Employee monitoring laws in the EU - 12 frequently asked questions:
Is employee monitoring legal in the EU? Is it legal to monitor company’s computers? Is it legal to monitor employee internet and social media activities? Is it legal to monitor screen contents and keystrokes? Is it legal to monitor email content? Is it legal to monitor or record phone conversations? Is it legal to use video monitoring systems in the workplace? Is it legal to monitor private messages and email content? Is it legal to monitor employees' personal devices? Is it legal to monitor employees' personal computers? Is it required to inform employees of the monitoring? Employee monitoring policy - mandatory or not? And some bonus info!1. Is employee monitoring legal in the EU?
Yes, employers in the EU have the right to monitor employees at work as long as there is a legitimate business interest. EU employee monitoring laws allow it. That said, it is crucial to balance an employer’s right to lawfully monitor and manage the work process and an employee’s right to privacy. It is within the employee’s right to be notified before any monitoring is carried out. For example, in Germany, amendments to the Notification Act came into force on the 1st of August 2022. They oblige all employers to inform the newcomers about their working conditions in detail and in writing. Direct consent is not required everywhere, but in some places, it is mandatory, and so it is important to know what rules apply in your area. Most importantly, the monitoring process must comply with the EU General Data Protection Regulation (GDPR). The GDPR maintains that consent, transparency, and data protection are essential. These rules apply to organizations (public and private) in the EU and those based outside the EU that offer the EU services.2. Is it legal to monitor company's computers?
Yes, employers in the EU have a legitimate interest in monitoring the use of the computers they have provided and ensuring that the use remains related to business. However, employers also need to balance the monitoring of use while respecting the privacy of their employees. Clear work policies are very important. Employers should take the following approach: 1. Ensure that employees are notified in advance of the monitoring through a clear monitoring policy. 2. Ensure that monitoring is for legitimate business purposes only and does not interfere with the employee’s fundamental right to privacy. 3. Ensure that data protection rights are respected.3. Is it legal to monitor employee internet and social media activities?
Yes. Although legislation on monitoring social media and internet activities varies across the EU, in most EU countries, monitoring the use of the internet and social media depends on its purpose (business-related or private use). According to article, 29 of the Data protection working party, a legal ground such as legitimate interest is required for processing an employees’ social media profiles. Several decades ago, EU employee monitoring laws were less demanding. For example, in 2007, the European Court of Human Rights confirmed the employer's privilege to monitor the worker's online chats. A Romanian engineer, Bogdan Barbulescu was fired for using Yahoo Messenger for personal conversations during the working hours. Then, the ECHR had appreciated the employer's decision. 9 years later, the Grand Chamber of the institution reversed the ruling. The judges doubted if the engineer was given the duly notice beforehand. Thus, a fair balance between the employer's right to monitor employees and their right to privacy is to be observed. Employers are only allowed to collect and process personal data relating to employees to the extent that the collection of those data is necessary and relevant to the performance of the job for which is being applied. Employers may monitor employees to restrict the use of the internet and social media during working hours. Employers are also recommended to establish well-defined policies on social media and internet usage so that employees know what is acceptable or not.4. Is it legal to monitor screen contents and keystrokes?
Yes. Although businesses operating in the EU can use screen capture and keylogging software to monitor their employees, such monitoring must serve a legitimate business purpose, and employees must consent. Quite naturally, EU employee monitoring laws allow tracking their computer screens and keystrokes under certain conditions. It is worth mentioning that this kind of monitoring may be seen as a violation of privacy in most cases. Therefore, before choosing to do so, employers should identify the issues they intend to address and determine whether this form of monitoring is necessary. Most importantly, they should take into account and comply with GDPR requirements.5. Is it legal to monitor email content?
Yes, an employer may monitor email content received or sent on the company computer, provided that the information is not private and the monitoring is justified on legitimate grounds. That is, it is legal to monitor employees if you duly inform them about the surveillance. It is also crucial for businesses to distinguish between private and work-related emails. Conversely, employees should also avoid accessing personal emails on devices provided for professional purposes. To balance the monitoring of email content while respecting employees’ privacy, employers should: 1. Ensure that the employee is aware of and has agreed to the monitoring. 2. Ensure that personal data collected or connected to the employee e-mail accounts are not accessed, and where such situations arise, data should only be shared with their consent. 3. Ensure that they retain emails and delete them after the period is up.6. Is it legal to monitor or record phone conversations?
Yes. Under the Personal Data Protection Act, monitoring and recording phone conversations may be permitted under certain conditions. For example, if the party has given explicit consent or monitoring/recording is necessary to protect the employer's legitimate interests. A company with a works council must get permission from the works council before phone monitoring or recording is carried out. Employers intending to record telephone conversations are obliged to comply with this code.7. Is it legal to use video monitoring systems in the workplace?
Yes. In the EU, video monitoring systems are permitted provided: 1. There is a legitimate purpose for the surveillance. 2. The surveillance is appropriate for this purpose. 3. The monitoring is necessary and less intrusive. The bottom line, the monitoring must be reasonable, and employers must consider the employee's privacy rights. Under the GDPR, employees must be notified of: 1. The fact that they're being monitored. 2. The purpose of monitoring. 3. How long monitored data will be stored. 4. Who has access to the monitored data. The use of hidden video surveillance is considered a violation of Article 8 of the European Convention on Human Rights (‘ECHR’). It is possible only in case of suspicion of criminal violation or activity, and in limited scope. Also, monitoring in sensitive areas, such as restrooms, religious spaces, and break rooms, is prohibited. Aside from video surveillance systems, there are various employee-friendly options to consider if the primary goal is to monitor overall productivity and ensure that company resources are properly utilized. Employee productivity monitoring software is a great way to balance the benefits of monitoring with the risks of invading employees' privacy.8. Is it legal to monitor private messages and email content?
Yes. Employers are justified in controlling certain activities such as sending or receiving private messages or emails, to ensure that employees perform their duties during working hours, particularly on the company device. The ECHR sets clear guidelines on the extent of how and when such monitoring is permitted. Businesses must develop policies that allow employees to know the extent of the monitoring. Private messages and emails fall within the category of personal data (as described in Article 4 of the GDPR). Therefore, organizations must prove that they have the legal basis to collect and monitor such information.9. Is it legal to monitor employees' personal devices?
Yes. There are some valid reasons why employers may need to monitor their employees' personal devices. For example, with more employees working from home in the EU and worldwide, many employers want to keep up with work processes. Monitoring is, therefore, reasonable in such cases, but there are limits to the monitoring. The GDPR requires the employer to explicitly inform the employee of what information they intend to collect and how they intend to use it. Additionally, the GDPR requires the employer to be transparent about the monitoring process and provide the employee with ample information on how and for what purpose they'll be monitored. It is recommended that employers implement BYOD policies and understand where to draw the line with employee privacy and best practice when developing such policies.10. Is it legal to monitor employees' personal computers?
Yes, if the employee performs work duties on a personal computer, monitoring such devices may be considered to serve a legitimate interest in the protection of business information. EU employee monitoring laws allow checking the professional communication and activities during working hours. However, if such monitoring also captures data relating to the employee’s private life, it is considered unlawful. Appropriate measures should be taken to distinguish between personal and business use of the device and the implementation of BYOD policies should be created to strike a balance.11. Is it required to inform employees of the monitoring?
Yes. In the EU, this is a crucial step. Many EU countries require employers to inform their employees and discuss any monitoring process issues before monitoring. Article 29 data protection working party (WP249) emphasizes that transparency should be applied to data processing at work. Employees must be aware of the monitoring, the purposes for which personal data are to be collected, and any other information necessary to ensure fair processing. Two legal approaches arise across the EU when it comes to co-determination rights. EU employee monitoring laws are dissimilar. In some countries, employees have the right to agree to the monitoring or not. For example, in Sweden and Denmark, collective agreements are to be signed before the initiation of surveillance, and a professional trade union should be informed. In Lithuania, only the activity of the suspected workers may be monitored, and they are to be informed in written form about the control measures. In other jurisdictions, employees have less power. They must be notified of the monitoring, but consent is not required.12. Employee monitoring policy - mandatory or not?
Yes. Nothing beats a good, clear policy about the monitoring process. Monitoring policies, handbooks, etc. must be carefully tailored to show an organization’s legitimate purpose behind the monitoring and what is acceptable or not. With a comprehensive and easily accessible workplace monitoring policy, employees will be aware of the monitoring. All these must be included in the work policies: 1. The nature and extent of the monitoring process. 2. The reason for the monitoring. 3. The impact of the monitoring on the business. 4. How confidential or sensitive information is handled. (If any is taken) 5. Point out acceptable and unacceptable uses. Employers must ensure that their monitoring policies are compliant with legal requirements of the valid EU employee monitoring laws.Our monitoring experts have developed ready-to-use policies, announcement samples, and employee monitoring handbooks for direct use or a sample to create future employee monitoring policies. Request a copy now. It's free!