You are here

Workplace Cyber Surveillance: Rights and Obligations

Les conditions licites de la cybersurveillance du salarié
Published on
25 January 2018

Monitoring employee computers and emails is only legal if certain procedures are followed. While E.U. courts limit how businesses can monitor their employees, the application of such regulations remains under the control of each member state. What criteria have been selected to control cyber surveillance and why? 

Interview: We speak with Nathalie Devillier, a professor of law at Grenoble Ecole de Management.

Why is employee cyber surveillance allowed?

According to the laws that regulate the workplace, employers have the right to implement electronic monitoring. As we evolve in a world where e-reputations and cyberattacks are essential factors for business, employers must have this capacity.

However, the courts require companies to inform employees of any surveillance and the company's works council must also be consulted. In addition, employees must be informed of these measures via the company rules and regulations, an ethics charter or a guide for best practices before surveillance is implemented. Finally, if an employer decides to implement electronic monitoring, the company must declare the initiative to the CNIL and document all collected information.

What criteria must employers follow if they wish to monitor private electronic activity by employees?

The E.U. courts have set boundaries for such surveillance. States are required to ensure that any surveillance measures are reasonable and accompanied by procedural protective measures. Employers must first clearly inform the employee of any surveillance measures before implementing them.

The E.U. courts distinguish between the flow and content of communications. The more a surveillance method is invasive, the more it must be justified. The E.U. courts encourage employers to favor methods that are less invasive than direct access to content.

Companies must also explain the consequences for employees as well as how the collected data is used. The courts guarantee the protection of an employee's electronic communications if they have not previously been informed of surveillance measures. This forbids companies from accessing content without an employee's knowledge.

Cyber surveillance measures must be proportional to the goals of the employer… Could you explain this concept in greater detail?

According to the courts, consequences such as firing an employee for misconduct could be considered a disproportionate result if the employee was not informed of surveillance measures in advance. In France, all emails written from work locations during work hours are assumed to be professional emails. The same goes for professional mobiles, folders created on a computer or data stored on a USB key.

If the concept of loyalty is respected, an employer can check the content of messages written by an employee in order to ensure there are no secret encryptions or that he or she is not playing games online or using Facebook. In terms of workplace regulations, laws concerning cyber surveillance are first oriented towards protecting the security of the employer.

What about the example of sending an email from work using a "personal" label?

By definition, this is a personal communication and in theory the employee is protected. But according to the E.U. courts, the employer can anticipate the right to open such personal emails by using the company rules and regulations. The need to control an employee's activity in such a case must once again be balanced in terms of the goals and means used for monitoring.

The analysis of social network usage by employees is rather vague...

In this particular case, there are contradictory legal guidelines. In the framework of using social networks for personal reasons (with family and friends for example), workplace laws and regulations are faced with a difficulty if someone expresses an opinion about their company in private. There's some discord between the protection of freedom of speech and the diffamation of one's company.

The courts have published three diverging opinions on these situations and therefore judges are left to themselves to decide the nature of a comment. That means being able to decide if a post is private or public. And if it is considered public, is it diffamatory. There is still work to be done to clarify this issue.


A general regulation for the protection of personal data

On May 25th, 2018, a general regulation will be implemented to protect personal data. The fruit of 10 years of negotiations on the topic of cyber surveillance at work and the right to access data, this regulation confirms that member states can follow their own national legislative measures. However, companies must also comply with European regulations.

Therefore, any employee data that is collected must be tied to professional activities. Some important points in European regulations: a company must inform employees of what data will be collected; a company must inform employees that they have the right to oppose these measures if they have valid reasons; a company must ensure the protection of personal data when designing these methods, including in particular a delegate in charge of data protection who will work with the IT department. For sensitive information, companies must carry out an impact study. They must also clarify who is responsible if digital equipment is stolen or lost (a 72 hour deadline exists to report such loss of equipment) or if there is a cyberattack.

Companies must all protect an individual's health-related data such as information that might be collected during a meeting with the workplace doctor. This is to ensure such data will not be sold to companies in sectors such as health insurance.

On the same subject

  • les fondamentaux pour bien gérer son marketing personnel.
    Published on 12 July 2018

    The fundamentals of personal marketing

    Successful personal marketing is an art. How can you go beyond compulsive tweeting or an excessive use of social networks in order to create a solid strategy to build and maintain your e-reputation?

  • Chirag Patel et Christophe Haon
    Published on 18 May 2018

    Research: Retail Website Performance, to Outsource or not to Outsource?

    To improve sales, retail websites focus on personalizing their web pages and increasing their influence on social networks. To achieve these goals, should they rely on internal resources or call on external service providers? A study of 105 U.S....

  • Nathalie Devillier, professeure de droit, à Grenoble Ecole de Management
    Published on 26 April 2018

    General Data Protection Regulation Increases Company Responsibility

    New European regulations on data protection will increase the rights and privacy of internet users in Europe. However, much of the burden of this increased protection will fall on companies. How can businesses prepare for this change?

  • Pourquoi les DRH doivent-elles se saisir du digital ?
    Published on 26 March 2018

    Why Is the Digital Revolution Essential for HR?

    The digital revolution is impacting all areas of business. While HR are particularly affected by this change, it’s an opportunity for them to focus their efforts on the “employee experience”.

  • paiement mobile
    Published on 26 March 2018

    How to Encourage User Adoption of Mobile Payment Options?

    Despite the convenience of mobile payment technology, customer adoption of this new technology is not a given. How can companies build on previous internet experience to facilitate this transition?

  • Must the U.S. Lead the Digital Revolution?
    Published on 22 February 2018

    Must the U.S. Lead the Digital Revolution?

    As the digital revolution unfolds, the U.S. and Silicon Valley have so far led the march. What role can Europe play in this major evolution?

  • Published on 18 January 2018

    Technology Sourcing: How to Optimize Web Performance?

    To increase the performance of retail websites, companies should explore both internal tech development and outsourced tech services. New research confirms the advantage of mixing technology sources.

  • Caroline Cuny, GEM
    Published on 14 December 2017

    Going Digital to Improve In-Store Customer Relations

    How can digital technology help companies improve a customer’s shopping experience? We look at emerging trends such as artificial intelligence, facial recognition and olfactive marketing.

  • Published on 18 June 2017

    Company Nurseries: Improving Performance and Quality of Life at Work

    Private nurseries provide many benefits for companies and employees. A win-win situation that is becoming all the more popular.

  • Published on 17 June 2017

    Nanovalor: a Platform to Evaluate the Value of New Tech

    Emerging technology can impact society and the economy in a variety of ways. Nanovalor creates a platform to analyze and learn about the value of new tech.

  • Cybersécurité : prévenir les risques spécifiques aux TPE/PME
    Published on 17 May 2017

    Cybersecurity: the Challenge for SMEs

    SMEs are a prime target for cybercriminals. Training remains the best defense against such threats.

  • Une quarantaine de collaborateurs Ubisoft en France sont issus de Grenoble Ecole de Management
    Published on 15 May 2017

    Recruitment: How Does Ubisoft Rely on Its Alumni Employees?

    Alumni from various schools can be a precious asset for companies to build connections with potential recruits.

  • Research: Safety at Work in the Construction Industry
    Published on 20 April 2017

    Safety at Work in the Construction Industry

    A recent study of safety at work in the construction industry provides insights to understand the evolution (and uberization) of work and potential safety risks.

  • Gazi Islam, professor of business administration at Grenoble Ecole de Management.
    Published on 20 March 2017

    Is It Time to Work on the Weekend?

    How are markets and capital using new economic models to eat away at our free time on weekends? Gazi Islam, a researcher and professor at Grenoble Ecole de Management, studies individual and organizational work experiences. He recently looked at how...

  • research on Contextual Television Advertising
    Published on 28 February 2017

    Research: Questioning the Effectiveness of Contextual Television Advertising

    As businesses and marketing go digital, companies have to track the effectiveness of their advertising across many channels. The growth of online transactions has made website conversions an essential factor for many businesses. Thanks to detailed...

  • Federico Pigni, Professor at Grenoble Ecole de Management
    Published on 01 July 2016

    Research: Creating Value from Digital Data Streams

    The big data era is upon us. Startups, major companies, organizations and governments are all rushing to extract essential insights from big data. Yet in doing so, many have overlooked the potential value of the digital data streams (DDS) that make...

  • Published on 30 June 2016

    Joining the UN’s International Telecommunication Union (ITU)

    Grenoble Ecole de Management becomes the first Business School in the world, and the first higher education institution in France to join the prestigious International Telecommunication Union (ITU), the United Nations specialized agency based in...

  • Published on 27 June 2016

    European CFOs are against Brexit: new Global Business Outlook survey reveals

    European CFOs are overwhelmingly against a British exit from the European Union, the latest round of the Global Business Outlook Survey reveals. More than 75 percent believe it is good for the U.K. to remain in the European Union, and a like number...

  • Research: the impact of performance evaluations on an individual's network.
    Published on 22 April 2016

    Research: Positive Performance Evaluations Help Employees Develop Internal Networks

    Interactions are an essential part of any organization. Whether it is receiving help from colleagues or gaining access to crucial information, developing a strong internal network makes it easier for an employee to get things done. This latest study...

  • websites such as TripAdvisor have given consumers the power to impact a company's image.
    Published on 22 March 2016

    TripAdvisor: How Companies React to Negative Ratings

    The world wide web has revolutionized the hotel, restaurant and other travel-related industries. From online bookings to customer ratings, companies have to learn how to operate in this new environment. While an organization's market identity used...

  • Research: Creating Visitor Engagement Through Music
    Published on 29 February 2016

    Research: Creating Visitor Engagement Through Music

    Digital communications have created an information overload for customers. To stand out on the world wide web, companies have to offer clients a high-impact experience. When used properly, music provides a simple yet effective means of creating a...

  • Federico Pigni, Professor at Grenoble Ecole de Management
    Published on 28 October 2015

    Congratulations Federico Pigni

    Duetto: Industry Transformation with Big Data, a case study in Harvard Business Review by Federico Pigni, Associate Professor in Information Systems in the Management of Technology and Strategy department at the Grenoble Ecole de Management (France...

  • Published on 13 October 2015

    Put Music on your Website

    Your web communication needs to offer a rich consumer experience to distinguish it from others. Nowadays, websites must evoke enjoyable and memorable feelings in their visitors in order to encourage them to revisit and recommend the website.

  • Published on 09 October 2015

    Advanced Master in Digital Business Strategy: appointment of a new Program Director

    Yann Gourvennec joins Grenoble Ecole de Management as Program Director for the Advanced Master in Digital Business Strategy.

  • websites such as TripAdvisor have given consumers the power to impact a company's image.
    Published on 29 September 2015

    Customer reaction and Market identity

    This article, written by Tao Wang, Filippo Carlo Wezel and Bernard Forgues, examines the conditions under which organizations publicly respond to unfavorable consumer evaluations that challenge their market identity. This study relies on an analyse...

  • Published on 16 July 2015

    Research: Unraveling the Link Between Managerial Risk-Taking and Innovation - the Mediating Role of a Risk-Taking Climate

    Innovation has become a crucial factor for companies looking to maintain their competitive advantage. Yet creating innovative ideas requires a certain level of risk-taking. While research on this subject has focused primarily on risk-taking at one...

  • Published on 07 November 2014

    Research : Digitization, Changing How We Work and Coordinate Projects

    All of us use digital tools and objects that can now be shared and combined in a variety of ways. This change has profoundly influenced the organization of work with projects being divided according to specialization and geographical location.