On September 5, the European Court of Human Rights issued a ruling in the case of Bărbulescu v. Romania that affirms employees’ right to privacy in the use of communications tools in the workplace. Although the ruling is strict, it aligns with the positions taken by the national courts of certain European Union Member States (e.g., Germany) and guidance issued by data protection authorities. And the criteria that the ECHR adopts for assessing the lawfulness of monitoring generally aligns with the requirements under the General Data Protection Regulation, which takes full effect on May 25, 2018. In our post, we summarize the ruling and identify key takeaways for companies that monitor workforce use of information systems and tools in the EU.
Part 11 of Future-Proofing Privacy: Data Protection in the Workplace. Modern technology offers advanced technical options to monitor employee performance and conduct. Even standard IT applications may be used to control or record personnel behaviour in the workplace. Where previously the degree of employee supervision was limited by what the technology could do, rapid technological advancements mean that data protection laws are now the principal limitation in the EU. The Regulation is due to play a major role in this respect. As a consequence, employee data privacy has been one of the most hotly debated aspects of the Regulation. This area of data privacy will remain less harmonised than other fields of data protection.
Data privacy in an employment context remains an important challenge for companies. On the one hand, employers have a strong interest in monitoring personnel conduct or performance; few controllers are likely to have collected more personal data about an individual than their employer. On the other hand, employees have a legitimate expectation of privacy – including at their workplace. This inherent conflict of interests has created a considerable volume of case law regarding employee monitoring in several member states, relating to the permissibility of internal investigations and compliance controls. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”