The monitoring of employees at work, or more generally the processing of data in the employment context, is a topic that has been debated for as long as the Data Protection Directive (Dir 95/46/EC – DPD) has been around. Nonetheless, due to the emergence of new technologies and changing work polices, the topic is red hot today.
The following blog post summarizes the current developments by paying special attention to the recently released Article 29 Working Party (WP29) Opinion, the near transition from the DPD to the General Data Protection Regulation (GDPR) as well as developments in Germany with the update of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), followed by a brief look at two high-stakes litigation cases, by the Federal Labour Court (Bundesarbeitsgericht) concerning the use of key loggers in the employment context and the European Court of Human Rights (ECHR) confirming monitoring of employee’s emails as a breach of his right to private life and correspondence.WP29 Opinion: Data Processing at Work
The WP29 recently released an opinion addressing the processing of data in the employment context. The opinion focuses on a “new assessment of the balance between legitimate interests of employers and the reasonable privacy expectations of employees”. The WP29 stressed that employers should always consider the following four points to mitigate risks:
- the processing must be based on a legal ground such as Article 7 (b), 7 (c) or 7 (f) DPD;
- the processing must be fair to the employee;
- the processing must be proportionate to the concerns raised (purpose); and
- the processing must be transparent (e.g ...