About privacy (policies): a hot potato in three basic principles

Where do normal inspections at work end and when is your privacy invaded? This appears to be a difficult question.
There are many borderline cases and the border furthermore evolves. This is confirmed by Bram Van Goethem of the ACV Puls Research department: “What is and what is not allowed often remains rather vague as legislation fails to keep up with technology. It is impossible to draw up strict laws that cover all technical possibilities. However, this does not mean that no efforts should be made to guarantee privacy in the workplace,” he adds.

Legality, legitimacy and proportionality

“Collective agreements on camera surveillance in the workplace and email and Internet monitoring have been adopted by the National Labour Council,” Van Goethem explains. “Similar agreements on car and smartphone tracking have not yet been concluded, but the Data Protection Authority has issued an opinion on the matter. Everything can be reduced to three principles: legality, legitimacy and proportionality.”

Invasion of your privacy?

“The principle of legality defines that there has to be a clear and accessible standard. The employee needs to know what is and what is not allowed and what level of privacy they can expect.” The infringement furthermore has to be legitimate and serve a justified purpose. Van Goethem: “Employers are generally speaking not allowed to monitor your email communications, but in certain cases they are free to do so provided that they present a valid reason.”

Last but not least, we have the principle of proportionality. The invasion of privacy should not go beyond what is necessary. Van Goethem brings up the example of fingerprint access control. “It’s perfectly legal and legitimate for an employer to want to have control over who has access to the company buildings,” he states. “However, this can be achieved through less intrusive means than a database containing the fingerprints of all employees.”

Privacy policies

Quite a few companies draw up privacy policies. Such a policy is not a formal source of law but it may include obligations according to Van Goethem: “Privacy policies often make explicit what has been set out in legislation or collective agreements. The fact that you are not allowed to use your computer to enter into competition with your employer is simply a translation of the principle that you are not allowed to enter into competition with your employer in any way.” The employer may also use this privacy policy to introduce additional rules.

“This is not necessarily a problem either,” says Van Goethem. “An employer has the right to impose instructions based on his hierarchical authority and because he owns the material that he makes available. As long as these instructions do not conflict with higher sources of law such as laws and collective agreements, there is no immediate problem,” he explains. Moreover, these sources always take precedence over a policy, even if you have signed this policy in your capacity as an employee.

An employer has the right to impose instructions based on his hierarchical authority and because he owns the material that he makes available.

Van Goethem suggests contacting the delegates or legal officers of ACV Puls in case of doubt. It remains a fact that privacy issues are often not clearly defined.