Agreement on protection of employees' on-line privacy
In April 2002, social partner representatives on Belgium's National Labour Council signed a national collective agreement on the protection of the private lives of employees with respect to controls on electronic on-line communications data. The agreement - thought to be the first such initiative in Europe - endeavours to reconcile the privacy of employees with the right of employers to control such data.
On 26 April 2002, employer and employee representatives on the National Labour Council (Conseil National du Travail/Nationaal Arbeidsraad, CNT/NAR) (BE0208302F) signed national collective agreement No. 81 on the protection of the private lives of employees with respect to controls on electronic on-line communications data.
In recent years, the use of electronic on-line communications in companies has increased substantially. Increasing numbers of employees have access to this form of communications in their jobs, mainly through e-mail and the internet.
With increasing use of electronic communications, the number of controls available to the employer have also grown. These control mechanisms are often inherent to the management of the information system itself, and are used, for example, to ensure the good operation of the network by preventing overloads and virus problems. The employer can thus exercise control over the electronic data that the employee sends or receives over the company network. When these controls relate to personal data, they have to be compatible with the basic standards that safeguard the right of individuals to have their private life respected.
The purpose of the new CNT/NAR collective agreement is to strike a balance between protecting the private life of the employee, and legitimate control by the employer. The desire is to safeguard the basic right of employees to have their private life respected in the work environment, by determining the purposes and conditions for controlling electronic on-line communications data, with the needs of the good operation of the company taken into account.
Analysis of existing laws
The social partner representatives on the CNT/NAR first examined the extent to which basic standards needed to be clarified so that they could be effectively applied in companies. To this end they used the relevant legislation as a basis and first thoroughly analysed this law. Some of the main legal provisions already in place are:
- the Council of Europe's European Convention for the Protection of Human Rights and Fundamental Freedoms, which states (Article 8) that 'everyone has the right to respect for his private and family life, his home and his correspondence';
- the Belgian Constitution:, which states that 'everyone has the right to have his private and family life respected, except in the cases and under the conditions stipulated by law';
- the Act of 8 December 1992 on the protection of private life. This covers access to the computerised processing of personal data under certain conditions, including observance of the principles relating to providing information, the objective, transparency, and the proportionality of actions taken; and
- the Act of 21 March 1991 (the 'Belgacom Act'), which states that 'except with the consent of all other persons directly or indirectly concerned by the information, identification or data given hereinafter, a person may not, himself or via a third party':
- 'examine, with fraudulent intent, the existence or content of characters, signs, documents, images, sounds or data of any nature transferred by telecommunications originating from and intended for other persons'; or
- 'examine, with intent, telecommunications data relating to another person.'
These European and Belgian provisions continue to apply. The representatives on the National Labour Council looked at how value could be added to these existing laws, with regard to the daily reality at the workplace. National collective agreement No. 81 adapts the basic standards in this area in order to safeguard their effective application in the work environment. However, the agreement does not relate to the rules for accessing and/or using electronic on-line communications equipment in the company, as these rules are the prerogative of the employer. The agreement thus leaves any applicable company rules and practices on information and consultation in this field intact.
The agreement in detail
The main provisions of national collective agreement No. 81 are as follows.
Area of application
The agreement covers all on-line technologies such as the internet, e-mail and WAP, but has been drafted sufficiently widely that it will also cover future developments. The employer can exercise control over electronic on-line communications data, but only within the framework of the objectives set out in the agreement. These are:
- the prevention of illegal or defamatory acts, acts that are contrary to good ethics or which can damage the dignity of another person;
- the protection of the economic, commercial and financial interests of the company;
- the security and good operation of the company's information technology network systems; and
- the faithful observance of the principles and rules applicable in the company for the use of on-line technologies.
The employer must clearly and expressly define the objectives of the control exercised. Moreover, the content of data may be controlled only if the employee and other parties concerned (eg. the recipient of the message) have consented to it.
Duty of information
When setting up any control system, the employer must inform both the works council and the individual employee of all aspects of this control.
Principles of control
In principle, the control of data may not impinge on the private life of the employee. If the control does indeed do so, then this aspect must be kept to a minimum. Only data that are necessary for the control may be collected or processed - ie data that affect the private life of the employee as little possible, in view of the legitimate purpose of the control. In practice, this control covers:
- with regard to internet site controls, the collection of data on the duration of the connection per workstation, but not individual data on the sites visited; and
- with regard to the use of e-mail, the collection of data on the number of messages sent per workstation and the volume of them, but not identification of the employee who sent them.
'Individualisation' of electronic on-line communications data, as referred to in the agreement, means an action whose purpose is to process electronic on-line communications data collected during controls by the employer, in order to attribute them to an identified or identifiable person. In principle, the employer will first perform a general control without being able to determine what wrongdoing can be attributed to what employee. Only in the second instance can the employee responsible be sought.
As early as June 2000, the Belgian General Federation of Labour (Fédération Générale du Travail de Belgique/Algemeen Belgisch Vakverbond, FGTB/ABVV) requested the National Labour Council to develop an instrument that would appropriately reconcile the protection of private life at work with the right of control by the employer. The signature of this Belgian agreement is a first in Europe. No other country in the European Union has set up such extensive regulations on electronic communications and privacy. Nevertheless, the exercise has not been entirely flawless. A reaction in a leading newspaper, De Standaard, by the firm of lawyers Bogaert & Vanmeulebroeke said that the agreement had certain flaws. In particular, the control criteria and who can perform the control are still debatable. (Jürgen Oste, TESA/VUB)