Monitoring employees' emails - rules of the game
26 Nov 2020
Since a lot of employees are working from home today, employers are faced with new challenges when managing their workforce. They might be tempted to check the emails of their employees in order to monitor their activities while teleworking. The fact that the employees’ right to privacy in the employment relationship has a more limited scope does not compromise the protection of employees against their employer infringing their personal privacy. It is a question of finding a balance between fundamental rights on the one hand and the exercise of employer authority on the other, in order to avoid disproportionate interference with the privacy of employees.
The implications of the company email policy
When emails have a professional nature - which is not contested by the employee, or if it is not permitted for the worker to use his or her professional email address for private purposes, the employer may consult the emails directly.
However, this is not the case where both professional and private use of emails is allowed within the company. In this case, the employer cannot directly access the employee's emails and must respect certain guidelines designed to protect the employees’ right to privacy. Indeed, the Act of 13 June 2005 on electronic communication provides that information that is transmitted by electronic means of communication may neither be (intentionally) consulted nor be used by any person for whom it is not personally intended. However, exceptions can be made to this prohibition. To a certain extent, the employer's prerogative of management and supervision can constitute the legal basis for warranting such an exception.
To this end, the industrial (“social”) partners concluded Collective Bargaining Agreement (CBA) no. 81 on the protection of the privacy of employees regarding the monitoring of networked electronic online communication data, which sets out the applicable rules. The aim of this CBA is to achieve a suitable balance between the protection of the worker's privacy in the workplace and the employer's prerogatives to ensure the effective continuity of the business.
Global monitoring: the rules of the game
CBA no. 81 states that the employer is only allowed to collect global data without identifying individual employees. For example, the employer may collect data on the number of emails sent per workstation. Such global monitoring of the electronic online communication data is permitted if the following principles are observed:
The global monitoring of the electronic online communication data is only permitted if one or more of the following purposes are pursued (i.e. principle of finality):
prevention of illicit or defamatory acts, acts contrary to good morals and acts that may affect the dignity of others;
protection of the economic, commercial and financial interests of the company;
security and/or proper technical functioning of the company's IT systems;
bona fide compliance with the principles and rules on the use of the company’s IT systems.
In addition, the employer must ensure that there is no interference in the private life of the worker. If, however, it is not possible to avoid such intrusion, interference must be kept to a minimum (i.e. proportionality principle).
Finally, the CBA also provides procedures of information and consultation, both individual and collective, of employees when a monitoring process is initiated (i.e. transparency principle).
But what if you want to monitor a specific employee?
If, based on the information gathered during global monitoring, irregularities are found, individual employees can be identified on those grounds, which can result in an individualised check. Direct individualised monitoring is thus possible in cases where, when performing global monitoring, the employer detects irregularities that indicate an unauthorised (f)act, a violation of the legitimate interests of the company or a threat to the IT systems (being the first three items of the principle of finality).
In the event of an irregularity on the part of an employee, e.g. disrespect of the company policy, the employee can be indirectly individualised (being the fourth item of the principle of finality). The employee must then first be interviewed about the irregularity found to exist, and be informed that indirect individualised monitoring will be initiated should a new irregularity on his or her part be detected. Only if this approach turns out to be insufficient to establish the presumed abuse, the employer may investigate the content of the communication.
Conclusion
In view of the right to privacy, while exercising their prerogative of monitoring and supervision, employers must be careful so as to observe the limits set down by law. If they exceed their powers, they are liable to various penalties, ranging from administrative fines to civil and possibly even criminal sanctions; so caution is advised.
So, first and foremost, make sure to provide adequate information, both at a collective level (works council, prevention committee, trade union delegation or employees) and at an individual level (e.g. in the employment contract). As an employer, you must provide information about the policy and purposes pursued, any retention of the data, and the duration of the monitoring. In addition, employees have to be informed of their rights and obligations and possible sanctions (among other things).
In so far as you intend to apply global monitoring, we recommend setting clear objectives, avoiding excessive measures, and conducting timely and clear communication.
In cases involving the use of electronic communication in breach of the internal company policy, the employee must first be informed/interviewed.
If you wish to receive more information, do not hesitate to reach out!
Contact us
