The European Commission is planning a new Directive on privacy in the workplace, in 2004 or 2005. After two consultations with the social partners, in August 2001 and October 2002, the Commission is convinced of the necessity of such a new directive. 3 main grounds for the new legislatory framework are: technological advances that increasingly blur the boundary between work and private life; globalisation and the outsourcing of human resources and finally; 'post-11 September insecurity'.

In preparation of the new directive the European Industrial Relations Observatory (EIRO) published a very interesting and detailed comparative legal study on privacy and e-mail at the workplace.

The study states that "it is rare for countries to have introduced specific legislation applying data protection rules to the employment context." The most notable exception is Finland, which introduced its Act on Data Protection in Working Life in 2001. However, earlier this summer the Ministry of Labour released a draft revision of this act that would considerably lower the level of privacy protection (see EDRI-gram 12, item 6).

Many member states include general privacy provisions in their national constitutions that can be applied to the workplace. Additionally, employment law can also contain provisions on workers' privacy. For example, the report says that the "French Labour Code prohibits restrictions of workers' rights and freedoms except where justified and proportionate."

A common theme in court cases about e-mail and internet use is whether a company has a code of conduct or instructions on internet and e-mail use. In Denmark, Germany, the Netherlands and the UK, courts have refused to dismiss employees if the company didn't have a clear acceptable use policy.

According to the Article 29 Working Party (the coalition of all EU data protection authorities) "it should be clear that the simple fact that a monitoring activity or surveillance is considered convenient to serve the employer's interest would not solely justify any intrusion in worker's privacy." In their working document on the surveillance of electronic communications in the workplace, the data protection authorities suggest a test of 4 questions that each monitoring measure must pass:

1) Is the monitoring activity transparent to the workers?
2) Is it necessary? Could not the employer obtain the same result with traditional methods of supervision?
3) Is the processing of personal data proposed fair to the workers?
4) Is it proportionate to the concerns that it tries to ally?

EU companies challenged by workplace monitoring rules (09.2003)
http://www.eiro.eurofound.eu.int/2003/07/study/TN0307101S.html

Art. 29 Working Document (29.05.2002)
http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2002/wp5...