Data from Statistics Estonia (Eesti Statistika [1]) show that, in January 2006, 91.9% of enterprises with a minimum of 10 employees had access to the internet in Estonia. The data show that small enterprises are slightly less well-equipped with internet access. Due to data confidentiality problems, figures from businesses in the fishing sector with 100–249 employees, and also from companies of 250 workers and more in the agriculture, fishing and mining sectors, were not made available for inclusion in the survey.[1] http://www.stat.ee/
The use of new information and communication technologies (ICT) at the workplace has spread rapidly in recent years, raising numerous issues for employers, employees and their representatives, especially in terms of the relationship between workers’ privacy and employers’ need to control and monitor the use of ICT. This article explores the extent of ICT usage at the workplace in Estonia and looks specifically at the relationship between internet/email use at work and respect for workers’ privacy. It examines the national legal framework in this area and presents the views and activities of the social partners.
Computer and internet usage
Data from Statistics Estonia (Eesti Statistika) show that, in January 2006, 91.9% of enterprises with a minimum of 10 employees had access to the internet in Estonia. The data show that small enterprises are slightly less well-equipped with internet access. Due to data confidentiality problems, figures from businesses in the fishing sector with 100–249 employees, and also from companies of 250 workers and more in the agriculture, fishing and mining sectors, were not made available for inclusion in the survey.
| Economic sector | Companies with internet access (%) | Number of companies with internet access | Number of computers connected to the Internet |
|---|---|---|---|
| Agriculture, hunting and forestry (A) | 85.2 | 340 | 1,213 |
| Fishing (B) | 100 | 24 | 57 |
| Mining and quarrying (C) | 93.2 | 41 | 527 |
| Manufacturing (D) | 92.0 | 1,835 | 23,026 |
| Electricity, gas and water supply (E) | 96.4 | 107 | 3,802 |
| Construction (F) | 89.9 | 854 | 6,465 |
| Wholesale and retail trade; repair of motor vehicles (G) | 93.2 | 1,655 | 22,229 |
| Hotels and restaurants (H) | 89.0 | 398 | 2,055 |
| Transport, storage and communication (I) | 94.8 | 616 | 11,674 |
| Financial intermediation (J) | 98.3 | 59 | 8,781 |
| Real estate, renting and business activities (K) | 92.1 | 834 | 14,715 |
| Education (M); health and social work (N); other community, social and personal service activities (O) | 92.6 | 423 | 7,150 |
| Total | 91.9 | 7,186 | 101,694 |
Note: * Data of 2006 as of January 2007.
The survey covered companies employing at least 10 people; for data confidentiality reasons, however, companies employing 100–249 workers in the fishing sector and those with 250 workers and more in the agriculture, fishing and mining sectors are excluded (detailed information on methodology, see Statistics Estonia).
Source: Statistics Estonia, own calculations.
Type of people using the internet and email at the workplace
In 2006, some 71.4% of employed people (426,000 individuals) used computers and the internet; 62% of them used the internet at work (see Table 2). Overall, 45% of all internet users use the internet at work. Women and more highly-educated individuals represent the largest groups of people using the internet at the workplace.
| All individuals | 2006 | |
|---|---|---|
| Individuals using internet at the workplace (thousands) | % of all internet users in corresponding group | |
| Men | 284.5 | 45.0 |
| Women | 125.2 | 42.2 |
| Persons aged 16–24 years | 159.4 | 47.6 |
| Persons aged 25–34 years | 29.5 | 16.3 |
| Persons aged 35–44 years | 80.3 | 51.3 |
| Persons aged 45–54 years | 73.8 | 56.3 |
| Persons aged 55–64 years | 67.7 | 64.5 |
| Persons aged 65–74 years | 25.8 | 58.9 |
| Less than upper secondary education (ISCED levels 0–2) | 7.7 | 53.1 |
| Upper secondary education (ISCED 3–4) | 8.3 | 7.2 |
| Third-level education (ISCED 5–6) | 112.4 | 37.7 |
| Employed persons | 163.9 | 75.0 |
| All individuals | 264.1 | 62.0 |
Note: * The reference period is the 1st quarter of 2006 (for detailed information on methodology, see Statistics Estonia).
Source: Statistics Estonia
Extent of internet and new technology use at work
Statistics Estonia also provides information on the type of internet connection used in companies, as well as on the data protection and security measures in place (Figures 1 and 2). In addition, Statistics Estonia makes available data on what companies use the internet for (Figure 3).
Figure1: Internet-using companies and type of internet connection, 2006 (%)
Source: Statistics Estonia
Figure 2: Type of data protection and security used by companies, 2006 (%)
Source: Statistics Estonia
Figure 3: Purpose of internet usage in companies, 2006 (%)
Source: Statistics Estonia
Data protection legislation
In Estonia, no specific regulations exist for the protection of privacy or private life at the workplace. Privacy at the workplace falls under the same regulations as general privacy rights do.
The Constitution of the Republic of Estonia stipulates that, in addition to general rights of human dignity, good name and honour, inviolability of private and family life, no one’s place of employment should be forcibly entered or searched unless it is necessary to do so, for example, for the following reasons: to safeguard public order, health or the rights and freedoms of others; to combat a criminal offence; to apprehend a criminal offender; or to ascertain the truth in a criminal procedure. Moreover, the constitution explicitly states the right of confidentiality of messages sent or received.
By law, a person who unlawfully engages in surveillance in order to collect information relating to another person can be fined or receive up to three years’ imprisonment. The same act, if committed lawfully, is still punishable by a fine.
The issue of making personal data available to employers is regulated by the Republic of Estonia Employment Contracts Act which came into force on 1 July 1992. Employers keep records on all employees in personnel files which include their ID number, personal identification code, address, phone number, email address, names and personal identification codes of dependants, details on education, information on residence, work permits, occupation, start and end date of employment, and the reason for termination of employment. Personnel files have to be kept for 50 years from the time the employment contract is terminated. Third parties may only access the personnel files if permission is given by the employee concerned, or if permissible by law.
Employee rights
No specific legislation pertains to privacy at the workplace in relation to the use of new technology. Occasionally, the media question whether it is ethical to read employees’ emails or listen in on their phone calls, but neither the parliament nor the government has taken a stand on the issue. Nevertheless, some provisions in the current legislation apply to privacy in the workplace.
On 1 September 2002, a law came into effect stipulating that the unlawful use of a computer, computer system or computer network by tampering with security protocols, such as removing a code, password or other protective measure, will incur a fine. If the unlawful use of a computer causes significant damage, or is committed by using a computer, computer system or computer network containing information prescribed for official use only, the punishment can be a fine or up to three years’ imprisonment. Statistics, however, show that only 28% of companies protect their computers with passwords.
Since the Estonian Constitution covers the confidentiality of messages sent or received, employers cannot use information against their employees that they have gathered from accessing personal emails or phone calls, unless the internal work procedure rules specifically state that the use of company computers and other devices for personal reasons is forbidden. This type of rule may also be set out in the employment contract of each employee. Otherwise, accessing personal communications of employees would be violating their constitutional right. However, the Employment Contracts Act, which regulates the issue of internal work procedure rules for employers who have a minimum of five employees, does not consider internet use or emails an issue that has to be included in the internal work procedure rules.
According to the adviser of the Estonian Chancellor of Justice, analysing employees’ emails or reading messages is considered as the accessing of employees’ personal data. Thus, the Personal Data Protection Act, which has been in force since February 2003 with an amendment in April 2004, applies. This act mainly aims to protect the fundamental rights and freedoms of individuals when it comes to the processing of personal data. If such rights are violated, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) can issue a ruling determining the proceedings to follow in such a case; failure to comply with the inspectorate’s ruling is punishable by a fine.
Legislation in preparation
The Estonian parliament is currently discussing a draft of a new Personal Data Protection Act. The draft act regulates that personal data may be processed only if the person has expressly given their permission or where it is permissible by law. The new act looks set to come into force from the beginning of year 2008; however, it does not include any specific regulations concerning emails or internet use.
Court action over workplace privacy
In August 2004, an employee of Enterprise Estonia (Ettevõtluse Arendamise Sihtasutus, EAS) in Tallinn was dismissed because of an email that the employee received after working hours via the organisation’s email system. A critical article about the employer was attached to the email and the employee was asked to revise the article. The employer claimed that this article had been written on the basis of information previously provided from the employee. As a result, the employer dismissed the employee because of ‘loss of trust’.
The employer claimed that since all the communication devices were the property of the organisation, it was the company’s right to read the employee’s emails. The employee, in turn, claimed that none of the employees had been informed of any such rules concerning email usage, and certainly no documents were signed to that effect.
In October of that year, the labour court ruled that terminating the employment contract was unlawful as there was no proof that the employee had leaked information. The employee did not want to go back to the organisation and the employer had to pay compensation for unlawful termination of the contract.
Several lawyers commented on the case in the Estonian media, explaining that employers generally have the right to read official work emails in order to check work-related matters. To have a right to read personal emails, the employer has to impose certain rules that are agreed on and are made known to employees. If the right to check the content of private emails is not stated clearly anywhere, the employer directly violates the right of confidentiality of messages sent or received safeguarded by the constitution.
In Estonia, as the issue has not been systematically addressed by law or even publicly, no commonly accepted definition of privacy/private life at the workplace has been established, nor does the constitution define privacy at the workplace.
Collective bargaining
Collective bargaining and collective agreements generally do not deal with the issue of worker’s privacy and private life at the workplace. Discussions on the issue have only taken place at company level when problems occur.
The issue has been more often raised in the transport and security sectors, but these rare occasions can not be termed systematic bargaining. The latest occasion was the case of the Estonian Locomotive Workers’ Trade Union (Eesti Vedurimeeste Ametiühing) at Estonian Railways (Eesti Raudtee, EVR). The company was leasing locomotives equipped with audio-visual surveillance devices, but workers were not informed about who would be privy to the surveillance data, or what the data would be used for. When the trade union raised the issue, employees refused to work on the locomotives with surveillance devices and these employees were punished for this action.
The issue of surveillance systems has also been dealt with in other companies, for example in a brewery in Haljala and a dairy producer in Viljandi.
No high-profile cases of disputes have emerged so far on the issue of privacy at the workplace.
Views of social partners
Employer organisations
According to the Estonian Employer Confederation (Eesti Tööandjate Keskliit, ETTK) the workplace privacy issue is not on the agenda at central level, meaning that it is not on the agenda of the central employer and employee representative organisations. No information is available on the content of negotiations at company level.
ETTK finds the current regulations adequate, as they favour a low level of regulation with regard to workplace privacy. However, the confederation considers the whole labour regulations in Estonia to be outdated. Employers often ask advice from ETTK on how to include the regulation of phone use in employment contracts. Larger companies have already implemented certain rules, but not all of the smaller enterprises have followed suit. ETTK has advised that setting out clear regulations will help avoid disagreements and disputes.
Trade unions
According to the Confederation of Estonian Trade Unions (Eesti Ametiühingute Keskliit, EAKL), the issue of workers’ privacy/private life has not been discussed at board level. However, a number of workers and their representatives have consulted the lawyers in EAKL concerning the issue on an individual basis. In particular, workers have questioned to what extent security is entitled to check employees as they enter and leave the workplace. EAKL believes that this issue should be regulated more precisely and that what is set out in the constitution is not enough. For the moment, trade unions have suggested that the employers stipulate the right of computer and telephone use for personal reasons in internal work procedure rules.
Another law quoted by trade unions in relation to workers privacy at the workplace is the Occupational Health and Safety Act which entered into force on 26 July 1999. The act stipulates that psychological factors present in the working environment shall not endanger the health of workers (paragraph 3). Stress, especially over a long period, is one of the more serious health-damaging factors, and using surveillance systems for monitoring workers may cause stress to workers.
Although the current Personal Data Protection Act has had very few problems associated with it, ETTK proposed changing paragraph 24 on the obligation to register the processing of sensitive data in 2005. The employers find it demanding to register the processing of sensitive personal data every time they have to deal with data concerning membership in trade unions. In addition, the processing of sensitive personal data, such as data concerning health or disability of workers, may be regulated by legislation defining labour relations. Therefore, the employers proposed not to register the processing of sensitive personal data if data processing is already regulated by other legislation. This proposition has not been taken into account in the draft act.
The trade unions have taken no specific initiatives in this field.
Commentary
Overall, privacy of employees at the workplace is not well protected in Estonia. Although general privacy provisions also apply to individuals at the workplace, several issues are workplace specific and thus have to be regulated accordingly, for instance the supervision and monitoring of employees. To date, employers can impose any kind of restriction on the use of information and communication technologies (ICT) at the workplace, by including such restrictions in the internal work procedure rules. Furthermore, they can stipulate rights to monitor and supervise the employees. Despite the employees’ right to revise and comment on the rules of work, the employers do not have to accept the proposals of employees. Moreover, the employees may not always be very familiar with their constitutional rights with regard to privacy. Since the issue is not adequately regulated by law, the rights of both workers and employers are not sufficiently protected.
The issue of privacy at the workplace is currently not on the political agenda nor on the agenda of the social partners, thus, no sign of improvement can be expected with regard to this issue at present.
Comparative overview
A comparative overview of the situation in 16 European countries (15 Member States and Norway) was published in 2003 and is available online: New technology and respect for privacy at the workplace. This article, compiled from the same questionnaire, serves to highlight the situation in one of the new Member States.
Marre Karru, PRAXIS Centre for Policy Studies
Eurofound recommends citing this publication in the following way.
Eurofound (2007), New technology and respect for privacy at the workplace, article.
This website is an official website of the European Union.
All official European Union website addresses are in the europa.eu domain.
See all EU institutions and bodies