In this original context of Covid-19, isolation measures have led to a significant use of teleworking, forcing companies to introduce software or platforms to facilitate working at home, in complete safety. Teleworking may lead to an increasing collection of the employee’s personal data by the employer, especially for monitoring purposes.
- Productivity, monitoring end private life of employee
Teleworking is no less exigent than going to work in an office. Tasks are given, deadlines have to be respected, meetings are organized thanks to platforms and software like Zoom. But some people think it’s harder to be as productive, especially managers. Nevertheless, this practice should not lead to the surveillance of employees, including by video methods.
In the United States, there has been a boom in monitoring software introduced by employers to control their teleworking employees. This intrusive software, known as spyware, makes it possible to know the browsing history of the employee, to record keystrokes but also to take screenshots to check that the employee is at his/her workstation, at work schedules. Productivity seems to be more important than privacy.
Another practice has become commonplace, the use of continuous videoconferencing. In fact, employees are filmed throughout their working day. In addition, SNEEK software is very popular because it allows to take pictures of employees every five minutes and compile their photo. A definite diversion from the main purpose of this software for monitoring purposes by employers.
- In France ?
As a consequence, non-intrusive measures must be considered in the organisation of work and its conditions. The supervision of workers is highly regulated. In the context of work, « The use of video surveillance for monitoring locations that are part of the most personal area of life of employees is not permitted in any situation » according to the Committee of Ministers’ Recommendation to member states on the processing of personal data in the context of employment (Principle 15). Although this recommendation does not directly address teleworking, it can easily be applied to this situation.
The CNIL clearly specifies the framework for this surveillance. For example, keyloggers to remotely record all actions accomplished on a computer are an illicit surveillance method, except in exceptional circumstances. Moreover, surveillance by videoconference, as in the United States, can only exist if it meets appropriate safeguards.
Thus, the employer can set up activity monitoring systems as long as the appropriate safeguards are in place. Let us remember that the GDPR requires that measures processing personal data must respond to a legitimate interest and comply with the principles of necessity, transparency, proportionality, and provide safeguards for the respect of privacy.
M2 Cyberjustice- Promotion 2019/2020