Editor’s note: This is a sponsored article, which means it’s independently written by our editorial team but financially supported by another organisation, in this case, Ius Laboris. If you would like to learn more about sponsored posts on Tech.eu, read this and contact us if you’re interested in partnering with us.
Over the past few years, we all have become acutely aware of the importance of privacy and taking good care of our personal data, from our online identity to location history and shopping habits. Many business models have been affected by this tectonic shift, and many will, but one of the less obvious aspects of our daily lives that is changing because of new privacy law is the way employers monitor their employees both in and outside the workplace.
Technology as a whole has brought a plethora of new ways to track what people do at work. From surveillance cameras and keylogging software on work laptops to biometric sensors and GPS tracking, companies have come up with a range of tools to monitor what their employees do — but are they all legal?
With the introduction of the GDPR, Europe seems to have become the most advanced place globally in terms of protection of employees' privacy, however, the degree of this protection still varies from country to country. In a report compiled by Ius Laboris, a team of HR lawyers have taken a closer look at how workplace monitoring is regulated in 41 countries across the world and put together a neat overview of what's going on.
“Although the EU may look like one bloc,” the report states, “many GDPR countries still have their own particular preoccupations — and points to note for international employers. In Finland, employers can only process personal data that is directly necessary for the employment relationship, meaning that not all monitoring activities are permitted, regardless of the employer’s interests or the level of information given to employees. Spain is gradually introducing more limits on monitoring as a way of slowing the implementation of some technologies - particularly those that capture sensitive data.
“Meanwhile, the Netherlands has two conflicting data privacy provisions relating to health data, one saying employers must have information about drug and alcohol abuse to dismiss someone for this, the other saying it is unlawful to process employee health data of any kind. Employers need to beware of this trap.”
Know your rights
This actually goes for both employees and employers: knowing what you're allowed and not allowed to do in relation to monitoring in the workplace can make everyone's lives easier.
For example, almost everywhere in the world — and in the whole of Europe — tracking of an employee outside of working hours is very hard to justify, and often unlawful. However, if we consider following someone's personal social media profiles a form of tracking, the situation becomes a bit less straightforward.
If a company has a well-defined social media policy, damaging comments made by an employee outside of working hours could become a valid reason for termination, provided they're public and not limited to the person's “friends.” If that's not the case, the employer can get in trouble.
“In New Zealand, an interesting case from 2015 reverses the focus by considering what happens when the employer tracks private posts and then goes on to misuse them,” the report goes. “Ms Hammond was dismissed from Credit Union Baywide and later held a small function where she served a cake, iced with an expletive towards Credit Union Baywide. She posted a photo of the cake on Facebook, accessible only by her Facebook ‘friends’.
“Credit Union Baywide heard about it and asked a current employee who was a Facebook friend, to access it for them. They then distributed the photo to other potential employers to ensure she wouldn't get another job. Ms Hammond took out a breach of privacy claim and was awarded record damages of NZD 168,070 (approximately €100,000).”
It's also probably a good idea — again, for both employees and employers — to have separate personal and work mobile devices. This way, the former can make sure that no one can intercept their private communications, while the latter is safe from accidentally violating the law, while keeping network security as tight as possible.
Interestingly, according to Ius Laboris's report, in Germany, many companies actually encourage employees not only to get separate devices, but also to block incoming calls and emails on work accounts outside of working hours and exercise the “right to be unavailable.”
The tech angle
So, what's the law like regarding the use of technology for monitoring in the workplace? Same as with everything else, it varies a lot depending on the country.
“At one end of the scale, in Germany, if an employer simply wants to introduce Microsoft Office into a workplace, the works council can decide to block it, leading to a special conciliation procedure,” states the report by Ius Laboris. “Apparently, the problem is it could be used to monitor employee performance, if only by manually adding performance data. Other countries are much more permissive, but it can depend on the kind of technology involved.”
As for the particular types of surveillance, cameras are one of the most common ways for employers to track employees. However, in most cases, continuous and unannounced camera monitoring in the workplace would be illegal pretty much anywhere in the world.
It is a similar story with GPS tracking. Doing so without informing the employee or when they're off duty is generally frowned upon. However, for example, accessing location data of a vehicle exclusively reserved for professional purposes would normally be considered fair play.
If you're an employer in Europe considering using keylogging software, think carefully.
“An employer in Germany made it quite clear to its employees that it intended to install keylogging software,” goes an anecdote in the report. “The employer found out, with the help of the software that one employee was doing an excessive amount of private business during work. However, the Federal Labour Court decided that the keylogging data could not be used as evidence because the employer had no concrete reason for monitoring its employees so comprehensively.”
There's also quite a bit of controversy going on around the use of biometrics in workplace monitoring, first of all for clocking on and off. Attractive as it may seem for an employer, the general understanding — particularly in Europe — is that data such as fingerprints, voice and retinas can only be used for this purpose in exceptional circumstances.
There a case to be made both for and against monitoring depending on the circumstances, but although common sense is good guidance in most cases, it's extremely important for both employers and employees to understand the law at local level and to keep the processing of personal data to the minimum.
You can read the full report by Ius Laboris on its website. Still have questions? Ask in comments or send them to firstname.lastname@example.org, and we'll pass them along to the team of HR lawyers who authored the paper.