To what extent can an employer monitor an employee working remotely or on-site? On Tuesday, February 4, the CNIL, the authority responsible for protecting our privacy, explained in a press release that it had fined a company 40,000 euros. The company, which is not named, was disproportionately monitoring its employees during their working hours.
Starting with on-site employees: they were constantly filmed by two cameras, installed to prevent theft. The videos could be viewed "in real time" on a mobile application, which constitutes an excessive infringement of employees' rights.
Particularly problematic software
Teleworking employees were monitored by software, which the CNIL looked into after receiving complaints. This software, “Time Doctor,” was installed on employees’ computers from September 2021 to October 17, 2022, the date on which the CNIL carried out an initial inspection on the premises.
This software made it possible to measure working time, but not only that. It also counted employees’ “inactivity” times. If the employee did not touch their keyboard or mouse for a period of 3 to 15 minutes, the period was counted. These times then had to be justified or made up, unless they were deducted from the latter’s salary.
However, these employees, working in the real estate sector, could not be in front of their screens – whether to answer the phone or chat in meetings, the CNIL points out. Another point noted: the software also measured the time spent on “websites deemed productive,” URLs identified and configured by the employer in advance. Time spent elsewhere, deemed unproductive, was also counted.
Screenshots every 3 to 15 minutes?
But that's not all: Time Doctor also took screenshots of employees working remotely, at a frequency ranging from every 3 to every 15 minutes. The screenshots could also record "personal emails, instant messaging conversations or confidential passwords". While the company claims to have warned its employees, it only did so verbally.
For the CNIL, all of these elements constitute "a disproportionate infringement on the privacy, interests and fundamental rights of employees". This entire system, "as configured, constitutes particularly intrusive surveillance". If an employer can "prevent attacks on property on its premises" and "measure working hours and evaluate the work of its employees", the system put in place "must not cause a disproportionate infringement on the rights and freedoms of individuals", the independent authority recalls.
The company is fined 40,000 euros, a "dissuasive but proportionate" amount given the company's financial situation and its small size, the CNIL emphasizes. The French guardian of our personal data has chosen to publish its decision and this press release for information purposes. Any employee who is subject to this type of system will now know that it is illegal, with the employer risking having to pay a "dissuasive and proportionate" fine.
0 Comments