European Restructuring Monitor (ERM)
Eurofound's ERM database on restructuring-related legal regulations provides information on regulations in the Member States of the European Union and Norway which are explicitly or implicitly linked to anticipating and managing change.
Wet op de Ondernemingsraden (WOR) , Article 27(1)(k)(l)
An employer is only allowed to monitor employees if it meets the requirements of the GDPR, as well as the law implementing the GDPR. Whenever an employer monitors their employees, the employees’ privacy must be protected at all times. If there are alternatives to employee monitoring, or less invasive methods for the employees’ privacy, those must take precedence. In general, the employee must give their explicit informed consent for the employer to be allowed to monitor their data, however, there are exceptions to this rule. There are also instances where employee monitoring is never admissible, for example in sensitive spaces, such as toilets and religious spaces.
The GDPR requirements for employee monitoring are as follows:
Employees can be informed with internal guidelines, such as rules of conduct or a protocol. * Right to confidential communications: employees' right to confidential communication must be considered. For example, when checking e-mail or telephone. * Works council approval: if the organisation has a works council, then the company must request the prior approval of the Works Council for a scheme for the inspection of personnel. If the Works Council does not agree, you are not allowed to inspect. * Data protection impact assessment: if a company wants to use large-scale processing and/or systematic monitoring of personal data to monitor the activities of employees, such as checking email and internet usage, GPS tracking in employees’ cars or trucks, or camera surveillance in order to combat theft and fraud, it needs to carry out a data protection impact assessment (“DPIA”) first. A DPIA looks at the privacy risks of the monitoring system, so that measures can be taken to reduce risks. If the company has a data protection officer, then they can be asked for advice on carrying out the DPIA. * Prior consultation: if the DPIA shows that the intended inspection poses a high risk, and the company is unable to find measures to limit this risk, then the Dutch Data Protection Authority (AP) must be consulted before the company starts checking personnel. This is called a prior consultation. If the company has a data protection officer, they can advise on whether prior consultation is necessary.
Generally, monitoring is allowed provided companies take privacy into account. They must also comply with the General Data Protection Regulation and the law implementing the GDPR. Specifically, the employer must have a legitimate interest in monitoring their staff and they must be able to argue why it is legitimate. Furthermore, monitoring must be absolutely necessary. Employers must also inform personnel, specifically on what is and what is not allowed, that control is possible, the reason and when the employer will check, how the monitoring takes place and what data will be monitored. The right to confidential communication must also be taken into account. When companies have a works council, according to article 27 (1) (k) (l) the company must ask the works council for permission in relation to the processing and protection of personnel and arrangements aimed at or suitable for observing or checking the presence, behaviour or performance of the staff. When the work council does not approve, the employer is not allowed to check. A data protection impact assessment must also be carried out and when this shows a high-risk, prior consultancy should be done with the Dutch Data protection authority. This applies to all forms of employee monitoring.
Employee monitoring in the Netherlands and Europe is subject to strict legal standards regarding informed consent and privacy. According to a ruling by the subdistrict court judge of the Central Netherlands District Court, Utrecht (ECLI:NL:RBMNE:2021:6071), an employee's consent to monitoring must be well-informed. A mere warning message that an employee must accept before logging in is insufficient to constitute informed consent. In this specific case, the court held that the employee did not provide informed consent because the extent and manner of monitoring were unclear, despite the warning message displayed upon login.
The European Court of Human Rights (ECHR) further clarified the principles surrounding workplace monitoring in the Bărbulescu v Romania case (ECLI:CE:ECHR:2017:0905JUD006149608). In this case, an employer sought to terminate an employee, Mr. Bărbulescu, who had his work-related account monitored. The ECHR ruled that the monitoring in this case was not legally valid.
The ECHR provided six crucial factors that an employer must consider when monitoring an employee: (i) The employee must be informed in advance about the nature of potential monitoring by the employer. (ii) The extent of monitoring and its impact on the employee's privacy. (iii) The employer should have legitimate grounds justifying the need for monitoring. (iv) Employers should explore less intrusive methods and measures when implementing monitoring. (v) The consequences of monitoring on the employee. (vi) Providing adequate safeguards, especially in cases involving highly intrusive monitoring methods (paragraphs 121 and 122).
This ruling and the stringent factors outlined emphasise that monitoring employees cannot be undertaken lightly and must adhere to clear legal standards.
The following are the extra criteria for covert control: * Reasonable Suspicion: if an employer has a reasonable suspicion that one or more employees are engaging in criminal or prohibited activities, such as theft or fraud, the employer may consider secret monitoring. * No Alternative: if the employer made efforts to stop theft or fraud but has not succeeded, the employer may have no choice but to conduct secret monitoring. * Occasional Monitoring: covert monitoring should be occasional, meaning it is limited to a predetermined period, and continuous secret monitoring is not allowed. * Notification: regardless of the monitoring's outcome, the employer must inform the involved employee(s) after the secret monitoring has taken place. * DPIA (Data Protection Impact Assessment): for the first-time secret monitoring, perform a DPIA. If the organisation has a Data Protection Officer (DPO), the employer should seek their advice. * Subsequent Occasional Monitoring: for subsequent secret monitoring instances with the same methodology, the employer does not need to repeat the DPIA. * Periodic DPIA Review: even if the data processing remains unchanged, the employer should consider reviewing the DPIA periodically, for instance every three years. * Private Investigation Agency: if the employer hires a private investigation agency for secret monitoring, the employer should perform a DPIA. * Prior Consultation: if the DPIA indicates a high risk and the employer cannot mitigate it, the employer should consult with the Dutch Data Protection Authority before commencing secret monitoring, known as prior consultation. The employer's Data Protection Officer can advise on the need for this consultation.
Figures about monitoring employees
In 2023, a study was done on employee monitoring in the Netherlands on 910 employees (including managers and senior managers) and 126 owners and executive managers within the small and medium-sized enterprise (SME) sector. 43% of surveyed employees report that their companies use tools for employee monitoring.
Besides employees, many supervisors and managers are also under surveillance. Among respondents working for companies using monitoring software, 56% both monitor employees and are themselves monitored by their superiors or the HR department. A smaller group (27%) only supervise employees without being monitored, while 17% report being solely subject to monitoring. 73% of employees say that the HR department has explained their rights to them. However, more than a quarter of employees still respond that they either have not received information (22%) or do not know (5%).
Eurofound (2023), Netherlands: Employee monitoring and surveillance, Restructuring legislation database, Dublin, https://apps.eurofound.europa.eu/legislationdb/employee-monitoring-and-surveillance/netherlands
Between the end of 2022 and the first half of 2023, almost 300,000 employees working for ‘big tech’ companies were laid off across the world, making headlines for months in global media. This development has been a shock, considering the high numbers of jobs in well-known tech corporations with a reputation for offering good working conditions and well-paid positions.
The retail banking sector is fertile ground for studying the impacts of digitalisation on work and employment. Financial services are increasingly provided online, without the intermediary of customer-facing institutions. Many banks in the sector have been undergoing serial restructuring since the global financial crisis, and it is one of the few service sectors with stagnant or declining employment.
Since 2011, the Restructuring support instruments database of the EU PolicyWatch has been collecting information on measures that assist companies and workers to anticipate and manage restructuring. This article looks at measures in the database aimed at supporting employees and employers during the COVID-19 pandemic (2020–2022).
Eurofound’s European Restructuring Monitor database reveals the impact of the energy crisis on employment in the EU. Following Russia’s invasion of Ukraine in February 2022, energy prices have hit record highs. The European Commission imposed sanctions and limitations on the import of oil and gas from Russia, which has reacted by reneging on supply commitments to many Member States.
