|Opis:||The development of information and communications technology (ICT) has brought new possibilities for workplace surveillance. As an organizer of the working process and the owner of the working equipment, the employer has the interest that his ICT equipment is used for work-related purposes. Due to the possibility that a working computer, internet, e-mail, etc. are used for private purposes, the employer has the interest to monitor the employee’s use of the ICT equipment. The problem is to determine the legal limits of admissible workplace monitoring. The cases and conditions under which this kind of surveillance is permissible are not specifically denoted in the law.
The limits of permissible workplace surveillance are delineated by weighing the directly applicable fundamental rights of the employee and employer’s legitimate interests via the method of practical concordance. Workplace monitoring is an interference into employee’s rights to protection of (communications, information) privacy, and personal data. The fundamental rights in question are protected within the framework of the Slovenian Constitution, the EU Charter, and the ECHR.
Under EU law, the limits of permissible surveillance are delineated by the General Data Protection Regulation (GDPR), which must be interpreted in light of the EU Charter. It also follows from the guidelines of the Article 29 Data Protection Working Party that monitoring can only be carried out in compliance with the principles of the GDPR, namely transparency, proportionality, and lawfulness of the processing. Due to the employee's position as a weaker party in an employment relationship, his consent will in general not be an appropriate legal basis for the surveillance.
It follows from ECtHR case law that in order to determine the limits of permissible surveillance, it is essential to assess whether the employee had a reasonable expectation of privacy in connection to the use of the work-related ICT equipment, and whether the employer had sufficiently substantiated interests to exercise the surveillance. The analysis of the Slovenian case law and the guidelines of the Information Commissioner also shows that workplace monitoring is permissible only in exceptional cases in which the employee could not reasonably expect privacy and when the interests of the employer prevail. Conducting workplace monitoring should be ultima ratio.
Regarding the enaction of special statutory rules, the GDPR contains the possibility to regulate workplace monitoring with special statutory rules or with bilateral autonomous rules. Within the Slovenian legal system, the conditions, reasons, and the limits of permissible surveillance may be regulated by collective agreements (on different levels). Moreover, it would be appropriate that employers would lay down detailed organizational rules in general acts - specifying the obligations of employees and setting the limits of permissible use of the ICT equipment for private purposes.
Furthermore, we conclude that it would be appropriate to regulate the limits of permissible surveillance also with statutory rules. To some extent, we could adopt solutions from the Finnish and German statutory framework. We are advocating for the enaction of statutory rules which are not necessarily detailed but in line with the Slovenian Constitution and EU law. A step in the right direction would be the adoption of appropriate "procedural" safeguards (for example, the obligatory participation of workers’ representatives), which would prevent unjustified monitoring and intrusion into an employee’s privacy in the first place.|