Skip to content Skip to footer
Search
PwC

Menu

Events

Loading Results

How to ensure proper handling of employee data

Philipp Rosenauer
Head Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Claudia Jung
Data Privacy | ICT | Implementationᐩ, PwC Switzerland

According to Swiss labour law, the employer must protect and respect the personality of the employee. Just as quickly as the pandemic hit us, the topic of employee monitoring became present. But is an employer allowed to monitor its employees? In short, there are limits to what the employer can do as  control over one’s personal data is a fundamental right.

What situations does this regulation apply to?

A wide range of operations may be performed to monitor any activity on an employee’s computer (e.g. surveilling internet searches or email traffic or even recording typed words). In recent years, several software providers have presented solutions to monitor employees’ activity during working hours. However, there is a thin line between privacy and monitoring of work. 

How is monitoring of employee activity regulated in the context of working from home?

In principle, monitoring and control systems that are designed to monitor the behaviour of employees in the workplace are prohibited. If monitoring or control systems are necessary for other reasons, they must be designed and arranged in such a way that the health and freedom of movement of employees is not impaired. If personal data is processed with tools, i.e. if it is possible to draw conclusions about a person based on data, the requirements of the data protection law must be observed. Data processing must observe the following principles: legality, proportionality, purpose limitation and transparency. In addition, technical and organisational measures must be taken to ensure data security.

How can we guarantee a lawful evaluation/analysis of personal data?

In general, the data you collect for evaluation purposes should only be suitable for the intended purpose and must represent the least intrusion into the personal rights of the employee. If data are evaluated, three types can be distinguished:

  • anonymous evaluation, i.e. non-personal data, where inference to a person is not possible
  • pseudonymous evaluation, i.e. personal data, but not by name
  • person-related evaluation, i.e. personal data that is attributable to a person

While anonymous as well as pseudonymous evaluations are permissible, personal evaluations are only permissible if there is a concrete suspicion of misuse or if a pseudonymous evaluation indicates misuse.

How should your company act to ensure compliance with data protection laws given that our team works from home?

Employers are entitled to verify the output of their employees as well as their use of the IT equipment that is put at their disposal (PC, email, internet etc.). That is to say, the employer may take monitoring measures. However, these must serve to clarify the suitability of the employee for the employment relationship or be necessary for the regular fulfilment of the employment contract. In addition, they must be proportionate and transparent. Nevertheless, the employer has no right to monitor every move, and must respect certain rules. Accordingly, labour legislation forbids, and even sanctions, the permanent and secret monitoring of the workplace.

To ensure compliance with the legislation, your company must inform its employees clearly as to how IT equipment is meant to be used (rules of use). Furthermore, employers must state that compliance will be checked, and that any infringement may be sanctioned. Employers must also specify what exactly is likely to be checked and how this will be done.

Concluding, we must not forget that your employees work best when there is a relationship of trust between the employer and the employees. Excessive monitoring activities tend to reduce work motivation and should therefore not be used too often.


Do you have any questions?

https://pages.pwc.ch/core-contact-page?form_id=7014L000000kkHMQAY&embed=true&lang=en

#social#

Contact us

Dr. Günther Dobrauz

Dr. Günther Dobrauz

Partner and Leader Legal, PwC Switzerland

Tel: +41 58 792 14 97

Philipp Rosenauer

Philipp Rosenauer

Partner Legal, PwC Switzerland

Tel: +41 58 792 18 56

Claudia Liliane Jung

Claudia Liliane Jung

Senior Manager | Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 4728

Adrien Tharin

Adrien Tharin

Director | Co-Head of FinTech, Blockchain and Digital Assets, PwC Switzerland

Tel: +41 58 792 92 24

Lorena Rota

Lorena Rota

Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 2750

Anna Maria Tonikidou

Anna Maria Tonikidou

Senior Associate | Data Privacy | ICT | Implementationᐩ, PwC Switzerland

Tel: +41 58 792 46 89