Data ProtectionPrivacy

Coronavirus emergency allows deeper monitoring of employees?

During the Covid-19 emergency, employers want to understand how to check their employees

The coronavirus emergency and the consequential smart working of several employees open questions on whether their remote monitoring is justified.

The measures introduced by the Italian Government (and potentially adopted by other countries soon) to deal with the coronavirus emergency strongly recommend employers to encourage the smart working their employees.

We are in 2020, and smart working should be already encouraged by several companies that usually also have a “bring your own device” (BYOD) policy. But there is a major difference between smart working for a couple of days a week and being far from the office for 3+ weeks, without physical contact with your team.

Under such a scenario, the question that several clients are raising is whether they can remotely monitoring their employees to make sure that they are working. Indeed, the assessment of employees based on results can be efficient in the long term. Still, when it is necessary to deal with an emergency, employers don’t want to risk the potential delays and inefficiencies of their employees. The matter is addressed in the article below as well as in my video (in Italian) as part of Diritto al Digitale

Is the remote monitoring of employees justified by the coronavirus emergency?

I already discussed a similar topic in a previous article (See “Are your Coronavirus checks privacy compliant?“). There is currently no specific law (at least in Italy) providing for the waiver of data protection laws due to the current situation of emergency as recently happened in Italy for communication of personal data on people infected by Covid-19 between public and private entities. In the absence of emergency law, any data processing activity shall comply with restrictions imposed applicable privacy laws.

This scenario means that no continuous monitoring of employees is allowed. Such an activity would be in breach of the GDPR as well as in several countries like Italy of labor laws. The monitoring of employees might be allowed when it is strictly necessary for the performance of the working activity. But this conclusion means that it would not be allowed on all the employees of the company, rather for specific roles.

What restrictions to remote monitoring under data protection laws?

I have already extensively covered the data protection issues relating to the remote monitoring of employees in a previous article (See “Employees’ monitoring: a prior privacy notice might not suffice, especially under the GDPR!“). The scenario does not change with the remote monitoring of smart workers during the coronavirus emergency.

The principles are the following:

  • it is not possible to continuous monitoring of employees;
  • some monitoring activities can be performed, if necessary to the performance of the working activity. But this can happen only after the provision of a privacy information notice, as well as the performance of data protection impact assessment and of a balancing test since the data processing activity, is likely to be based on legitimate interest.

Besides, if there is a suspect of illegal conduct perpetrated by the employee or of an activity damaging the rights of the employer, it is possible to access data (e.g., emails, log files and data on ) to collect evidence of the challenged conduct, provided that a prior privacy information notice was given. And this scenario might be relevant in the current situation since a company might suspect that an employee is not working, and such a suspect might lead to an investigation on his behavior and device. But it is crucial to have prior data protection notice that allows checks in such circumstances, also with the relevant DPIA and balancing tests, as otherwise, employees might be in a stronger position to challenge potential checks.

As previously mentioned, you may find interesting the articles “Are your Coronavirus checks privacy compliant?” and “Employees’ monitoring: a prior privacy notice might not suffice, especially under the GDPR!“.

Don't miss our weekly insights

Tags
Show More

Giulio Coraggio

I am the head of the Italian Technology sector and the global head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our clients' success.

Related Articles

Back to top button
Close