Legal regulation of employee monitoring in the digital age: between security and privacy

The digital age has brought unprecedented advancements to workplace environments, enhancing efficiency, collaboration, and connectivity. However, these technological transformations have introduced significant concerns regarding employee privacy. The widespread adoption of advanced monitoring tools, data analytics, and remote work technologies has raised questions about the balance between employers' operational needs and employees' rights to privacy. This study explores the complexities surrounding employee privacy rights in the digital era, addressing legal, ethical, and practical dimensions. It examines global legal frameworks governing workplace privacy, ethical dilemmas posed by surveillance technologies, and the role of emerging trends such as artificial intelligence and wearable technologies in employee monitoring.Through an extensive review of existing literature and analysis of real-world case studies, the research identifies critical gaps in current privacy policies and practices. Findings reveal that while monitoring technologies can enhance productivity and security, their misuse often leads to ethical challenges and a loss of trust among employees. The study underscores the importance of transparency and consent in implementing monitoring practices and highlights the lagging pace of legal regulations in addressing rapid technological advancements.To foster a balanced workplace, this study emphasizes the need for organizations to adopt ethical monitoring practices, prioritize employee awareness, and align their policies with updated legal and societal expectations. By proposing strategies that balance organizational objectives with the preservation of individual rights, this research contributes to the ongoing discourse on workplace privacy. The findings aim to guide policymakers and organizations in designing frameworks that ensure technological innovation does not compromise the fundamental rights of employees, ultimately advocating for a workplace culture built on trust, fairness, and respect.

IV. Conclusion Growing employee awareness of the degree to which their personal privacy is compromised in the workplace, particularly with regards to information/telecommunicatton-system use and work monitoring, has created an organizational and political climate that may yield significant restrictions on employee monitoring and on how employers maintain and distribute employees’ personal information. While both federal and state governments have generally deferred to the right of the employer-as-owner to set conditions of employment that may include intrusions into employee privacy (Grodin, 1991), a number of statutory restrictions have been promulgated or proposed that will significantly expand employee privacy rights in the workplace. Additionally, it is probable that unions will aggressively assert employee privacy rights within the context of collective bargaining, potentially using employee dissatisfaction with privacy intrusions as a basis for organizing nonunion firms.

The use of Internet by employees at the workplace involves risks both for the employer and the employees. As recent studies show, employees use their business computer to surf the web for personal purposes during the working hours. This lead to a supplemental cost for their employer. In addition, the networks are infested by viruses and business spies attracted by the data of the company for different reasons. Considering the risks, the employer has legitimate interests in monitoring his employees during the working hours but the use of poweful monitoring programs results in a high risk of invasion of employee's privacy. In the USA, constitutional and common law doctrines provide protection for employee privacy right. In France, employee's privacy right are ensured both by the 1950 treaty of the European Council, the Constitution and the civil code. Although both the USA and France protect employee's privacy rights at the workplace by similar rules, French and American courts have adopted opposite views on the subject of employee's privacy right at the workplace. This essay aims at comparing the differences between the French and US system of laws in balancing the employers' interest versus that of the employee.

Employment Relations TodayVolume 37, Issue 3 p. 77-83 Key Court Cases “Prudence counsels caution”: The Supreme Court leaves open more questions than it answers on employee privacy rights in the digital age Harold M. Brody, Harold M. Brody hbrody@proskauer.com Proskauer Rose LLPSearch for more papers by this authorMatthew A. Jackson, Matthew A. Jackson mjackson@proskauer.com Proskauer Rose LLPSearch for more papers by this author Harold M. Brody, Harold M. Brody hbrody@proskauer.com Proskauer Rose LLPSearch for more papers by this authorMatthew A. Jackson, Matthew A. Jackson mjackson@proskauer.com Proskauer Rose LLPSearch for more papers by this author First published: 19 October 2010 https://doi.org/10.1002/ert.20312AboutPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onFacebookTwitterLinkedInRedditWechat Volume37, Issue3Autumn (Fall) 2010Pages 77-83 RelatedInformation

Orientation: The study is located in an organisation responsible for the administration of the Zimbabwean border posts. The nature of its business calls for the use of surveillance to curb criminal activities. Research Purpose: The study examines how workplace surveillance affects employees based on their demographic differences. Motivation of the Study: Smuggling is rife at Zimbabwe border posts depriving the state of revenue while exposing the civil society to smuggled goods. The use of workplace surveillance is critical in managing such illegal activities but the employer needs not infringe employee rights to privacy. Research Design, Approach and Method: The research follows a survey research design, and a quantitative research approach using a positivism research philosophy. Data collection amongst a sample of 364 respondents was possible through Survey Monkey. Data analysis comprised of descriptive and inferential statistics. In particular, the study utilised Shapiro-Wilk and Kruskal Wallis tests. Main Findings: The study found that demographic variables that have an impact on workplace surveillance are employee age, education and computer use experience while gender, work experience, work role, and time spent on the internet do not. Practical/Managerial Implications: The employer needs to understand that employees appreciate the business importance of workplace surveillance and there is a need to involve them in such decisions. Management also needs to ensure that such surveillance does not thwart employee privacy rights. Contribution or value-add: The study contributes to the body of knowledge by noting that employee age, education and computer use experience demographic variables have an impact on workplace surveillance while gender, work experience, work role, and time spent on the internet do not.

The World Bank estimates that over one billion people currently lack official identity documents. To tackle this crucial issue, the United Nations included the aim to provide legal identity for all by 2030 among the Sustainable Development Goals. Technology can be a powerful tool to reach this target. In the digital age, new technologies increasingly mediate identity verification and identification of individuals. Currently, State-led and public–private initiatives use technology to provide official identification, to control and secure external borders, and to distribute humanitarian aid to populations in need. All of these initiatives have profound implications for the protection of human rights of those affected by them. Digital identity technologies may render individuals without legal documentation more visible and therefore less vulnerable to abuse and exploitation. However, they also present risks for the protection of individuals' human rights. As they build on personal data for identification and identity verification, data protection and privacy rights are most clearly affected. The prohibition of discrimination in the digital space is also of concern as these technological advances' societal impact is not yet fully understood. Accordingly, the article argues that emerging digital identity platforms will only contribute to the protection of human rights if the providers adequately mitigate any risks of potential discrimination and promote high standards of privacy and data protection.

The Google Spain judgment established a search engine as a sui generis controller and the related ‘right to be forgotten’ (right to delisting) under data protection legislation, despite the controversies surrounding it primarily on account of the logic of the search engine operator’s functioning and its consequent inability to comply with certain basic data protection requirements. Resulting interpretations, ie the contouring of data protection legislation under CJEU case law (the Google Spain and the GC and Others judgment), are examined in this paper in detail in relation to the currently applicable GDPR provisions, which allows conclusions to be drawn on the substance of the (sui generis) delisting right, the legal standing of data subjects, the assessment of delisting requests, and the related role and responsibilities of search engine operators. While neither removal from the source web page is required nor can delisting be denied exclusively on the basis of the publisher’s right to freedom of information and expression, analysis shows several manifestations of inherent interweavement with concerns of freedom of information and expression, which at the same time intrinsically oppose data protection and privacy rights. The issue is further challenged by a lack of harmonisation in the area of reconciling privacy and data protection rights with the freedom of expression and information. The last section of the paper discusses the rationale behind the recently established duty of adjusting, ie rearranging, search results in certain cases where delisting requests were denied, the implications for the operators, and the future outlook. Keywords: right to be forgotten, GDPR, GC and Others v CNIL, sensitive data, legitimate interest, substantial public interest, freedom of information, adjusting search results.   This work is licensed under the Creative Commons Attribution − Non-Commercial − No Derivatives 4.0 International License.   Suggested citation: N Gumzej, ‘“The Right to Be Forgotten” and the Sui Generis Controller in the Context of CJEU Jurisprudence and the GDPR’ (2021) 17 CYELP 127.

This chapter addresses the legal aspects of employee privacy in virtual workplaces. The body of law regarding employee workplace privacy that has evolved over the years establishes a minimal expectation of privacy on the part of the employee (meaning employers have been found guilty of violating employee privacy only in rare and extreme cases). No one has yet examined whether virtual workplaces alter the fundamental assumptions underlying employee privacy rights. By reviewing the current status of employee privacy law and juxtaposing it with virtual workplace environments, with a particular focus on communication technologies, this chapter seeks to provide guidance for the privacy issues that are sure to arise with the growth and development of virtual workplaces.

This research investigates the critical intersection of data protection and the implications for individuals' right to privacy. In an era of increasing digitalization and data-driven technologies, this study employs a mixed-methods approach, incorporating qualitative insights and quantitative analysis, to comprehensively explore the challenges, legal frameworks, and ethical considerations surrounding data protection in relation to the fundamental right to privacy. The qualitative aspect of the study involves interviews, legal case analyses, and expert opinions to capture nuanced perspectives on the evolving landscape of data protection and its impact on individuals' right to privacy. Simultaneously, quantitative data analysis will be utilized to identify trends, correlations, and statistical patterns associated with data breaches, privacy concerns, and regulatory compliance. Various dimensions of data protection will be investigated, including the implications of emerging technologies, the role of legislative frameworks such as GDPR, and the ethical considerations surrounding the collection, storage, and utilization of personal data. The study aims to provide insights into the challenges faced by individuals, organizations, and policymakers in striking a balance between data-driven innovations and the protection of privacy rights. The findings from this research are anticipated to contribute valuable insights for policymakers, legal professionals, and technology stakeholders. By understanding the complexities of data protection and its implications on the right to privacy, stakeholders can formulate informed strategies, refine regulatory frameworks, and foster responsible data practices in the digital age. This study serves as a foundation for informed decision-making and future research within the realm of data protection and privacy rights.

Purpose This article aims to examine the tension between freedom of expression and personal data protection, focusing on criminal conviction and offence data under the General Data Protection Regulation (GDPR). It analyses how legal frameworks, particularly Article 85 of the GDPR, attempt to reconcile public access to information with individual data privacy rights harmoniously. Design/methodology/approach Using a legal doctrinal approach primarily, this study examines GDPR provisions, especially Article 85, alongside relevant case law. The principle of proportionality serves as a key analytical tool to assess the necessity and justification of legal restrictions on data processing. Findings The research underscores the delicate balance between freedom of expression and data protection concerning criminal records. Article 85 plays a crucial role in establishing journalistic exemptions while ensuring data privacy. The principle of proportionality is vital in preventing disproportionate restrictions, requiring case-by-case evaluations. The study highlights the evolving nature of privacy-publicity conflicts, with the right to be forgotten serving as a safeguard against undue harm from outdated or minor convictions. Research limitations/implications This study has limitations, including its reliance on case-specific analyses, which overlook the broader impacts of the evolving digital media landscape, particularly social media and user-generated content. The focus on European legal frameworks (e.g. GDPR) restricts generalisability to non-EU jurisdictions with differing standards. Additionally, the analysis emphasises journalistic exemptions, neglecting other forms of expression – such as academic, artistic and literary – that also require balancing against personal data protection rights. Practical implications The research provides practical guidance for balancing data protection and freedom of expression, particularly under GDPR Article 85. It underscores the need for case-by-case assessments, ensuring proportionality and necessity when handling criminal conviction data. Policymakers and legal practitioners can use these insights to refine journalistic exemptions and prevent data misuse, especially in digital media contexts. Organisations, including media platforms, are encouraged to adopt responsible data-handling practices to safeguard privacy while enabling public interest reporting. Finally, the findings stress the importance of dynamic frameworks that adapt to evolving societal and technological contexts, supporting fair outcomes for both data protection and expression rights. Social implications This research highlights the delicate balance between individual data protection rights and freedom of expression, particularly regarding criminal conviction data. Its implications extend to societal concerns over data privacy, the potential misuse of personal information and the long-term impact on individuals, especially those with minor or outdated offences. As digital media evolves, these issues become more pressing, with the rise of social media and user-generated content complicating the legal landscape. Ensuring that privacy is upheld without stifling public access to essential information is crucial for maintaining both rights and societal transparency in an increasingly interconnected world. Originality/value This study enriches the debate on data protection and freedom of expression in crime-related data processing. By addressing journalistic exemptions and the evolving media landscape, it provides a nuanced perspective on safeguarding privacy while maintaining transparency in an era of digital accessibility.

PurposeProtection of personal data is integral to the digital economy, ensuring trust and privacy as its foundational elements. The purpose of this study is to analyze data protection laws in Tanzania, Kenya, Uganda and Rwanda to understand their legal frameworks and identify challenges hindering their effective implementation.Design/methodology/approachThis study uses a comparative exploratory case study approach, analyzing legal frameworks of four East African (EA) countries through examination of legal documents, official reports and academic articles. The dimensions of analysis include registration, supervisory authority, data subject rights and cross-border data transfer regulations.FindingsWhile all four EA countries are in the process of enacting data protection acts, they differ in scope, provisions and enforcement; more needs to be done to ensure mature data protection in these countries. The commonalities and distinctions in the legal frameworks are underscored, providing a mapping of data protection regulations in the EA region. Moreover, this study reports implementation constraints and areas for improvement.Practical implicationsThe findings of this study provide valuable insights for policymakers, highlighting areas where data protection regulations can be improved. The results of this study can guide harmonizing regional data protection laws, ensuring consistent and effective enforcement. This study offers a foundation for future policy development and regional cooperation on data protection issues.Social implicationsThe social implications of this research lie in its potential to shape public attitudes on data protection and privacy rights. By highlighting these concerns, this study may influence societal norms and values, encouraging a more informed and conscientious public discourse on inclusive policies that consider the diverse needs of different regional populations.Originality/valueThis study provides a pioneering comparative analysis of data protection regulations across four EA countries, offering unique insights into the regional variations and commonalities in legal frameworks. Its value lies in informing future policy development, enhancing regional cooperation and contributing to the harmonization of data protection practices in the selected EA countries, which remains an under-explored area in existing literature.

This study looks at the employment issues of AIDS, employer rights, employee privacy rights and how those views relate to management's opinions on the discharge of and refusal to hire AIDS victims. The results indicate a strong understanding, on the part of one hospitality management group, of the legal constraints affecting their employment rights in the areas of collective bargaining, sex, race and religious discrimination, as well as a strong and positive correlation between such legal constraints and acknowledgement of an employee right to privacy in all areas with the exception of AIDS disclosure. The results suggest a continued misunderstanding of the disease and the inclination to view the AIDS victim as a threat to co-workers and the food operation itself.

When it comes to employee privacy rights in emerging technologies, the times they are a changin.’ In the dawn of the modern technological era, when electronic mail and the Internet were in their relative infancy, the right to privacy meant almost nothing in the workplace. Employers could promise that e-mail would not be monitored, but then proceed to do so anyway. When employees sued, seeking vindication of their perceived privacy rights, courts cast aside any notion that an employee could expect privacy in the workplace, and they did so almost uniformly. The tide, however, appears to be turning. Judicial decisions rendered in more recent years, coupled with comparable statutory reform initiatives, suggest that as social norms shift in light of the rapid development and mainstreaming of modern technologies, the law is affording protection to employees that previously did not exist. This Article takes a retrospective-comparative approach to this turning tide, delving deeply into the law of the early era of modern technology, and juxtaposing it against more recent developments. The result is exposition of an unmistakable trend favoring employee rights. This Article therefore tackles head-on the ultra-modern legal problem of workplace privacy rights in emerging technologies, but it does so in novel ways, as the first to suggest that the trend is shifting toward greater recognition of employee rights at the expense of employer prerogative.

This chapter addresses the issue of electronic workplace monitoring and its implications for employees’ privacy. Organisations increasingly use a variety of electronic surveillance methods to mitigate threats to their information systems. Monitoring technology spans different aspects of organisational life, including communications, desktop and physical monitoring, collecting employees’ personal data, and locating employees through active badges. The application of these technologies raises privacy protection concerns. Throughout this chapter, we describe different approaches to privacy protection followed by different jurisdictions. We also highlight privacy issues with regard to new trends and practices, such as teleworking and use of RFID technology for identifying the location of employees. Emphasis is also placed on the reorganisation of work facilitated by information technology, since frontiers between the private and the public sphere are becoming blurred. The aim of this chapter is twofold: we discuss privacy concerns and the implications of implementing employee surveillance technologies and we suggest a framework of fair practices which can be used for bridging the gap between the need to provide adequate protection for information systems, while preserving employees’ rights to privacy.

This chapter addresses the issue of electronic workplace monitoring and its implications for employees’ privacy. Organizations increasingly use a variety of electronic surveillance methods to mitigate threats to their information systems. Monitoring technology spans different aspects of organizational life, including communications, desktop and physical monitoring, collecting employees’ personal data, and locating employees through active badges. The application of these technologies raises privacy protection concerns. Throughout this chapter, we describe different approaches to privacy protection followed by different jurisdictions. We also highlight privacy issues with regard to new trends and practices, such as teleworking and use of RFID technology for identifying the location of employees. Emphasis is also placed on the reorganization of work facilitated by information technology, since frontiers between the private and the public sphere are becoming blurred. The aim of this chapter is twofold: we discuss privacy concerns and the implications of implementing employee surveillance technologies and we suggest a framework of fair practices which can be used for bridging the gap between the need to provide adequate protection for information systems, while preserving employees’ rights to privacy.