Encouragement of Snooping

Dutch Data Protection Authority: bosses may monitor e-mail and Internet use of their employees

Der folgende Beitrag ist vor 2021 erschienen. Unsere Redaktion hat seither ein neues Leitbild und redaktionelle Standards. Weitere Informationen finden Sie hier.

This week, the Dutch Data Protection Authority 'Registratiekamer', called for legislation that would give companies the right to read staff e-mail and monitor Internet use. Although the Authority calls for 'balanced rules', critics say it is an encouragement for snooping.

The Dutch Data Protection Authority is an independent supervisory authority that monitors the application of the legislation concerning the processing of personal data. The Registratiekamer advises the government on data protection issues, approves codes of conduct and privacy regulations and has investigative powers.

In a report published last Monday, the Registratiekamer stated both e-mail and Internet might be subject to monitoring by companies, if certain conditions are met. Companies have to put up clear rules, so employees know what is allowed and what isn't. Further, companies only are allowed to monitor the individual behaviour of their employees, when there are concrete suspicions of misuse.

According to the Registratiekamer, misuse would be the case if employees work on private affairs in the bosses' time. Companies may set time limits for Internet use or ban specific websites. Downloading and distributing child pornography or other harmful content is also misuse, according to the Registratiekamer. The forwarding of e-mails that could harm the image of a company, like critical messages on the companies' behaviour can also be seen as misuse. The Registratiekamer states employees give in a part of their privacy when they are at work. Therefore, companies are allowed to check on the behaviour of their employees.

Maurice Wessling, of the Dutch digital privacy watchdog Bits of Freedom, is astonished by the report:

'The Registratiekamer calls for clear, transparent rules and proportional monitoring. That's fine. But the astonishing part is the Registratiekamer concludes Dutch companies are reluctant in monitoring their employees, because they fear invading the privacy of their employees. Instead of hailing this reluctance, the Registratiekamer states this reluctance isn't necessary and companies are allowed to monitor more then they usually think, if they set up clear rules. I only can read this as an encouragement of snooping. In fact, the Registratiekamer calls up companies to make more use of their powers. Page after page the Registratiekamer describes the dangers of misuse of e-mail and Internet. As if companies don't know this. This report will lead to more monitoring practices. That can't be the aim of an organisation, which is supposed to watch the privacy of people. It is an astonishing report.'