19

I am interested in privacy at the interface between one's personal and professional lives. This question is adjacent, but not identical to others related to IT system use (1, 2). Given a workplace IT system which is necessary to complete one's job duties, what rights, if any, do you retain as an employee to withhold your consent? For example, can you maintain that you do not personally consent/agree to be monitored even if your system states "by logging in... you acknowledge and consent to the monitoring of this system"? It seems unremarkable for an employer to ask for acknowledgement/compliance with system policies, but consent/agreement seems too much to demand. (Sub-question: by extension, could an employer require an employee to consent/agree to a physical search?)

I am specifically curious about law in the United States of America, but if there are relevant answers for other nations, those would be acceptable, too.

Improve this question
7
  • 1
    "It seems unremarkable for an employer to ask for acknowledgement/compliance with system policies, but consent/agreement seems too much to demand." Why do you say this? They don't seem much different to me.
    – Michael Hall
    Commented Jun 24 at 19:44
  • 15
    It would be perfectly legal for an employer to watch you work and check your work. The computer doesn't seem to change that, just the mechanism they need to use to do that.
    – StephenG - Help Ukraine
    Commented Jun 25 at 12:09
  • 8
    @StephenG-HelpUkraine this would be completely illegal in France and at least in some places in Germany and Italy
    – WoJ
    Commented Jun 25 at 17:03
  • 5
    @WoJ To be clear, are you saying that any monitoring of an employees activities in the workplace is illegal (strong word) in France or just the computer related part ? Could you write an answer explaining that, it might be useful to others.
    – StephenG - Help Ukraine
    Commented Jun 25 at 20:59
  • 5
    @WoJ The U.S. certainly has some of the weakest protections for employees rights of any jurisdiction in the developed world and has weaker protections for employees than quite a few jurisdictions in the developing world and "third-world".
    – ohwilleke
    Commented Jun 25 at 22:45

2 Answers 2

Reset to default
38

Given a workplace IT system which is necessary to complete one's job duties, what rights, if any, do you retain as an employee to withhold your consent?

Essentially none, unless you personally, or your union, negotiated a contractual term for your employment that provides otherwise.

You have essentially no legal rights to privacy from your employer about what you are doing while you are on the job.

U.S. states vary considerably, in contrast, regarding how much information an employer can ask about your activities when you are not at work.

For example, employers in most states are not allowed to ask about how you voted in an election for public offices. Similarly, most Colorado employers are not allowed to discriminate against employees based upon their lawful away from work activities (like smoking).

IT monitoring is particularly common in the finance industry to discourage embezzlement and other forms of financial fraud. I have a relative who works in the back office of a bank who is required to take a complete two week vacation with no remote work every year to allow auditors to review their computer files and work in a context where the employee doesn't have any ability to interfere.

Sub-question: by extension, could an employer require an employee to consent/agree to a physical search?

There are jobs, such as working in a mint (i.e. a manufacturing facility for coins), working in gold or diamond mines, working in factories that manufacture controlled substances, working in advanced biotech labs, working in secret national security facilities, and working in prisons and jails, where this is common. As a practical matter of employee satisfaction and finding a way to hire new employees, it isn't very common where the need to do so isn't obvious, but it isn't legally prohibited.

Other Examples

Law enforcement officers, meanwhile, are frequently required to wear body cameras on the job.

Truckers and delivery people often have GPS systems that report back to headquarters to monitor their every move and speed at all times and dash cams. Bus drivers often have this monitoring and also constant security cam and dash cam monitoring. On airplanes, the "black box" records everything done by the pilots and everything said in the cabin for a certain period of time before a crash.

The U.S. President's use of computers and communications on the phone are tightly monitored and recorded.

Improve this answer
11
  • 7
    @blues They're not allowed to ask you to break the law. And the limitation is that you don't have to take the job.
    – Jason Patterson
    Commented Jun 25 at 12:27
  • 3
    @blues - I can walk an employee over to medical for a drug test if I deem it necessary. But they likely won't measure blood pressure. It is a condition of employment for a clearance holder.
    – Jon Custer
    Commented Jun 25 at 12:49
  • 1
    @dsollen None of those protections would belong to the individual employee while on the job. Your employer doesn't have to allow you to confer with a doctor, personal lawyer, or priest while you are on the job. You could go on break and do those things with your own phone or computer.
    – ohwilleke
    Commented Jun 25 at 19:09
  • 2
    @dsollen: What you describe is mostly a matter of employers not wanting to end up on the national news (in a bad way) rather than actual legal protections. What few protections there are are mostly of the non-discrimination variety rather than the privacy variety (i.e. maybe you can know that your employee has a medical condition, if your employee carelessly uses employer-provided technology to communicate about that condition, but if they're otherwise fit to work, you can't discriminate against them on that basis).
    – Kevin
    Commented Jun 25 at 22:37
  • 1
    @MindwinRememberMonica There are also been many cases where there are repercussions. That is a risky ploy for a law enforcement officer to take, and anyway goes to enforcement of a valid rule, not the validity of the rule itself.
    – ohwilleke
    Commented Jun 26 at 17:44
25

Monitoring employees is generally prohibited.

An employer must not monitor employees to an extent not necessary by its duties. That means for instance that the employer cannot monitor the internet pages someone visits, even when he's using a company computer. The employer might set up rules on internet usage (e.g. that private browsing during work hours is not allowed or that certain pages are not to be visited), but supervision of this cannot be done using automated tools but instead must be based on the social level or on trust (e.g. if every time the boss walks past one's desk some youtube clip is being played, he may ask for an explanation).

I know from an employer who once tried to install a firewall that was capable of acting as an SSL proxy, deciphering all traffic for "security reasons". Even though they assured the measure was for network security only, they had to shut it down again after being pointed at the relevant law.

This does not mean that employee surveillance is never allowed, but there must be a business reason for that. And just "safety reasons" is not enough, neither is a general suspicion against all employees.

Here's more information on this. (german)

Improve this answer
4
  • 1
    Would a firewall rule that just completely blocked all connections to a given social media site be allowed? If the default is that no employee can access facebook but some public relations employees are allowed access, is this reasonable/legal?
    – doneal24
    Commented Jun 26 at 6:58
  • 5
    @doneal24 - blocking would be ok - but retaining logs of connections blocked would probably count as surveillance. It's a problem I've had to deal with in EU countries - so much stuff logs IP by default, so you have to make sure logs are all set up right
    – lupe
    Commented Jun 26 at 9:57
  • 2
    Referring to the discussions in the comments under the question, laws in Germany, France and other EU countries are roughly similar. For any kind of surveillance there needs to be some kind of balance between the employers economic needs and the employees rights to privacy.
    – quarague
    Commented Jun 26 at 11:39
  • @lupe Correct, and there need to be very distinct rules on who can access those logs. And (as an example) implementing a rule that logs can only be inspected in a four-eyes principle is both technically as well as conceptually diffiult.
    – PMF
    Commented Jun 26 at 13:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .