Federal laws in the U.S. limit the types of data that companies can collect, but the laws have failed to keep up with the rapid development of surveillance and monitoring technologies. Furthermore, employers operating in the European Union (EU) face stricter rules regarding employee monitoring than they do in the U.S.
Although the EU's General Data Protection Regulation (GDPR) does not specifically address employee monitoring, it does include requirements for providing notice about data collection.
"In certain circumstances, GDPR may trigger an obligation to conduct what's called a data protection impact assessment," says Philip L. Gordon, a shareholder at Littler and co-chair of the law firm's privacy and background checks practice group. Unlike U.S. workers, employees in the EU have some rights to private communications in the workplace even if those communications occur on the employer's equipment. For example, if an employee in Europe puts the word "private" in the subject line of an e-mail, an employer cannot look at that content except under certain very limited circumstances.
In fact, the EU Court of Human Rights ruled against a Romanian company that fired a worker based on his Yahoo messages, even though it was an employer-provided account and the company's rules specifically prohibited workers from using the account for personal communications. The court said an employer can monitor employee e-mail only if it gives advance notice, which in this case it had not. "An employer's instructions cannot reduce private social life in the workplace to zero," the court said.
To read more about employee monitoring and privacy, see Watching the Workers from SHRM's All Things Work.
Tam Harbert is a freelance technology and business reporter based in the Washington, D.C., area.