Thank you all
This is really helpful advice.
The question is a bit of a hangover from a previous profession, and I was interested to hear recently that it’s not been resolved.
Essentially firms can monitor usage of databases that people use for research. These databases usually cost a small fortune and obviously those holding the purse strings want to know if their usage justifies the cost. Strangely the vendors usage statistics are not entirely objective so aren’t much use in my experience!
Anonymisation doesn’t seem to work very well, primarily in small sets of users, because it identifies things like department and job level so individuals can still be identified.
And true anonymisation wouldn’t really work when you are trying to meet the objective of actually speaking to them, in order to get their opinion of the database should they be a regular user.
So, the reason for processing is good business practice.
I can see why monitoring via CCTV etc would be a different ballgame, but this - described above - is still monitoring, even though the harm should data be lost would be very low.
It may be that it’s down to the risk the organisation is prepared to take?
Thanks again.
Susan Doe
Sent from my iPhone
> On 12 Dec 2019, at 16.18, Palmer-Dunk, Dan <[log in to unmask]> wrote:
>
> I don't know anything specific about those countries (I'm certainly not a 'European expert'), but you could use the below as general reference material. I would expect monitoring to be legitimate interests rather than contractual, because I'm not sure you'd pass the strict necessity test (including proportionality and subsidiarity)- but note that with legit interests you've got the balancing assessment and similar necessity, proportionality and subsidiarity tests.
>
> WP55 Working document on the surveillance of electronic communications in the workplace - https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2002/wp55_en.pdf
>
> Opinion 8/2001 on the processing of personal data in the employment context - https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2001/wp48_en.pdf
>
> Opinion 2/2017 on data processing at work - http://ec.europa.eu/newsroom/document.cfm?doc_id=45631
>
> Dan
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Susan Doe
> Sent: 12 December 2019 12:55
> To: [log in to unmask]
> Subject: [data-protection] European experts?
>
> Good afternoon,
> I am quite new to this list, so forgive me my ignorance - but are there people on the list who are familiar with GDPR in countries such as Germany and France? Or could give me contact names?
> Obviously there are differences in how the GDPR has been implemented despite the attempts at harmonisation. I am particularly interested in monitoring in the workplace and whether the legal basis for processing is best served by contractual terms or legitimate interest.
>
> Many thanks
> Susan Doe
>
> Sent from my iPad
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ________________________________________________________________________
>
> The information in this email (and any attachment) may be for the
> intended recipient only. If you know you are not the intended recipient,
> please do not use or disclose the information in any way and please
> delete this email (and any attachment) from your system.
>
> The Council does not accept service of legal documents by e-mail.
> ________________________________________________________________________
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
