Data protection rights breach decision upheld in hospice employee’s case

Trawl of CCTV footage to find graffiti culprit led to sanction over unauthorised breaks

The Court of Appeal has upheld a decision that a hospice employee’s data protection rights were breached over the use of CCTV footage in a disciplinary investigation into unauthorised breaks. Photograph: iStock
The Court of Appeal has upheld a decision that a hospice employee’s data protection rights were breached over the use of CCTV footage in a disciplinary investigation into unauthorised breaks. Photograph: iStock

The Court of Appeal has upheld a decision that a hospice employee’s data protection rights were breached over the use of CCTV footage in a disciplinary investigation into unauthorised breaks.

The disciplinary action against Cormac Doolin arose as a result of an inquiry into graffiti which was carved into a table of the staff tearoom saying: “Kill all whites, Isis is my life”.

It was found in the tearoom of Our Lady’s Hospice and Care Service, Harold’s Cross, Dublin, in November 2015, less than a week after terror attacks at the Bataclan and elsewhere in Paris. Hospice management contacted gardaí about the matter.

As a result of viewing footage of who had gone into the tearoom over a three-day period, it prompted a disciplinary process against Mr Doolin, a craftsman’s mate at the hospice. There was no suggestion that Mr Doolin had any involvement in the graffiti incident.

READ SOME MORE

Hospice management viewed the footage which showed Mr Doolin entering the room on a number of occasions. This led to the disciplinary process and sanction against Mr Doolin over unauthorised breaks.

He complained about a breach of his data rights to the Data Protection Commission (DPC), which rejected the complaint.

The DPC was satisfied the processing of his personal data (his image), without downloading or further processing, was necessary for the purpose of security (the graffiti incident) and did not go beyond that purpose. He appealed to the Circuit Court which upheld the DPC decision.

Erred in law

Mr Doolin then appealed to the High Court which found the DPC had erred in law and had made an incorrect interpretation of “processing” under the terms of the Data Protection Act 1988. The DPC appealed that decision to the Court of Appeal (CoA) which upheld the High Court decision.

Mr Justice Séamus Noonan, on behalf of the three-judge appeal court, said it seemed to him that it could not reasonably be said that Mr Doolin had either been notified that the CCTV could be used for disciplinary purposes or that there was any basis upon which he ought reasonably to have expected such use.

The judge said it seemed as if “the contrary is much more likely to be the case”.

Mr Justice Noonan said there had been three appeals in this case, in which the costs involved were entirely disproportionate to the issue. There could yet be an appeal to the Supreme Court, he said, and there was no “obvious necessity” for such a multiplicity of appeals.

“It is to be hoped that the legislature will address this issue soon,” he added.