took the job.
you should have hacked the camera drivers, a-la Speed, to show the same footage of people diligently staring at screens with their hands neatly placed on the home row.
> Straight up she was asked about her plans to start a family. They didn't want to hire someone who might cost them maternity pay down the line
In France, you can lie to that question without legal repercussions, even when currently pregnant, and refusing to hire someone for the reason you stated (and a long list of other reasons) would be illegal.
Does this kind of thing exist in the US, even if only in some states ?
In the name of security, Big Blue decided to add keycards to go through every single door. It's understandable. They first added the card readers over the span of months, getting people used to them even if they weren't functional. Then they added the turnstile at the entrance. It's a good idea to allow only authenticated people into your building.
What they didn't take into account was the number of people that go in and out of the building every single day. Imagine a 12 story building with at least a hundred people on each floor on the average day. And they had to be funnelled through a single turnstile. Then there is the elevators.
One morning, everything was activated at once. The line backed all the way outside the building and wrapped around. You could spend up to twenty minutes to get into the building. Then once you are in, you have to wait for the elevators. You have to scan your keycard to get to your floor. Now try doing that with 30 people in the elevator and they all want to go to a different floor.
"Can you press 11 for me?"
They couldn't, because their card only works for the third floor.
In less than a week they shut everything down and went back to the designing board. They had to rebuild the reception to add 4 turnstile. The elevators keycard readers were never reactivated again.
My personal experience has been a key card check to get into the building and another at your secure area. Corporate security made it very clear that holding the door open for someone else would be taken extremely seriously.
Or just declare them firefigter unsafe by making it carry less than 250kg at a time (rescue via elevators an elevator capable of at least four persons at a time).
>What they didn't take into account was the number of people that go in and out of the building every single day. Imagine a 12 story building with at least a hundred people on each floor on the average day. And they had to be funnelled through a single turnstile. Then there is the elevators.
A FAANG did this in a European country and it's amazing to see the backlogged line after things like pre-determined fire drills.
Took to waiting for 30 minutes because I didn't create the problem but I was getting paid, either way, so, why should I have to "fight the crowd" to achieve the same goal, which comes with more stress and effort, when I could simply do it on my own terms?
Cameras were installed at a previous company where I worked. This was just an office - there was nothing to see anyone doing other than sitting at desks and walking between desks.
The management told the staff they were only going to be on after working hours, to catch thieves. I noticed a week or two later that some young, male, technical members of staff, including the one who did the installation, were in the server room watching staff on the monitors, laughing at people’s appearances and talking about the sexual acts they would like to perform with some of those visible on the monitor.
I reported this to management, who said they’d fix it. A week later, the same was happening. Again I reported, again it carried on. Then I saw that (male) management were using the web viewer from their desks to watch the women in the office (selecting particular views) from the comfort of their desks with monitors towards the windows. Which are reflective, so they weren’t as private as they perhaps thought.
I told one of the women concerned. She complained to the same management - they told her they were off during work hours (which they weren’t) and nothing happened.
I kept spotting them sitting watching the staff from their cosy corners, so I logged into the system (it wasn’t hard to find the credentials) and reconfigured it so it wouldn’t appear on the network any more.
It took them a few days to factory reset the box and they were off again. I left shortly afterwards - the general attitude towards employees being one of my main reasons.
This smells an awful lot like classism to me, and so do a lot of the comments. It's gross that people would be okay with and even supportive of monitoring poor/blue collar work environments but suddenly educated wealthy people are being treated the same as poor people and it's a big problem.
All people considering leaking evidence of unlawful behavior by powerful entities like governments should take note: The New York times is much more risky an outlet than it used to be.
If someone wants to find the source of a leak published at the NYT they probably only need to hack or seize the DVRs recording those cameras.
Do the tapes persist forever? I'd assume they only keep it for a couple of days at most. For the stated reason, incident response, you may not even need recordings at all, just a real-time view.
I also assume the NYT doesn't meet with sources in their offices (in full sight of everyone from the summer intern to the person restocking the fridge, all of whom you could try to bribe), and instead meets in a crowded public location like a cafe.
The article mentioned that the video is kept locally and not stored anywhere in the cloud, so if you want to hack it you're going to need physical access to the building. And if you have that then NYT has a whole lot of other problems it should be dealing with before worrying about the cameras.
(besides, I very much doubt many people leak to the NYT by walking into the office and announcing their presence. They do it online or send things in by mail in the stories I've read)
The point is the government can force the NY Times to hand it over. And they will. First amendment protection for sources applies to the journalists but not so much third party data.
I'm still not sure exactly what they'd be handing over that would be of note. Confidential sources surely wouldn't meet with journalists in the office, it would be a crazy risk to have them walk through the front door and keep them in view of the entire newsroom.
The cloud is just someone elses computer. Someone elses computer network is not the only network that can be hacked.
Perhaps the cameras and DVRs are on a physically isolated, non-internet connected network ... but I certainly wouldn't bet my life on it even if they told me they were.
> NYT by walking into the office and announcing their presence.
No, but reporters presumably look at work on their notes in places visible to the cameras.
The part of this that worries me is that journalists will often have embargoed, confidential (classified?) information open on their monitors from time to time. Obviously this doesn’t matter in the part of the newsroom that reviews restaurants, but imagine this at the Guardian or Washington Post during the snowden leaks etc. It’s much easier to seize a DVR containing videos of all the secret communications than to get a source some other way... I hope most news outlets that deal with truly sensitive data have something akin to SCIFs, but you never know what pops up in someone’s cubicle...
People are right to focus on the downsides, but I do want to intrude one consideration: Newsrooms have already been the target of attack. There are people out there with skills and weapons, who view journalists as "the target".
Maybe one day, the security camera footage will be materially useful?
Isn’t anything you do on a company issued machine or network monitored as is? I think the question is not whether or not your activity is monitored but whether or not you work for an employer who cares that you occasionally browse Facebook, in which case the problem is your employer and not the fact that you’re activity is monitored.
I've always assumed that everything associated with a workplace was under surveillance. I'm not sure why anybody would be surprised or upset about security cameras. A bizarrely lukewarm take from the NYT here.
Bizarre that we would be regulating where people spend a significant fraction of their time? That's only a "bizarrely lukewarm take" in the US, few other places have this everything goes mentality.
Spending a significant fraction of our lives at work is also ironic: in a free, democratic country like the U.S., you're in an autocratic micro-regime most of the time¹.
¹ Granted, that you're free to replace with another or try to start your own!
Surveillance cameras in an office are fundamentally no different than having a manager's office that overlooks the factory floor. But maybe that's exactly it: journalists who work in an office are used to thinking of themselves as being of a fundamentally higher social class than factory workers.
"Surveillance cameras in an office are fundamentally no different than having a manager's office that overlooks the factory floor."
The difference is that the manager can't see everywhere at once.
I'm reminded of the famous office scene from Terry Gilliam's Brazil: [1]
and also of the Panopticon[2], which was just a Romantic fantasy of Jeremy Bentham's when he dreamed it up in the 1790's, but which has become reality in the 20th and 21st centuries, with the advent of supermax prisons, schools, factories, and offices, with their omnipresent surveillance.
Bentham described the panopticon as "a new mode of obtaining power of mind over mind". It's depressing and frightening that there are still many advocates of such oppression.
The article implies that the cameras were installed against terrorists. Some people are pretty happy to throw their privacy away in this illusory fight against terrorism. Needless to say, the terrorists have already won, we’re slowly giving up everything that separates us from them.
They have security cameras to protect people and the bank assets - not do monitor the work of their employees.
At least in Europe that's the law. Besides that, you must have visible warning signs to let people know there are cameras recording them, and you also have to notify the national entity that's responsible for data protection that you will have "X" cameras (image, audio, or both) for the "Y" purpose.
- For security reasons: to protect people and assets;
- For monitoring: to control your employees activity.
Picking a ridiculous example: if your boss tells you that you're spending too much time talking/doing a task/eating, because he as been watching you via security cameras, he will be in a lot of trouble.
Destroying office equipment seems like a good way to become unemployed. Not everything has to be absolutes; before burning the building down, you could just ask "hey, what's with the cameras".
Normally I'd agree, and there are plenty of work sites where cameras can work in the employees' favour, but for a journalist of a large respectable newspaper?
At the very least they would have had something to write about, because this article is lukewarm at best and feels like a complainy blog post.
Also, getting fired at a news paper for blacking out the cameras in the vicinity of your desk as a protest because a new security chief wants to feel important is probably a blessing in disguise.
I'd much rather have a security camera over my desk than a manager's head hanging over my shoulder. Yes, there's a privacy tradeoff, but for me personally it would be worth it to cut down on workplace drama. No more he-said she-said fights that end in both people being terminated. No more false accusations of sexual harassment or racism, and a lot fewer genuine instances of both. I'm especially in favor of them if the footage is archived and only viewed if there's a specific need to, as opposed to being available live.
Do those things happen to you a lot? None of them have ever happened to me. The security should match the risk; I'll keep going without a camera, but perhaps you could simply have your own camera recording yourself all day, if you need this protection.
Not to me, but they have to coworkers. We have a lot of seasonal low-wage workers whose lives are...interesting. There was a non-fatal shooting in the parking lot several years back between a woman and her ex-boyfriend.
- If an employer wishes to use CCTV in the workplace, the ICO must be notified as to why they intend to use it. This is part of the registration process for a data controller under the DPA. An employer cannot then use the information collected for any other reason. For example, if the organisation is using CCTV to monitor crime, it cannot then use it to monitor staff. Employers should, before using surveillance cameras, carry out an impact assessment, decide if alternatives are possible and only go ahead if the use of cameras meets a legitimate aim.
- Staff must be informed that they may be recorded and where cameras are located. To make this undisputable the employer should use clear and visible signs.
- Levels of CCTV surveillance in work must be proportionate to the reasonable expectation of privacy. In certain areas with a higher level of expected privacy, such as near toilets, changing rooms, kitchen and break areas, it is unlikely to be acceptable to have cameras.
Maintaining integrity in these areas is essential. Employers need to be aware that staff can request to see the recordings kept of them by making a subject access request, and the data must be provided no longer than 40 days after a request is received. "
It seems that the UK law is reasonable. (At least for a country that has a high level of surveillance)