-While I cannot recall the exact legal aspects, years ago while I was the union representative at the engineering company I worked for, the company wanted (for very valid reasons) to go through a number of E-mails sent to/from a couple of specific employees.

The E-mails were eventually read - but in the presence of the employees in question and their (chosen by them, paid by the company) legal counsel.

I can not imagine an employer going to such lengths to accommodate the employees unless required by law to do so. This was in Norway.

In the EU there is. For instance the company can't normally access directories or emails clearly labelled as "private". Monitoring can occur but it's pretty tightly regulated.

See for instance https://gdpr.report/news/2017/11/17/5383/

> * Employers can monitor employees’ emails at work but need to approach this with caution and careful consideration.

> * Follow the ICO Code and 29 WP opinion, including conducting a DPIA prior to undertaking any monitoring, considering whether it is possible to achieve the objective through less instructive means and ensuring policies clearly notify employees that monitoring takes place, why and that the content of emails may be viewed.

> * If emails are identified as or are clearly “personal” do not open unless there is a real risk of serious harm to the business and, where possible, inform the employee in advance that the content may be viewed.

I find that perfectly reasonable IMO. You're not your company's property. Your boss can't put a camera in the corporate bathroom's stall just because he owns it.

Thanks for the answer. TIL.

However, I must say that's just weird to me, because you're not required to use company resources for private matters.

The bathroom analogy doesn't really hold in my mind, since it's reasonable to expect privacy in any bathroom, but I see where you're going with that.

I think it's reasonable that if you're going to be in front of a computer for ~8hours a day from time to time you're going to do personal stuff on it. This was especially true a few years ago when smartphones and unlimited data plans weren't quite as common.

I mean sure, if it's the PC controlling some industrial machine you're probably not expected to browse Facebook on it. But if you're some temp working the reception you might have some time to kill even if you do your work properly...

There's also the situation where you're traveling and don't want to carry two laptops from instance.

You might be required to use company resource for private matters depending on what you do. You can't really choose when some of the private things will happen that need immediate reaction.

What is the legality of this? Is this just an "opinion" that a company covered by GDPR could choose to implement or not implement?

This has been part of labour protection laws all across Europe for decades.

Sorry I'm not very familiar with European labor protection laws. Which ones cover privacy concerns on workplace computers?

You should be able to find them on the Web sites of the relevant social partnership organisations, self-regulatory organisations or public rights corporations. In case of EU members, work backwards in time from directive 95/46/EC.

If you were having a conversation with a colleague in your office kitchen, and then noticed your boss was aiming a high-gain directional microphone at you, how would you feel about that?