You are here

Workplace Cyber Surveillance: Rights and Obligations

Les conditions licites de la cybersurveillance du salarié
Published on
25 January 2018

Monitoring employee computers and emails is only legal if certain procedures are followed. While E.U. courts limit how businesses can monitor their employees, the application of such regulations remains under the control of each member state. What criteria have been selected to control cyber surveillance and why? 

Interview: We speak with Nathalie Devillier, a professor of law at Grenoble Ecole de Management.

Why is employee cyber surveillance allowed?

According to the laws that regulate the workplace, employers have the right to implement electronic monitoring. As we evolve in a world where e-reputations and cyberattacks are essential factors for business, employers must have this capacity.

However, the courts require companies to inform employees of any surveillance and the company's works council must also be consulted. In addition, employees must be informed of these measures via the company rules and regulations, an ethics charter or a guide for best practices before surveillance is implemented. Finally, if an employer decides to implement electronic monitoring, the company must declare the initiative to the CNIL and document all collected information.

What criteria must employers follow if they wish to monitor private electronic activity by employees?

The E.U. courts have set boundaries for such surveillance. States are required to ensure that any surveillance measures are reasonable and accompanied by procedural protective measures. Employers must first clearly inform the employee of any surveillance measures before implementing them.

The E.U. courts distinguish between the flow and content of communications. The more a surveillance method is invasive, the more it must be justified. The E.U. courts encourage employers to favor methods that are less invasive than direct access to content.

Companies must also explain the consequences for employees as well as how the collected data is used. The courts guarantee the protection of an employee's electronic communications if they have not previously been informed of surveillance measures. This forbids companies from accessing content without an employee's knowledge.

Cyber surveillance measures must be proportional to the goals of the employer… Could you explain this concept in greater detail?

According to the courts, consequences such as firing an employee for misconduct could be considered a disproportionate result if the employee was not informed of surveillance measures in advance. In France, all emails written from work locations during work hours are assumed to be professional emails. The same goes for professional mobiles, folders created on a computer or data stored on a USB key.

If the concept of loyalty is respected, an employer can check the content of messages written by an employee in order to ensure there are no secret encryptions or that he or she is not playing games online or using Facebook. In terms of workplace regulations, laws concerning cyber surveillance are first oriented towards protecting the security of the employer.

What about the example of sending an email from work using a "personal" label?

By definition, this is a personal communication and in theory the employee is protected. But according to the E.U. courts, the employer can anticipate the right to open such personal emails by using the company rules and regulations. The need to control an employee's activity in such a case must once again be balanced in terms of the goals and means used for monitoring.

The analysis of social network usage by employees is rather vague...

In this particular case, there are contradictory legal guidelines. In the framework of using social networks for personal reasons (with family and friends for example), workplace laws and regulations are faced with a difficulty if someone expresses an opinion about their company in private. There's some discord between the protection of freedom of speech and the diffamation of one's company.

The courts have published three diverging opinions on these situations and therefore judges are left to themselves to decide the nature of a comment. That means being able to decide if a post is private or public. And if it is considered public, is it diffamatory. There is still work to be done to clarify this issue.

A general regulation for the protection of personal data

On May 25th, 2018, a general regulation will be implemented to protect personal data. The fruit of 10 years of negotiations on the topic of cyber surveillance at work and the right to access data, this regulation confirms that member states can follow their own national legislative measures. However, companies must also comply with European regulations.

Therefore, any employee data that is collected must be tied to professional activities. Some important points in European regulations: a company must inform employees of what data will be collected; a company must inform employees that they have the right to oppose these measures if they have valid reasons; a company must ensure the protection of personal data when designing these methods, including in particular a delegate in charge of data protection who will work with the IT department. For sensitive information, companies must carry out an impact study. They must also clarify who is responsible if digital equipment is stolen or lost (a 72 hour deadline exists to report such loss of equipment) or if there is a cyberattack.

Companies must all protect an individual's health-related data such as information that might be collected during a meeting with the workplace doctor. This is to ensure such data will not be sold to companies in sectors such as health insurance.

On the same subject

  • Est-ce la mort annoncée de la « fast fashion » ?
    Published on 20 January 2020

    Is “fast fashion” coming to an end?

    H&M, Zara, Forever 21, Gap, Bershka… Fast fashion brands are recognizable around the world. Despite representing 10-20% of the global fashion market, is this business model coming to an end?

  • Service Freemium : lorsque la qualité fait la différence
    Published on 20 January 2020

    Freemium offers: quality the key to converting free users?

    Free digital services have become so commonplace that converting users to premium offers has become a major challenge for many digital companies. New research highlights quality as a key factor in successfully implementing a freemium strategy.

  • Les MOOCs géopolitiques de GEM ré-accrédités EOCCS
    Published on 15 October 2019

    GEM’s Geopolitical MOOCs re-accredited EOCCS

    Grenoble Ecole de Management’s (GEM) online training program « Global Studies: International Relations and World Politics » renews its EOCCS (EFMD Online Course Certification System) accreditation, a guarantee of quality awarded by the EFMD....

  • Des catalogues digitaux enrichis… Pour quoi faire ?
    Published on 16 September 2019

    Digitally enhanced catalogs… A winning promise?

    3D images, videos, detailed product files… Digitally enhanced catalogs offer a new, trendy marketing tool. Yet research confirms that such enhancements aren’t necessarily a worthy investment.

  • Comment gagner en valeur en co-créant avec ses clients ?
    Published on 15 April 2019

    How to increase value by co-creating with customers?

    Co-creating new services and products with customers enables companies to better match customer expectations and increase the success of their offers. With the advent of digital technology, the co-creation process has become all the more accessible...

  • Published on 25 March 2019

    Digital jobs: leading by example

    With two women in charge of its big data and information systems programs, Grenoble Ecole de Management seeks to lead by example and help break down barriers to women in the digital sector.

  • Les femmes et les métiers du numérique
    Published on 25 February 2019

    Women in a digital world

    The Grenoble Business Review continues its series on women in the digital world. We speak with Charlotte and Jalila, both of whom entered and found their place in a digital world often perceived as being open only to men.

  • Margaux Raab et Hugo Avale, Fondateurs de neojobs
    Published on 25 February 2019

    Agility: the first key to entrepreneurship

    The co-founders of neojobs share first hand advice drawn from their startup experience. And behind all of their advice lies the importance of agility for any entrepreneurial project.

  • Federico Pigni a propos de Digital Twins dans une interview accordée au canal Xerfi.
    Published on 14 February 2019

    Why are Digital Twins becoming a business imperative?

    What are these custom and very specific types of virtual simulations and how can they open up a multitude of new opportunities for us?

  • Chirag Patel et Christophe Haon
    Published on 18 May 2018

    Research: Retail Website Performance, to Outsource or not to Outsource?

    To improve sales, retail websites focus on personalizing their web pages and increasing their influence on social networks. To achieve these goals, should they rely on internal resources or call on external service providers? A study of 105 U.S....

  • Published on 18 June 2017

    Company Nurseries: Improving Performance and Quality of Life at Work

    Private nurseries provide many benefits for companies and employees. A win-win situation that is becoming all the more popular.

  • Published on 17 June 2017

    Nanovalor: a Platform to Evaluate the Value of New Tech

    Emerging technology can impact society and the economy in a variety of ways. Nanovalor creates a platform to analyze and learn about the value of new tech.

  • Cybersécurité : prévenir les risques spécifiques aux TPE/PME
    Published on 17 May 2017

    Cybersecurity: the Challenge for SMEs

    SMEs are a prime target for cybercriminals. Training remains the best defense against such threats.

  • Une quarantaine de collaborateurs Ubisoft en France sont issus de Grenoble Ecole de Management
    Published on 15 May 2017

    Recruitment: How Does Ubisoft Rely on Its Alumni Employees?

    Alumni from various schools can be a precious asset for companies to build connections with potential recruits.

  • Research: Safety at Work in the Construction Industry
    Published on 20 April 2017

    Safety at Work in the Construction Industry

    A recent study of safety at work in the construction industry provides insights to understand the evolution (and uberization) of work and potential safety risks.

  • Gazi Islam, professor of business administration at Grenoble Ecole de Management.
    Published on 20 March 2017

    Is It Time to Work on the Weekend?

    How are markets and capital using new economic models to eat away at our free time on weekends? Gazi Islam, a researcher and professor at Grenoble Ecole de Management, studies individual and organizational work experiences. He recently looked at how...

  • research on Contextual Television Advertising
    Published on 28 February 2017

    Research: Questioning the Effectiveness of Contextual Television Advertising

    As businesses and marketing go digital, companies have to track the effectiveness of their advertising across many channels. The growth of online transactions has made website conversions an essential factor for many businesses. Thanks to detailed...

  • Federico Pigni, Professor at Grenoble Ecole de Management
    Published on 01 July 2016

    Research: Creating Value from Digital Data Streams

    The big data era is upon us. Startups, major companies, organizations and governments are all rushing to extract essential insights from big data. Yet in doing so, many have overlooked the potential value of the digital data streams (DDS) that make...

  • Published on 30 June 2016

    Joining the UN’s International Telecommunication Union (ITU)

    Grenoble Ecole de Management becomes the first Business School in the world, and the first higher education institution in France to join the prestigious International Telecommunication Union (ITU), the United Nations specialized agency based in...

  • Published on 27 June 2016

    European CFOs are against Brexit: new Global Business Outlook survey reveals

    European CFOs are overwhelmingly against a British exit from the European Union, the latest round of the Global Business Outlook Survey reveals. More than 75 percent believe it is good for the U.K. to remain in the European Union, and a like number...

  • Research: the impact of performance evaluations on an individual's network.
    Published on 22 April 2016

    Research: Positive Performance Evaluations Help Employees Develop Internal Networks

    Interactions are an essential part of any organization. Whether it is receiving help from colleagues or gaining access to crucial information, developing a strong internal network makes it easier for an employee to get things done. This latest study...

  • websites such as TripAdvisor have given consumers the power to impact a company's image.
    Published on 22 March 2016

    TripAdvisor: How Companies React to Negative Ratings

    The world wide web has revolutionized the hotel, restaurant and other travel-related industries. From online bookings to customer ratings, companies have to learn how to operate in this new environment. While an organization's market identity used...

  • Research: Creating Visitor Engagement Through Music
    Published on 29 February 2016

    Research: Creating Visitor Engagement Through Music

    Digital communications have created an information overload for customers. To stand out on the world wide web, companies have to offer clients a high-impact experience. When used properly, music provides a simple yet effective means of creating a...

  • Published on 16 July 2015

    Research: Unraveling the Link Between Managerial Risk-Taking and Innovation - the Mediating Role of a Risk-Taking Climate

    Innovation has become a crucial factor for companies looking to maintain their competitive advantage. Yet creating innovative ideas requires a certain level of risk-taking. While research on this subject has focused primarily on risk-taking at one...

  • Published on 07 November 2014

    Research : Digitization, Changing How We Work and Coordinate Projects

    All of us use digital tools and objects that can now be shared and combined in a variety of ways. This change has profoundly influenced the organization of work with projects being divided according to specialization and geographical location.