Ch 14.6.5–14.6.6 - Legitimacy & proportionality
Legitimacy and proportionality of monitoring
Monitoring needs a lawful basis - usually the legitimate-interests balancing test, not consent, whose use the WP29 said is very limited for monitoring. Monitoring must also be proportionate: wholesale reading of all employee emails to catch leaks is disproportionate, but automated, technical-security email monitoring is likely proportionate. Proportionality links to data minimisation - prefer traffic data (who/when) over content. are useful proportionality markers.
| Activity | Likely assessment |
|---|---|
| Wholesale monitoring of all employee emails to detect leaked confidential info | Disproportionate |
| Wholesale automated monitoring to ensure IT security via technical weakness-detection | Likely proportionate |
| Monitoring email traffic data (who sent, when, size, number) | Preferred / proportionate |
| Actually opening emails to read the contents | Usually disproportionate |
| Screening emails to detect viruses and filter spam | Justified as appropriate security |
- The WP29 said the use of consent to legitimise email monitoring is very limited - and the same applies to all types of monitoring.
- Monitoring involving sensitive data is problematic; Article 9 (e.g. via law or a collective agreement) may be needed, and some countries allow it for diversity, equality and inclusion purposes.
- Consider collective agreements and consult works councils - in Germany required for firms with as few as five employees; in Austria a monitoring system interfering with human dignity needs a works-council agreement first.
- Prevention is more important than detection (WP29) - e.g. blocking certain websites rather than recording what employees view.
- Consider human rights law: CJEU on the Charter and ECtHR on the ECHR.
Consent rarely legitimises monitoring
For monitoring, consent is very limited - rely on the legitimate-interests balancing test instead, and keep collection proportionate (traffic data over content).
Key terms - quick answers
What is “Legitimate-interests balancing test”?
Weighing the employer's legitimate interest (e.g. protecting against threats) against employees' rights; the usual basis for monitoring.
What is “Data minimisation”?
Personal data must be adequate, relevant and limited to what is necessary for the purpose; supports preferring traffic data over content.
What is “Traffic data”?
Metadata about communications (sender, time, size, number) - less intrusive than opening message content.
What is “Collective agreement”?
An agreement that, if it acknowledges certain monitoring, suggests the proportionality balance has been struck.