This document discusses balancing employees' privacy rights with employers' interests regarding internet and social media use in the workplace. It provides an overview of relevant case law and principles from the European Court of Human Rights and Data Protection Acts. Specifically, it examines cases related to monitoring employee internet/email use and social media posts. The document stresses the importance of employers establishing clear internet and social media use policies that are properly communicated to employees.
Trust models for Grid security environment – Authentication and Authorization methods – Grid security infrastructure – Cloud Infrastructure security: network, host and application level – aspects of data security, provider data and its security, Identity and access management architecture, IAM practices in the cloud, SaaS, PaaS, IaaS availability in the cloud, Key privacy issues in the cloud.
Learning objectives
• Understand how to handle massive amount of data using data grid.
• Explains data replication and namespaces
• Identify the various data access model.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
Cloud computing is the delivery of computing services over the Internet. Cloud services allow
individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer
resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks,
computer processing power, and specialized corporate and user applications.
Trust models for Grid security environment – Authentication and Authorization methods – Grid security infrastructure – Cloud Infrastructure security: network, host and application level – aspects of data security, provider data and its security, Identity and access management architecture, IAM practices in the cloud, SaaS, PaaS, IaaS availability in the cloud, Key privacy issues in the cloud.
Learning objectives
• Understand how to handle massive amount of data using data grid.
• Explains data replication and namespaces
• Identify the various data access model.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
Cloud computing is the delivery of computing services over the Internet. Cloud services allow
individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer
resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks,
computer processing power, and specialized corporate and user applications.
CDS is the criminal face identification by capsule neural network.
Solving the common problems in image recognition such as illumination problem, scale variability, and to fight against a most common problem like pose problem, we are introducing Face Reconstruction System.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
Cloud computing security!
Cloud computing security or, more simply, cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security.
It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
The presentation explains about Data Security as an industrial concept. It addresses
its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and
common mistakes people make for the same. The presentation concludes with highlighting
Happiest Minds' expertise in the domain.
Learn more about Happiest Minds Data Security Service Offerings
http://www.happiestminds.com/IT-security-services/data-security-services/
Visual Cryptography for biometric privacywaseem ahmad
visual cryptography for biometric privacy Preserving the privacy of digital biometric data (e.g., face images) stored in a central database has become of paramount importance. This work explores the possibility of using visual cryptography for imparting privacy to biometric data
CDS is the criminal face identification by capsule neural network.
Solving the common problems in image recognition such as illumination problem, scale variability, and to fight against a most common problem like pose problem, we are introducing Face Reconstruction System.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
Cloud computing security!
Cloud computing security or, more simply, cloud security is an evolving sub-domain of computer security, network security, and, more broadly, information security.
It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
The presentation explains about Data Security as an industrial concept. It addresses
its concern on Data Loss Prevention in detail, from what it is, its approach, the best practices and
common mistakes people make for the same. The presentation concludes with highlighting
Happiest Minds' expertise in the domain.
Learn more about Happiest Minds Data Security Service Offerings
http://www.happiestminds.com/IT-security-services/data-security-services/
Visual Cryptography for biometric privacywaseem ahmad
visual cryptography for biometric privacy Preserving the privacy of digital biometric data (e.g., face images) stored in a central database has become of paramount importance. This work explores the possibility of using visual cryptography for imparting privacy to biometric data
Michael Lynn: Capacity and Consent Issues [presented at Mental Health Law Con...Darius Whelan
Capacity and Consent Issues - Mr Michael Lynn, Senior Counsel
Presented at Mental Health Law Conference 2015 - Centre for Criminal Justice & Human Rights, School of Law, University College Cork and Irish Mental Health Lawyers Association
25 April 2015
http://www.imhla.ie
#mhlaw2015
- History of the Internet
- What the Internet is
- The Audience
- How does the Internet affect people?
- Why is it used?
- Advantages and disadvantages
- The value of the internet for media institutions
- Convergence
- Implications for the future
Employees and Internet Use - Legal PerspectiveDarius Whelan
E Law Developments: Employees and Internet Use
Southern Law Association event, Cork, September 2019
Darius Whelan, School of Law, UCC
IT Law Clinic
http://www.ucc.ie/law/courses/
Data Protection and Public Affairs Workshop, nuances public affairs, Berlin, ...nuances public affairs
Data Protection and Public Affairs Workshop, nuances public affairs, Berlin, January 2013. This presentation looks briefly at the importance of the EU Data Protection Regulation Proposal that will replace the the EU Data Protection Directive (1995).
CEE CMS Data Protection webinar series - Part 2CMSLondon
This webinar aims to provide you with an overview of the various national personal data protection frameworks that exist in CEE, particularly in Bulgaria, Czech Republic, Hungary, Poland, Romania, Russia, Slovakia, and Ukraine. CMS have provided legal assistance in each of these jurisdictions for many years.
2012 05 30 Report of the Acting General Counsel concerning social media casesKrishna De
For further information visit:
http://www.nlrb.gov/news/acting-general-counsel-releases-report-employer-social-media-policies
For a curated summary relating to the NLRB Costco ruling visit:
http://storify.com/krishnade/costco-national-labor-relations-board-ruling-affec
http://bgn.bz/costco
Laura Martin - Surveillance in Academia & Lecture Capture LauraMartin276
Presentation on the legality of surveillance in academia and lecture capture. Key focus of presentation on the fundamental right to private life under Article 8 ECHR and the recent ECtHR case of Antovic & Mirkovic v Montenegro.
Strathclyde Law PGR Conference - October 2018
Paper Forthcoming with Prof Lilian Edwards & Dr Tristan Henderson
Similar to Employees and Internet Use - Legal Aspects (20)
Mental Health Act 2001 Toolkit Launch 10 Nov 2022Darius Whelan
The School of Law, University College Cork, has developed a Mental Health Act Toolkit in partnership with Mental Health Reform.
When people with mental health difficulties are admitted to mental health units, either on a voluntary or involuntary basis, it is vital that user-friendly, accessible, information is available regarding human rights. Access to this information is essential for people with mental health difficulties, their family members, advocates, supporters and carers. The Mental Health Act 2001 Toolkit is published on Mental Health Reform’s website.
Video of launch: https://youtu.be/cXOfqiMz77A
Toolkit:
https://www.mentalhealthreform.ie/mental-health-act-2001-toolkit/
Funded by the Irish Research Council.
Hunger Strikes in Prison: The Legal Issues Oct 2020Darius Whelan
‘Hunger Strikes in Prison: The Legal Issues’, Conference Paper at conference, "Terence MacSwiney, Cork Men’s Gaol, and the Political Hunger Strike, 1920-2020", School of History, University College Cork, October 2020
Copyright for Digital Learning
Darius Whelan
Irish Universities Association - Enhancing Digital Teaching and Learning in Irish Universities - Online Seminar, June 2020
Link to resources cited:
https://bit.ly/copyright_open_IUADigEd_June2020
E Law Developments: Copyright Law
Southern Law Association event, Cork, September 2019
Darius Whelan, School of Law, UCC
IT Law Clinic
https://www.ucc.ie/en/law/courses/
LLM in Intellectual Property and E Law, University College Cork, IrelandDarius Whelan
LLM in Intellectual Property and E Law, University College Cork
School of Law
https://www.ucc.ie/en/lawsite/ucc-master's-law/
https://www.ucc.ie/en/ckl16/
Human Rights and Mental Health TribunalsDarius Whelan
Irish Association of Social Workers
Learning from each other; Critical Reflections on the intersections between the Mental Health Act 2001 and Human Rights.
Dublin, February 2019
Shari McDaid - The Mental Health Act 2001: Issues from a Coalition PerspectiveDarius Whelan
Dr Shari McDaid - The Mental Health Act 2001: Issues from a Coalition Perspective
Dr Shari McDaid is the Director of Mental Health Reform.
Presented at Mental Health Law Conference 2015 - Centre for Criminal Justice & Human Rights, School of Law, University College Cork and Irish Mental Health Lawyers Association.
25 April 2015
http://www.imhla.ie
#mhlaw2015
Dr Liz Brosnan: Voices from the Margin / Psychiatric Hegemony - Mental Health...Darius Whelan
Dr Liz Brosnan: Voices from the Margin / Psychiatric Hegemony.
Dr Liz Brosnan is a Sociologist and Survivor Activist.
Presented at Mental Health Law Conference 2015 - Centre for Criminal Justice & Human Rights, School of Law, University College Cork and Irish Mental Health Lawyers Association.
25 April 2015
http://www.imhla.ie
#mhlaw2015
Maria Morgan: The Mental Health Act 2001 from a Clinician's PerspectiveDarius Whelan
Dr Maria Morgan, Consultant Psychiatrist
The Mental Health Act 2001 from a Clinician's Perspective
Presented at Mental Health Law Conference 2015 - Centre for Criminal Justice & Human Rights, School of Law, University College Cork and Irish Mental Health Lawyers Association
25 April 2015
http://www.imhla.ie
#mhlaw2015
Anselm Eldergill: The Court of Protection and the Mental Capacity Act: Capaci...Darius Whelan
Judge Anselm Eldergill, Court of Protection
The Court of Protection and the Mental Capacity Act: Capacity to Change?
Presented at Mental Health Law Conference 2015 - Centre for Criminal Justice & Human Rights, School of Law, University College Cork and Irish Mental Health Lawyers Association
25 April 2015
http://www.imhla.ie
#mhlaw2015
Developing Students' E-Literacy (Teaching and Learning)Darius Whelan
Presentation at University College Cork Digital Day, December 2014
http://www.ucc.ie/en/teachlearn/tel/digitalday2014/
Organised by Vice Presiodent for Teaching and Learning.
Ionad Bairre.
Slides Part 02 Copyright Law for Digital teaching and Learning May 2014
Employees and Internet Use - Legal Aspects
1. EMPLOYEES AND
INTERNET USE
Darius Whelan, Faculty of Law, University College Cork
Dublin Solicitors Bar Association Seminar, December 2012
2. BALANCING COMPETING INTERESTS
Employee’s Privacy Employer’s Interests
Employees do not leave their privacy at the front door
when they come to work
2
3. EMPLOYER‟S INTERESTS / DUTIES
Employers have general right to determine work
tasks and control contract performance
Employer has property rights in equipment
Employers may lay down quality and behaviour
standards
Employer must safeguard employees‟ health, safety
and welfare
Employer has duty of trust and confidence towards
employee
3
4. PRIVACY
Halford v UK (1997):
Assistant Chief Constable – Office phones „tapped‟ – No
warning
She had a reasonable expectation of privacy and so art. 8
had been breached
Copland v UK (2007):
Employer (Welsh public college) monitoring internet
usage, e-mails and telephone traffic of Ms.C (employee)
without her knowledge
Content not monitored; instead names of recipients etc.
Held: Breach of Article 8
4
5. Köpke v Germany (2010)
Employer had used covert video surveillance for
two weeks to investigate employee for theft
Domestic law required proportionality, etc.
ECtHR held complaint under art. 8 manifestly ill-
founded
5
6. KEY DATA PROTECTION PRINCIPLES
Data Protection Acts 1988-2003:
Data must be obtained and processed fairly
Data subject must be informed of purpose for which data are
processed
Legitimate Processing:
Various categories including
Data subject consenting to processing, or
processing is for „legitimate interests‟ of controller without unduly
prejudicing subject‟s rights/ freedoms / interests
Data must be kept for specified, explicit and legitimate
purposes
There must be appropriate security measures
Data subject has right of access to data
6
7. Gresham Hotel (2007)
Data Protection Commissioner Case Study 6 of 2007
Covert video surveillance
Other employees being investigated, not this particular
employee
Gardaí were not involved
Commissioner found data was being processed in a manner
incompatible with its purpose
Covert surveillance would require actual involvement of
Gardaí or intention to involve them
Amicable resolution reached
7
8. Ali v First Quench (2001)
Covert video surveillance in off-licence office – thefts of
stock – Mr A prime suspect
Mr A was filmed having sexual intercourse in office while
shop open
Dismissal fair
McGowan v Scottish Water (2004)
Video surveillance of employee‟s house, due to
suspicion of timesheet irregularities
Dismissal fair; did not breach privacy
8
9. Mehigan v Dyflin Publications (Ireland, 2002)
M received 3 pornographic images by e-mail and forwarded them
on to someone else
Tribunal did not accept this was a one-off incident. Evidence of
other material on computer inc. sexual cartoons
E-mails can often cause offence
The EAT will be heavily influenced by the existence of a written
policy reserving right to dismiss
Unlikely dismissal permissible otherwise
Possible exception – downloading obscene pornography
(Distinction between facts here and „exceptional‟ cases unclear)
Onus on employer to introduce policy
Dismissal unfair, but employee contributed substantially
€2,000 for unfair dismissal plus €2,800 in lieu of notice
9
10. Murray and Rooney v ICS Building Society (2011)
Two employees allegedly circulated pornography by
email
EAT found investigation flawed
Investigation took place without their knowledge;
they could not make submissions on terms of
reference
Investigation involved only small sample of emails
and did not include employees who had deleted
emails
Dismissal was disproportionate
10
€30,000 to one employee; €36,000 to the other
11. Kiernan v A Wear (2008)
Employee posted derogatory comments on BEBO
E.g. Regarding manager “She called me a liar. I
f**ing hate that c**t”
Visible to customers
Fair investigation held. Employee dismissed
EAT found dismissal disproportionate
Employee contributed to her dismissal
€4,000 for unfair dismissal
11
12. Walker v Bausch and Lomb (2009)
Employee wrote on intranet: “500 jobs to be gone at
Waterford plant before end of first quarter 2008”
No proof that employee had received intranet policy
Fair hearing held. Employee dismissed.
EAT found dismissal disproportionate
Employee greatly contributed to situation
€6,500 for unfair dismissal
12
13. O’Mahony v PJF Insurances (2011)
Facebook – Employee called manager a “bitch”
At first, the page was accidentally seen
Employee then allowed full access
A number of disparaging comments
Suspended pending investigation
EAT – Significant breach of trust which made
employment untenable
Employer acted reasonably. Dismissal fair.
13
14. GUIDANCE
Council of Europe
Recommendation R (89) 2 on Protection of
Personal Data Used for Employment
Purposes 1989
International Labour Organisation
Code of Practice on Protection of Workers‟
Personal Data 1997
15. Article 29 Working Party
Opinion 8/2001 on processing of personal data in the
employment context
Opinion 4/2004 on video surveillance
Data Protection Commissioner (Ireland), Monitoring
of Staff, Guidance Note, 2004
Data Protection Commissioner (Ireland), Data
Protection and CCTV, Guidance Note, 2004
15
16. DRAWING UP A POLICY
Review legislation, guidance and cases
Clarify purposes of monitoring (if any) – must be
proportionate
Notify purposes of monitoring to employees – e.g.
state if can be used for disciplinary purposes; may
ultimately lead to dismissal; misconduct v gross
misconduct
Clarify ownership of Twitter followers, etc.
Perhaps permit reasonable personal use of e-mail /
internet / social media
Regular reminders of policy
Other issues – see material cited
16
17. References - See list provided
Contact Details:
Dr Darius Whelan, Faculty of Law,
University College Cork
http://research.ucc.ie/profiles/B012/dwhelan
Email d.whelan@ucc.ie
Twitter: @dariuswirl
17