It is in the Netherlands, permanent surveillance of employees without a specific reason (read: related to a specific instance or incident) is not permitted.
Same in Switzerland. If there is a specific reason for surveillance the employee must also be informed of upcoming surveillance and the consequences if something were to be found.
No, not if you are not working in a bank where there is a specific reason for your employer which is for example exposure to a considerable risk of being robbed. It is also permitted if you have had problems in the past with employees stealing things from the company, but only in places where it makes sense and is proportionate.
In any case, you have to make that absolutely clear to your employees. Any unanounced surveillance is a criminal offence here.
I live in the EU and I cannot think of a single law where the employeer cannot take screenshots of the machines they own. I'll be happily proven wrong though.
Permanent and comprehensive PC monitoring at the workplace based on a general suspicion is not permitted. The employer may only monitor the employee on the PC if there is sufficient concrete suspicion of improper use of the work computer.
What applies to private use of the work computer?
If private use of the work computer is expressly permitted to the employee, PC monitoring at the workplace is fundamentally excluded.
What if the boss monitors my PC even though he is not entitled to it?
If the employer does not adhere to the requirements for PC surveillance, he is punishable and in the worst case must be prepared for imprisonment.
>>If private use of the work computer is expressly permitted to the employee, PC monitoring at the workplace is fundamentally excluded.
Cool. In most places that are not fancy IT companies where everyone is given a brand new MacBook Pro to use as a mixed work/personal machine, there is no such thing as "private use of the work computer". So given what you posted, there is no legal issue then.
It would. I said most people aren't provided with those. You sit at your desk and are given a machine to do data entry/accounting/etc all day long, not for private use.
This does not reflect reality. The employer must acquiesce in the full-time employee conducting private matters, such as making physician's appointments or checking in with one's child after school, over company owned equipment (phone/computer).
It needs to be proportionate and justified. Putting an employee under an unreasonable amount of monitoring for no discernible reason could be a problem. Of course weather taking screenshots of one's monitor every 30s is or isn't reasonable would be left to the interpretation of the court.
>The ECtHR held that the employer had breached B’s right to privacy because they didn’t inform him of the monitoring in advance and nor did they tell him that they may access the content of his communications. The previous courts had also failed to determine the reasons justifying the monitoring and whether these were proportionate to the purpose or whether the employer could have used less intrusive measures to achieve the same result.
If I read this correctly even if the person had been informed of the monitoring the evidence wouldn't have been receivable because the monitoring wasn't deemed "proportionate".
That isn't necessarily true either. IIRC, there was a case not so long ago of a school that was using quite aggressive surveillance measures, and obtained some degree of prior consent. It was still penalised under the GDPR, because all processing of personal data must be justified. Even consent is not carte blanche to do whatever you want, and that's probably a good thing for the same reason that inalienable consumer rights when you shop or employment rights when you take a job are probably good things.
Edit: Apparently there are now at least two examples of this.
Right, but both of these examples are about using personal data(facial recognition data and then fingerprints) for purposes where it's not needed. Again, I would see the issue if the employeer was taking pictures with the webcam every 30 seconds - that is definitely a privacy problem because you neither expect your employeer to be photographing you every 30 seconds, nor is it necessary for your job. But pictures of the screen? Screen that's meant to be used for work and where no reasonable expectation of privacy should exist?
It’s a common practice at most companies to allow some minimal use of company equipment to check private email etc while on break. As soon as that’s allowed a reasonable expectation of privacy exists.
You keep saying there is no reasonable expectation of privacy, but there is no basis in law for that position, at least not in the EU or UK.
I've edited my earlier comments to add some sources, including a reference to the official guidance from the UK's national data protection authority that directly states that just because someone is at work it does not mean they have no expectation of privacy. You can also find lots of public commentary from employment lawyers on the Web where they have interpreted the GDPR similarly, similar statements from other national regulators, etc. Some of these highlight tricky situations like the need to respect personal email as well.
What kind of informed? Buried in hundreds of pages of policy documents, that they make you 'acknowledge'? A separate network use agreement when employed giving cart blanche? Or something specific and upfront?
I don't know, the company I work for(in the EU) you get an email on your first day saying that the company has a private certificate installed on every machine, so they are intercepting and inspecting all of your network traffic including encrypted websites. So while allowed, please refrain from browsing your own email, bank accounts etc, as the company software can and will see the contents of those.
Like, it's pretty explicit. I don't know how different that is from just sending an email saying "hey your screen is being monitored every 30 seconds".
-While I cannot recall the exact legal aspects, years ago while I was the union representative at the engineering company I worked for, the company wanted (for very valid reasons) to go through a number of E-mails sent to/from a couple of specific employees.
The E-mails were eventually read - but in the presence of the employees in question and their (chosen by them, paid by the company) legal counsel.
I can not imagine an employer going to such lengths to accommodate the employees unless required by law to do so. This was in Norway.
In the EU there is. For instance the company can't normally access directories or emails clearly labelled as "private". Monitoring can occur but it's pretty tightly regulated.
> * Employers can monitor employees’ emails at work but need to approach this with caution and careful consideration.
> * Follow the ICO Code and 29 WP opinion, including conducting a DPIA prior to undertaking any monitoring, considering whether it is possible to achieve the objective through less instructive means and ensuring policies clearly notify employees that monitoring takes place, why and that the content of emails may be viewed.
> * If emails are identified as or are clearly “personal” do not open unless there is a real risk of serious harm to the business and, where possible, inform the employee in advance that the content may be viewed.
I find that perfectly reasonable IMO. You're not your company's property. Your boss can't put a camera in the corporate bathroom's stall just because he owns it.
I think it's reasonable that if you're going to be in front of a computer for ~8hours a day from time to time you're going to do personal stuff on it. This was especially true a few years ago when smartphones and unlimited data plans weren't quite as common.
I mean sure, if it's the PC controlling some industrial machine you're probably not expected to browse Facebook on it. But if you're some temp working the reception you might have some time to kill even if you do your work properly...
There's also the situation where you're traveling and don't want to carry two laptops from instance.
You might be required to use company resource for private matters depending on what you do. You can't really choose when some of the private things will happen that need immediate reaction.
You should be able to find them on the Web sites of the relevant social partnership organisations, self-regulatory organisations or public rights corporations. In case of EU members, work backwards in time from directive 95/46/EC.
If you were having a conversation with a colleague in your office kitchen, and then noticed your boss was aiming a high-gain directional microphone at you, how would you feel about that?
The mere fact that the employee is at work or using work resources has been found on several occasions to be insufficient justification for serious privacy infringements. These days it would come under GDPR or, in some member states, their national privacy laws where those are stronger.
As a rule of thumb, an employer can take reasonable steps to protect themselves as far as monitoring is concerned, often with the requirement that the subjects of the surveillance have been told in advance that it might happen. But there is always an implied requirement of necessity and proportionality in the background. Monitoring a specific employee where there is evidence to suggest they are leaking trade secrets is one thing. Routine monitoring of everyone's computers where you end up, say, recording the login details they used to access online banking and check whether their expenses have been paid yet is something very different.
You can also check the guidance from the various national data protection agencies, such as the ICO's publication "The employment practices code", which address this issue in quite a lot of detail.
It’s not illegal under EU law, but illegal in some countries.
EU law has lots of restrictions however, the employer needs to be crystal clear and transparent about the monitoring. The situation OP describes, would not be legal.
