It needs to be proportionate and justified. Putting an employee under an unreasonable amount of monitoring for no discernible reason could be a problem. Of course weather taking screenshots of one's monitor every 30s is or isn't reasonable would be left to the interpretation of the court.
>The ECtHR held that the employer had breached B’s right to privacy because they didn’t inform him of the monitoring in advance and nor did they tell him that they may access the content of his communications. The previous courts had also failed to determine the reasons justifying the monitoring and whether these were proportionate to the purpose or whether the employer could have used less intrusive measures to achieve the same result.
If I read this correctly even if the person had been informed of the monitoring the evidence wouldn't have been receivable because the monitoring wasn't deemed "proportionate".
That isn't necessarily true either. IIRC, there was a case not so long ago of a school that was using quite aggressive surveillance measures, and obtained some degree of prior consent. It was still penalised under the GDPR, because all processing of personal data must be justified. Even consent is not carte blanche to do whatever you want, and that's probably a good thing for the same reason that inalienable consumer rights when you shop or employment rights when you take a job are probably good things.
Edit: Apparently there are now at least two examples of this.
Right, but both of these examples are about using personal data(facial recognition data and then fingerprints) for purposes where it's not needed. Again, I would see the issue if the employeer was taking pictures with the webcam every 30 seconds - that is definitely a privacy problem because you neither expect your employeer to be photographing you every 30 seconds, nor is it necessary for your job. But pictures of the screen? Screen that's meant to be used for work and where no reasonable expectation of privacy should exist?
It’s a common practice at most companies to allow some minimal use of company equipment to check private email etc while on break. As soon as that’s allowed a reasonable expectation of privacy exists.
You keep saying there is no reasonable expectation of privacy, but there is no basis in law for that position, at least not in the EU or UK.
I've edited my earlier comments to add some sources, including a reference to the official guidance from the UK's national data protection authority that directly states that just because someone is at work it does not mean they have no expectation of privacy. You can also find lots of public commentary from employment lawyers on the Web where they have interpreted the GDPR similarly, similar statements from other national regulators, etc. Some of these highlight tricky situations like the need to respect personal email as well.
What kind of informed? Buried in hundreds of pages of policy documents, that they make you 'acknowledge'? A separate network use agreement when employed giving cart blanche? Or something specific and upfront?
I don't know, the company I work for(in the EU) you get an email on your first day saying that the company has a private certificate installed on every machine, so they are intercepting and inspecting all of your network traffic including encrypted websites. So while allowed, please refrain from browsing your own email, bank accounts etc, as the company software can and will see the contents of those.
Like, it's pretty explicit. I don't know how different that is from just sending an email saying "hey your screen is being monitored every 30 seconds".
