Workplace privacy is related with various ways of accessing, controlling, and monitoring employees' information in a working environment. Employees typically must relinquish some of their privacy while in the workplace, but how much they must do can be a contentious issue. The debate rages on as to whether it is moral, ethical and legal for employers to monitor the actions of their employees. Employers believe that monitoring is necessary both to discourage illicit activity and to limit liability. With this problem of monitoring employees, many are experiencing a negative effect on emotional and physical stress including fatigue, lowered employee morale and lack of motivation within the workplace.[1] Employers might choose to monitor employee activities using surveillance cameras, or may wish to record employees activities while using company-owned computers or telephones. Courts are finding that disputes between workplace privacy and freedom are being complicated with the advancement of technology as traditional rules that govern areas of privacy law are debatable and becoming less important.[2][3]
Workplace privacy of employees also involves privacy of using approved websites on firm computers without monitoring. Workplace privacy involves the employer putting in the effort to protect employee privacy from both within the firm and outside the firm.
The primary stakeholders of workplace privacy involves the employees, the employers, and the state. The employees' interests are income and fulfillment, the employers' interests are profit maximization, and the state's interests are to safeguard the freedom of the state.[4] The state's function in Workplace Privacy is adjudicating conflicts between the employers and employees through the legal system.
There are two general directives on personal data protection and these apply to employees instead. The first being the (97/66/EC) which protects individuals as regards the processing of personal data and the free movement of such data. №2002/58 which amends 97/66/EC refers to the processing of personal data and the protection of privacy in the electronic communications sector. (‘Data Protection at Work’ by the European Commission).The second is EU Directive 95/46/EC on the protection of individuals with regards to the processing of personal data and on the free movement of such data limits and regulates the collection of personal information on individuals, including workers. Firms that monitor employees' use of e-mail, internet, or phones as part of their business practice without notifying employees or obtaining employee consent can be, in most cases, sued under Article 8 the European Convention on Human Rights. Although EU law is clear that e-mail interception is illegal, the law is not totally clear as to whether companies may prohibit employees from sending private e-mails.[5]
There is no federal law in the US that requires employers to notify staff on being monitored and practically no expectation of privacy for an employee using the company's devices, but the Omnibus Crime Control and Safe Streets Act of 1968 provides some privacy protections for employees. See Omnibus Crime Control and Safe Streets Act of 1968 § Employee Privacy. The Electronic Communications Privacy Act extends protections to include email messages, cell phones and other electronic communications, however the act outlines important exceptions, such as the expressed intent of "legitimate business purposes." The scope of these exceptions has, in some cases, been a point of contention.[6] See Electronic Communications Privacy Act § Employee Privacy.
A 2005 survey of more than 500 U.S. companies found that over half of employers had disciplined employees and about one in four had terminated (fired) an employee for "inappropriate" use of the internet, such as sending an inappropriate email message to a client or supervisor, neglecting work while chatting with friends, or viewing pornography during work hours.[7]
The tools that are used for electronic surveillance are often caching proxy servers that are also used for web monitoring.
In R v Cole,[8] the Supreme Court of Canada ruled that
Computers that are reasonably used for personal purposes — whether found in the workplace or the home — contain information that is meaningful, intimate, and touching on the user’s biographical core. Canadians may therefore reasonably expect privacy in the information contained on these computers, at least where personal use is permitted or reasonably expected.
In Australia, only a few States have workplace surveillance laws. In relation to the Workplace monitoring Act of 2005 (NSW) s10, s12, an employer can monitor an employee’s computer usage only if there is a workplace policy noted for the monitoring, and the employees are notified that their computer activity is being monitored.[9]
In United Arab Emirates, Employers have the right to monitor computers provided to employees for work provided employees are aware and agree to it, particularly when it involves personal data. If employees do not give consent, it is prohibited to monitor them even during working hours. (According to Federal UAE Laws; Constitution of the UAE (Federal Law 1 of 1971), Penal Code (Federal Law 3 of 1987 as amended), Cyber Crime Law (Federal Law 5 of 2012 regarding Information Technology Crime Control), and Regulating Telecommunications (Federal Law by Decree 3 of 2003 as amended)).
Employee monitoring is legal in Russia. Art. 21 of the Labor Code of the Russian Federation requires employees to conscientiously perform labor duties assigned to them by the employment contract. In that same vein, Art. 22 of the Labor Code of the Russian Federation requires the employer to provide all the tools necessary for employees to execute their work duties, and the employer has the right to monitor work performance on these devices. That said, all parties involved in the monitoring process must be adequately informed of the monitoring and reasons. Monitoring company computers is legal and necessary in Russia. According to Art. 22 of the Labor Code of the Russian Federation, the employer must provide all the tools necessary for employees to perform their labor duties. In the modern workplace, computers are labor tools. Therefore, if the employer provides the computer, they have the right to control usage. That being said, the law requires an employer who monitors employees to create an atmosphere of transparency. The monitoring process has to be included in the employment contract and policies. Notably, the monitoring should be during working hours, and no personal information should be collected to avoid legal misunderstandings.
According to the Coase Theorem, an employer and an employee never agree to a contractual arrangement that would reduce the total surplus generated by the two parties together. Hence, when we observe workplace surveillance, then the costs (say, the worker's disutility caused by the loss of privacy) must be smaller than the benefit (say, the additional profit due to a reduction of shirking), because otherwise the parties would abolish surveillance (the worker would be willing to accept a smaller wage in exchange for more privacy, which would increase the employer's profit more than surveillance could do). However, the Coase Theorem holds only if there are no transaction costs. Schmitz (2005) has shown that in the presence of asymmetric information (leading to a moral hazard problem), the total surplus generated by an employer and an employee can be increased if workplace surveillance is prohibited by law.[10]