COVID-19 pandemic has seen significant rise in the use of Microsoft Teams meetings but for GDPR purposes, could this be classed as employees personal data and would they have to be disclosed in response to subject access requests?
Recorded images, where an employee is identifiable does amount to employees’ personal data and the recording, sharing, retention and other operations involving personal data will be deemed to be processing for the purposes of GDPR. Therefore, if the video or audio recording does amount to personal data then, on the face of it, the employee is entitled to obtain a copy of it under a subject access request.
If the video also contains personal data of another individuals, the employer must first obtain that other individual’s consent or in this instance would need to redact / blur the image of the other individual and mute the audio of the other individual in order to protect the privacy and personal data of the other individual.
Another interesting question is whether the employer is complying with data protection law in storing the teams meetings. Certainly, this will be highly fact dependent and in some cases it will be legitimate to retain those recordings. However, employers should be careful when keeping recordings of all meetings and as a matter of course, regardless of content, an employer may not satisfy a condition for lawful processing and it is revealed that records should not be stored indefinitely.