Are staff photographs a breach of the GDPR?

Many employers take photographs of their employees to use on the business’ website and to support other business-wide marketing campaigns. But do photos constitute personal data under the GDPR?

Is an employee’s photograph classed as ‘personal data’?

If individual employees can be identified directly from their website image or identified by using the image in conjunction with other available information on the website, then the image will be classed as personal data.

This means that the employer’s processing of the image will be governed by the GDPR and the image needs to be processed in accordance with its principles.

It is important to understand how the employer is using the data, in this case, photographs. There is a difference between a photo that identifies the individual and an anonymised photograph that is used for marketing purposes. When an employee is identifiable in a photograph, information related to the employee’s health, disability or racial origin could be communicated and this could be classed as ‘sensitive’ personal data.

What can an employer do under the GDPR?

Photographs that amount to personal data need to be processed lawfully, fairly and transparently.

The use of employee photographs to generate employee engagement within the workplace and to promote the business externally to customers in order to generate future business could be explored as a means of establishing a legitimate interest as a lawful basis for using the photos.

The employer also needs to provide fair processing information to its employees in accordance with GDPR requirements to ensure that employees are aware that their personal data may be processed for such purposes.

The advice from the ICO to employers is that relying upon consent to process employee personal data should be viewed as a last resort, because of the uneven relationship between an employer and employee. There are stricter rules for obtaining consent under the GDPR, which includes requiring that consent must be freely given.

If the data is classed as ‘sensitive data’ whereby an employee’s heath or racial origin is easily identifiable then it is hard to see how its use could be justified without first obtaining consent.

In many cases an employee is likely to give consent for their photograph to be used, as it can help to raise an individual’s professional profile, but in accordance with GDPR requirements for use of consent, the employee should be allowed to withdraw their consent at any time and their photograph needs to be removed at this point which can cause a problem for the employer.

In this context, it would also be necessary to look at any contract terms, policies or references in the staff handbook to see what is said about taking photographs of employees, although this wouldn’t automatically give an employer the grounds to lawfully process sensitive data.

Privacy under the Human Rights Act

An employee might also claim that they have a right to privacy under the Human Rights Act. There could be grounds for an employee to argue that their privacy has been infringed by their employer if the employer took and used a photograph of the employee without their informed consent. Given the issues, it might be sensible for employers to ensure that an employee’s consent to the use of a photograph is obtained in writing.

An employer could do this by requesting that the employee signs a form, which should set out how the image will be used, so that the employee can provide appropriate consent for that use. The consent form should include, among other things, full details about how the photograph will be used and where it will appear.

For further advice on this, or any other employment-related dispute, please contact Jane Crosby at Hart Brown Solicitors directly by emailing jzc@hartbrown.co.uk or by calling 01483 887742.

This is not legal advice; it is intended to provide information of general interest about current legal issues.

Share

Jane Crosby

Partner, Dispute Resolution

Jane is an employment and commercial litigation solicitor of more than 15 years' experience. Prior to entering the legal profession, Jane was employed in the...

Partner, Dispute Resolution

Jane Crosby

Jane is an employment and commercial litigation solicitor of more than 15 years' experience.

Prior to entering the legal profession, Jane was employed in the aviation industry. This experience is appreciated by many of Jane's clients who note that she is able to take a commercial and pragmatic approach to any legal issue that they face.

Jane acts for a wide range of individuals and businesses and her areas of specialism include aviation, property related industries and IT. Jane regularly advises on aspects of employment law, such as settlement agreements, employment contracts, policies and procedures, redundancies, equal pay, data protection, issues arising from TUPE and reorganisations, the calculation of holiday pay, bonus and commission payments, disciplinary and grievance issues, dismissal and termination issues, the protection of confidential information and the enforcement of restrictive covenants. Jane gets involved in GDPR training for her clients and she is able to deliver tailored employment law training sessions upon request.

As a commercial litigation lawyer, Jane also deals in shareholder and directors disputes, commercial contract disputes and the enforcement of restrictive covenants.

Jane has been involved in successful high value commercial litigation for clients in the High Courts, she is an accredited mediator and she is a member of the Employment Lawyers Association.

Jane is often asked to write for a number of well known publications, including The Daily Mail, The Telegraph and The Week and she has been interviewed on BBC Radio 4.

Here is small selection of the feedback that Jane has received:

“Jane, I cannot sincerely thank you enough for your wise counsel and am delighted to have made your acquaintance. If I am blessed with a new position somewhere I will hand over my contract in the first instance to you. Likewise, any of my friends, peers, romans and countrymen wanting advice, I will point them in your direction.”

“Jane, you have been most resilient on my behalf for which I sincerely thank you for all your endeavours. I have a tremendous working relationship with Hart Brown and you have undoubtedly compounded this further."

“I appreciated the clarity of advice given at a stressful time”.

“A sensitive and highly professional approach and efficient work in the interests of the client”.

“Your advice, conduct and assistance have been indeed outstanding and very professional but also – and most importantly – very humane”.

Head Office

Resolution House
Riverview
Walnut Tree Close
Guildford
Surrey
GU1 4UX

Your Local Office

Guildford - 01483 887766
Cobham - 01932 576789
Cranleigh - 01483 887515
Godalming - 01483 887766
Woking - 01483 887766

Hart Brown Solicitors is the trading name of Hart Brown LLP registered in England and Wales No. OC 425835 whose registered office is Resolution House, Riverview, Walnut Tree Close, Guildford, GU1 4UX and is authorised and regulated by the Solicitors Regulation Authority (SRA) No. 658593. Members: N Maud, T Pearce, D Knapp, R Campbell and P Grimwood, Partners: J Crosby, L Harrhy, J Jupp, J Lamont, T Mandelli, V McMurtrie, E Moore, S Osborne, S Powell, G Sanders and E Wiggins.

Any reference to a partner in relation to Hart Brown LLP means a member or an employee with the title of Partner of Hart Brown LLP.

© Copyright Hart Brown LLP 2019 - All Rights Reserved. VAT registration no. 211372705