Workplace monitoring to be subject to new rules in EU

The consultation covers a range of specific questions related to data protection at the workplace which were originally identified in an initial consultation on the same subject in August 2001, such as monitoring and also the treatment of health, drug and genetic testing data.

Processing of personal data is already covered at EU level by two Directives which apply fully to employees' personal data. However, the Commission claims that the principles laid down by current legislation are "general in scope" and their application to the workplace "is not always elaborated in detail."

The proposed framework of principles and rules set out in the consultation aims to build on the Directives and clarify ambiguities.

The following proposals are made in relation to workplace monitoring:

The workers' representatives should be informed and consulted before the introduction, modification or evaluation of any system likely to be used for monitoring/surveillance of workers.

Prior check by a national Data Protection supervisory authority should be considered.

Continuous monitoring should be permitted only if necessary for health, safety, security or the protection of property.

Secret monitoring should be permitted only in conformity with the safeguards laid down by national legislation or if there is reasonable suspicion of criminal activity or other serious wrongdoing.

Personal data collected in order to ensure the security, the control or the proper operation of processing systems should not be processed to control the behaviour of individual workers except where the latter is linked to the operation of these systems.

Personal data collected by electronic monitoring should not be the only factors in evaluating workers' performance and taking decisions in their regard.

Notwithstanding particular cases, such as automated monitoring for purposes of security and proper operation of the system (e.g. viruses), routine monitoring of each individual worker's e-mail or Internet use should be prohibited. Individual monitoring may be carried out where there is reasonable suspicion of criminal activity or serious wrongdoing or misconduct, provided that there are no other less intrusive means to achieve the desired purpose (e.g. objective monitoring of traffic data rather than of the content of e-mails; preventive use of technology etc.)

Prohibition in principle imposed on the employer as regards opening private e-mail and/or other private files, notably those explicitly indicated as such, irrespective of whether use of the work tools for private purposes was allowed or not by the employer. In particular, private e-mails/files should be treated as private correspondence; secrecy of correspondence should not be able to be waived with a general consent of the worker, in particular upon conclusion of the contract of employment.

Communication to occupational health professionals and representatives of workers should receive particular protection.

The consultation has gone to a number of so-called "social partners," specific bodies that include UNICE, ETUC and CEC, which have six weeks to submit their comments. They can alternatively establish their independent EU-wide initiatives in the area.

The consultation document is available as a 20-page PDF from:
http://europa.eu.int/comm/employment_social/news/2002/oct/data_prot_en.pdf