Some Dutch companies invading their workers’ privacy
Dutch privacy watchdog the Data Protection Authority (CBP) has found that some Dutch companies do not always respect the personal data of their employees, and are even breaking the law.
For International Privacy Day (January 28), CBP published data it has obtained from investigations into four Dutch companies concerning how they manage their employees' privacy, along with a list of do's and don'ts for companies and employees.
Violations of privacy at Dutch companies
The investigations were launched after CBP received 900 complaints in 2013 concerning the processing of personal employee data by employers, which were enough to launch an investigation into possible violations of privacy at these companies.
› Requesting unnecessary medical information
One company asked their employees to hand in any medication they were using to check whether it would affect their ability to drive. This is in contravention of the law, which states that only a company doctor may ask to see medication.
Another company asked employees who called in sick to tell them exactly what the sickness was and also its cause. This is despite the fact that employers may only enquire about the duration of the illness and its severity, in order to determine if there are any other activities the person may be able to do.
In general, employers may not handle the medical records of their staff, as medical data are privacy-sensitive and there are additional legal requirements around processing it.
› Misusing security cameras
A different company was using its security cameras to observe its employees, which is also illegal.
If a company has installed cameras for security purposes, it may not use images from these cameras to address their employees' performance, as the images may in principle only be used for the purpose for which they were created.
This same company was also using mystery shoppers to secretly film employees with hidden cameras, later using the images in performance conversations with the employees.
› Forcing compliance with social media
Lastly, an employer rated employees on whether or not they had an (updated) LinkedIn profile. The company had no legitimate reason for this, however, and therefore was acting contrary to the law, as a company cannot require their employees to post their personal data on social networking sites.
The importance of privacy
Chairman of CBP, Jacob Kohnstamm, said that in times of high unemployment, employees are more dependent on their employers, but that does not mean that the workplace is a separate entity to the rest of society.
"The fundamental right to protection of personal data is also true in the workplace," he said.
All four companies investigated by CBP have changed their behaviours that led to these violations of privacy.
Misuse of personal information can be reported to mijnprivacy at CBP.