Is it legal to monitor the employees’ social network profile?

Oct 5, 2021

Traditionally, the tracking of electronic communications in the workplace (e.g. telephone, internet search, e-mail, instant messaging, VOIP, etc.) was considered as a major threat to the privacy of employees. In the  Working Document on the monitoring of electronic communications at the workplace of 2001 The working group referred to in Article 29 has set out a number of conclusions regarding e-mail tracking and internet use. While these conclusions remain valid, it is necessary to take into account technological advances that allow more recent, potentially intrusive ways of tracking. Consequently, when dealing with this issue, we should  also point out the tracking of employees through social networks.

Through the use of social networks, employers have a real opportunity to collect information on their employees and thus gain data, including those sensitive, relative to the private and family life of their employees and employers should not process of the profile of their employees in this way. In addition, employers should refrain from requiring employees or job candidates to give them access to information shared with other persons on social networks. In particular, the employer has no grounds to require an employee to accept it as a “friend” or to give him access to the content of his profile otherwise. 

However, there are also specific situations where the tracking of employees through social networks will be justified and that is, as a rule, in order for the employer to protect his or hr legitimate interests and when there are no available, less invasive ways.

Example 1

As an example, they could indicate when, during the anti-competitive clauses, the employer monitor profiles of former employees covered by those social network clauses for example, LinkedIn. The purpose of such monitoring shall be to establish compliance with those clauses and shall be limited only to those former employees. In doing so, employees who are monitored in this way have to be adequately informed as well on  the extent of the regular monitoring of their public communications on the social media.

Example 2

In the case of employment, an example of permitted tracking would be to check the profile of candidates on different social networks and including publicly available data from those networks and any other information available online in the verification process. Indeed, there is a situation where the nature of the work requires that information on candidates be checked on social media, for example in order to assess the specific risks associated with candidates for a particular function, and if the candidates are properly informed (for example in the text of the job vacancy), then the employer may have a legitimate basis on the basis of legitimate interest to monitor publicly available information about candidates.

Example 3

In matters of using social networks during work, it is important to note that employees should not be required to use the social media profile provided by their employer. Even when explicitly provided for in respect of their tasks (e.g. organisation spokesman), they must be able to use a “non-business” profile not reported instead of the “official” employer-related profile and should be specified in the terms of the employment contract.

We can conclude that modern technologies and new monitoring methods can help detect and prevent the loss of intellectual and material assets, improve the productivity of employees and the protection of personal data for which the controller is responsible, however, also face important privacy and data protection challenges. Therefore, there is a need for a very careful assessment of the balance between the legitimate interest of the employer to protect the business and reasonable expectations with regard to the privacy of the data subjects, namely employees.

Authors: Ines & Marko Krečak, Feralis Center, Croatia

 

Recent news

EFDPO Conference. 28 & 29 May 2024, Berlin

EFDPO Conference. 28 & 29 May 2024, Berlin

One of EFDPO’s goals is to create a European network of national associations for the exchange of information, experience and methods, and to improve the quality of training and professional practice.

read more
Position paper on GDPR Evaluation 2024

Position paper on GDPR Evaluation 2024

This paper highlights how, from the perspective of data protection practitioners, the business sector –
particularly small and medium-sized enterprises (SMEs) – can be better supported in meeting data
protection requirements within the context of increasing digitization.

read more