Companies generally use monitoring software to boost productivity, optimize internal processes, and successfully scale operations.
However, while doing so, they must also pay close attention to the legal aspect. Spying on your employees is never okay, and so companies must define their policies in accordance with the relevant laws in the country they are operating in. Additionally, you shouldn't forget about your off-site teams, and you should make sure that you're aware of the laws regarding monitoring remote employees.
These differ from one country to the next, varying in degree of strictness, as you can see in our list.
Generally speaking, the laws protecting employee privacy are weaker in the US, while European countries require the employer to obtain consent from the staff before starting to monitor their work activities and equipment usage.
Regardless of the location, all legislations state that the purpose of employee monitoring is to safeguard confidential company information and ensure workers’ professional behavior. However, some are more concerned about preserving employee rights in the process than others.
The EU Monitoring Laws
When it comes to the countries of the European Union, there is no one single law that regulates if and how employers can keep an eye on their employees.
General Data Protection Regulation (GDPR), however, dictates that all employees must be given notice about data collection - even though employee monitoring isn’t mentioned as such. This, in turn, can trigger a data protection impact assessment.
EU workers have certain rights to private communication in the workplace even if it is conducted via employer’s equipment, unlike their US counterparts. For instance, if the word private is found in the email subject, the employer is very limited in circumstances under which they can access those emails.
Even though the rest of the world sees Europe - or more precisely, the EU - as one block with singular legislation on all matters, every member country has regulated all spheres of life in their own way.
If you plan on expanding to the European market or want to start monitoring remote teams located there, it’s best you familiarize yourself with different legal requirements.
Disclaimer: This article provides general information and it’s not to be used as legal advice. Please contact your legal team for more information about specific regulations.
Under the Austrian Labor Constitution Act, employers can monitor their staff only if the works council agrees - their decision cannot be overrun by an arbitration board or a court. In companies without a works council, each employee must give their consent to be monitored before the procedure starts.
The law is constructed around the idea that employee monitoring cannot touch the human dignity of the workers. That’s why, for example, in the case of CCTV monitoring, the employer can store only screenshots, and not full video footage.
Employee privacy in Belgium is ensured in several ways and on various levels.
The Belgian constitution guarantees the protection of private life to all its citizens, but interference is permitted if legal, legitimate, and proportionate. Moreover, the processing of personal data is justified if it’s done in a lawful and transparent way.
On the other hand, privacy in the workplace is not absolute and monitoring employee emails, for example, is acceptable if done for the purpose of detecting abuse and “defending other legitimate interests the employer might have”.
That’s why Belgian companies must create and implement a clear monitoring policy beforehand or the gathered data will be inadmissible in a court of law.
In Denmark, employer monitoring is permitted as long as it doesn’t offend or cause harm to the employees and has a “reasonable, operational purpose”.
Employees must be notified beforehand unless giving notice defeats the purpose of monitoring, while the employer’s possibilities and restrictions are defined by collective bargaining agreements.
In this sense, monitoring employee emails is completely within the scope of the employer’s rights to verify that workers “are completing their professional tasks during working hours”. However, if the emails are clearly identified as private, then reading them would be a breach of employee privacy by the employer who can then be criminally prosecuted.
Estonia does not have specific laws regarding employee tracking and monitoring their work, but, since it has been a member of the EU since 2004, it has an obligation to process personal employee data in accordance with the GDPR.
The Estonian Data Protection Inspectorate has issued guidelines in order to help employers establish internal monitoring rules, and again, they must be in compliance with GDPR.
French laws strongly guard and guarantee employee privacy in the workplace. Employee data and equipment monitoring are very limited as all workers have the right to respect and secrecy of all correspondences at work and during working hours.
For example, if using software to monitor PC devices of their employees, the company must make sure that it doesn’t feature keyloggers while employees must be notified about the implementation 14 days in advance. It’s also illicit to have a copy of employee emails - received or sent - but the company can ask for access if they are sent or received to a company/professional computer.
In that sense, all employers must keep a record of processing employee’s personal data and make it available upon the request of the supervisory authority.
Prior to 2017, you could monitor your employees quite freely in Germany - in some cases even without their consent - as the legal framework was practically non-existent. But with the passing of the new labor law, employee overseeing was allowed under restrictive conditions.
In essence, employers can start monitoring their staff “to protect their legitimate interests” - or in other words, in a case of serious criminal misconduct or breach of professional duty. They cannot execute monitoring without prior suspicion of unprofessional behavior, or all gathered evidence will be inadmissible at court.
In Greece, privacy is a constitutional right, so you can’t watch employee’s computer or mobile phone without a proper cause.
All electronic communication surveillance is prohibited by the Greek law, unless legally authorized or conducted for the purpose of gathering information relevant to lawful business practice.
Another exception is if both parties have provided their written consent after being notified about the intent to introduce the monitoring practice. This also means that it’s up to the employer to implement a clear workplace communication and employee monitoring policy, especially if they provide the equipment workers use to conduct business.
Just a few years ago, Italian employers had all the freedom in worker monitoring. It was usual practice to forgo notifying employees about it, after which companies taken to court over infringing on privacy would have to pay massive fines.
But as of 2015, the reformed labor law states that software to monitor employee PC can be installed only to ensure productivity and safety in the workplace, or to protect company assets.
It must be preceded by an agreement with Trade Unions or with special authorization from the National Labor Inspectorate. Also, all employees must be made aware of the way gathered information will be stored and used (under GDPR).
In the Netherlands, employees’ right to privacy in the workplace is very strictly guarded in the eyes of the law.
Unlike other countries, here the relationship between the employer and employee is considered unbalanced - the employer has power over the employee. That is why, in order to watch employee’s computer, it’s not enough for the employee to just give their consent.
To process employee communication data, the employer must have a legitimate reason to do it - one that outweighs the worker’s privacy interest, must be out of other ways to do this, must have notified the employee of a code of conduct beforehand, must have respected the employee’s right to communicate confidentially, and must acquire permission from the works council prior to starting the process.
In Switzerland, employee monitoring is allowed for certain purposes and if in compliance with the law.
For example, it’s prohibited to record employee behavior for no other purpose but this, but the use of automatic control systems is allowed if there is an outweighing, legitimate interest - such as employee safety or control over the production process - by the employer.
However, these measures must be transparent and implemented in such a way that they minimally affect employee performance. For example, using employee monitoring software with a keylogger without a court order would constitute prohibited conduct monitoring and criminal activity by the employer.
With so many legislations in place, differing from one European country to the next, it’s crucial to get as much information as possible about labor laws you want to do business in any of them.
On the other hand, they all have one thing in common - GDPR regulates the way personal and professional information is collected and processed - and it requires special attention to detail.
Nevertheless, before opting to implement employees monitoring software in your company - or EU office - make sure to be following the delicate and sometimes very strict labor and privacy laws.
This article was originally written on August 23rd, 2019 by Aleksa Misic. It was updated on July 21st, 2020 by Aleksandra Djordjevic.