[Home] [Databases] [WorldLII] [Search] [Feedback] EPIC --- Privacy and Human Rights Report

EPIC --- Privacy and Human Rights Report 2006

Workplace Privacy

Workers around the world are frequently subject to some kind of monitoring by their employers.[274] Employers supervise work processes for quality control and performance purposes. They collect personal information from employees for a variety of reasons, such as health care, tax, and background checks.

Traditionally, this monitoring and information gathering in the workplace involved some form of human intervention and either the consent, or at least the knowledge, of employees. The changing structure and nature of the workplace, however, has led to more invasive and often covert monitoring practices which call into question employees' most basic right to privacy and dignity within the workplace. Progress in technology has facilitated an increasing level of automated surveillance. Now the supervision of employee performance, behavior, and communications can be carried out by technological means, with increased ease and efficiency. The technology currently being developed is extremely powerful and can extend to every aspect of a worker's life. Software programs can record keystrokes on computers and monitor exact screen images, telephone management systems can analyze the pattern of telephone use and the destination of calls, and miniature cameras and "Smart" ID badges can monitor an employee's behavior, movements, and even physical orientation.

Advances in science have also pushed the boundaries of what personal details and information an employer can acquire from an employee. Psychological tests, general intelligence tests, performance tests, personality tests, honesty and background checks, drug tests, and medical tests are routinely used in workplace recruitment and evaluation methods. Since the discovery of DNA there has also been an increased use of genetic testing, allowing employers to access the most intimate details of a person's body in order to predict susceptibility to diseases, medical, or even behavioral conditions. The completion of the Human Genome Project has made this testing more prevalent. Currently, genetic testing is prohibitively expensive for many employers, and not used as frequently as other forms of medical or drug testing.[275] Article 21 of the European Union Charter of Fundamental Rights provides explicitly that "any discrimination based on . . . genetic features . . . shall be prohibited."[276]

Employers' collection of personal information and use of surveillance technology is often justified on the grounds of health and safety, customer relations, or legal obligation. However, according to a recent study by the Privacy Foundation, it is actually the low cost of surveillance technologies more than anything else that contributes to the increased monitoring.[277] In many cases, workplace monitoring can seriously compromise the privacy and dignity of employees. Surveillance techniques can be used to harass, to discriminate, and to create unhealthy dynamics in the workplace.

Legal Background

Privacy advocates have long maintained that providing notice of a monitoring or surveillance policy should, at a bare minimum, be required before employers can engage in such invasive activities. Advocates support strong privacy principles in the workplace such as the International Labor Office's "Code of Practice on the Protection of Workers' Personal Data," which protects employees' personal data and fundamental right to privacy in the technological era.[278] These guidelines were issued by the International Labor Office in 1997, following three comprehensive studies on international workers' privacy laws.[279] The general principles of the code are:

• personal data should be used lawfully and fairly; only for reasons directly relevant to the employment of the worker and only for the purposes for which they were originally collected;
• employers should not collect sensitive personal data (e.g., concerning a worker's sex life; political, religious, or other beliefs; or trade union membership or criminal convictions) unless that information is directly relevant to an employment decision and is collected in conformity with national legislation;
• polygraphs, truth-verification equipment or any other similar testing procedure should not be used;
• medical data should only be collected in conformity with national legislation and principles of medical confidentiality; genetic screening should be prohibited or limited to cases explicitly authorized by national legislation; and drug testing should only be undertaken in conformity with national law and practice or international standards;
• workers should be informed in advance of any monitoring, and any data collected by such monitoring should not be the only factors in evaluating performance;
• employers should ensure the security of personal data against loss, unauthorized access, use, alteration or disclosure; and
• employees should be informed regularly of any data held about them and be given access to that data.[280]
  

The code does not form international law and is not of binding effect. It was intended to be used "in the development of legislation, regulations, collective agreements, work rules, policies and practical measures."[281] Unfortunately, however, the laws differ greatly from country to country, and in some countries there are few legal constraints on workplace surveillance.

In the United States, for example, there remains a lack of a uniform determination as to the level of privacy employees are entitled to and how that privacy should be protected. Many believe that since employers have ownership or "control" over the working premises, and its contents and facilities, that employees give up all rights and expectations to privacy and freedom from invasion.[282] Others simply avoid the question by making employees consent to surveillance, monitoring, and testing as a condition of employment.[283]

Several laws protect US public sector employees. The Fourth Amendment applies not only to law enforcement officers, but to government officials and employers as well. A constitutional right to information privacy, recognized in Whalen v. Roe,[2] can protect against employer disclosures of employees' personal information. Other laws which may protect the privacy of public employees include relevant state constitutional provisions, federal and state wiretap laws, the Americans with Disabilities Act (ADA), the federal Privacy Act, and the common law privacy torts. In addition, depending on the type of employment contract governing the work agreement, public employees may have recourse under contractual remedies. However, most employment agreements are considered "at will," which means that employees may be dismissed for any or no reason, provided sufficient notice is given. One exception to this general rule is that employees may not be dismissed for a reason that violates public policy, such as for not complying with a privacy-invasive procedure. Should this occur, employees can sue for wrongful termination in violation of public policy.

US private sector employees have some, but not all, of the protections afforded public sector employees. The Fourth Amendment and many state constitutions do not apply to private employers. However, the federal wiretap law applies to both public and private sector employers. Private sector employees may also establish recourse for invasions of privacy under the ADA, breach of contract theories, and privacy torts.

Internationally, regulations governing the compilation and use of employees' personal data vary significantly.[2] In European countries, the EU Data Protection and the Telecommunication Privacy Directives protect the collection and processing of personal information.[284] That last Directive, however, provides for the confidentiality of communications for "public" systems and therefore would not cover privately owned systems in the workplace.[285] However, the principles laid out in these directives are general in scope and their application to workplace privacy issues is not always clear.

Nonetheless, many European countries have strong labor codes and privacy laws that directly or indirectly prohibit or restrict this kind of surveillance.[286] The constitutions of Belgium, Finland, Germany, Greece, the Netherlands and Spain contain a general right to protection of privacy in private life. Denmark and Sweden have explicit constitutional rights to privacy protection related to electronic data processing.[287] In Finland, a new law on Data Protection in Working Life entered into force in October 2004. The new law includes the prohibition of routine drug tests, restrictions on the right to video surveillance, and the guarantee of limited e-mail privacy for workers.[288] Belgium has a national collective agreement that protects employee online privacy.[289] In June 2005, the United Kingdom Privacy Commissioner issued "The Employment Practices Data Protection Code," a practice guide for employer/employee relationships.[290] One significant provision requires that any sickness and accident records, detailing the medical cause of any absence be maintained separately from medical records that do not reveal medical conditions.[291]

In May 2002, the European Union Article 29 Data Protection Working Party issued a working paper on monitoring and surveillance of electronic communications in the workplace. The document set out principles employers should bear in mind when processing workers' personal data. These principles include: finality (data must be collected for a specific and legitimate purpose); transparency (workers should know which data the employer is collecting about them); and security (the employer must implement security measures at the workplace to ensure the safety of the personal data of workers).[292] Currently, both the International Labor Organization (ILO) and the Council of Europe have established specific guidelines establishing data protection in the employment relationship.[293] In addition, Article 8 of the EU Charter of Fundamental Rights refers to the protection of personal data, and Articles 21, 26, and 31 contain provisions relevant to the protection of employees' private data.[294]

In some parts of the world, dysfunction within legal systems, or inadequate rule of law have led to a disregard of fundamental employee rights. Examples include the West Bank and Gaza Strip,[295] sub-Saharan Africa[296], and China.[297] Thailand has also come under fire for heavily monitoring the Internet usage of its citizens.[298]

Workplace Surveillance

Employers are increasingly turning to video surveillance to monitor the activities of employees. In answering the question of whether an employer's use of video surveillance is permissible, US courts have examined an employee's expectation of privacy in the area being monitored, as well as considered any applicable laws or regulations governing such a search. Federal courts have held almost unanimously that silent video surveillance is not prohibited by Title I of the Electronic Communications Privacy Act (ECPA) of 1986.[299] But video surveillance that includes the ability to record conversations would violate Title I. Silent video surveillance is subject to the Fourth Amendment's protections against unreasonable searches, but at least one court has held that the Fourth Amendment is only implicated if an employee has a reasonable expectation of privacy in the area under surveillance.[300] If employees have no reasonable expectation of privacy in an area under observation–such as in a locker area that can be viewed by anyone who enters–the Fourth Amendment is not violated, regardless of the nature of the search.

Internationally, video surveillance is used extensively for many different reasons. Australia spent substantially more money per capita than any other industrialized nation on video surveillance equipment.[301] Its Workplace Video Surveillance Act of 1998 regulates the use of video cameras. An amendment to the bill passed in 2005, to extend the coverage of the act to include surveillance by email, Internet, and tracking devices.[302] Video surveillance is justified as a security measure to deter theft, vandalism, or other unauthorized intrusions, and to monitor employee conformance with occupational health and safety procedures, as well as general performance. However, the Australian state of Victoria enacted a law to curb employer video surveillance, prohibiting surveillance in washrooms, toilets, and changing rooms.[303] Similarly the Irish Data Protection Agency has issued non-binding guidelines prohibiting the use of CCTV in washrooms.[304]

Workplace surveillance in New Zealand is prevalent, and often occurs beyond the reach of the law given the deregulated labor market, according to a report issued by the Office of the Privacy Commissioner.[305] The current policy in New Zealand is to leave negations involving workplace surveillance to employment agreements between employers and employees rather than establishing legislation regulating such activities, although employment law and contractual implied terms of fair dealing offer employees some protections. New Zealand employers are entitled to take reasonable steps to monitor employee performance, to safeguard working conditions, and to secure the place of business. Employees, in turn, are generally granted protections to safeguard their person, property, and private conversations and beliefs, and are provided with avenues to amend irrelevant, inaccurate, or incomplete facts that are considered in employment decisions.

Biometrics have been introduced in the New Zealand workplace with few legal problems. In one case, the New Zealand Engineering Printing and Manufacturing Union complained to the Privacy Commissioner about a company's introduction of finger scanning technology for time keeping. The Privacy Commissioner formed the view that the collection of personal information from employees by this means was both lawful and necessary in terms of information privacy principles.[306] However, the introduction of finger scanning technology may be unlawful in circumstances where the employer breached contractual and statutory requirements to consult the employees concerned.[307]

Performance Monitoring

Automated workplace monitoring has become increasingly common in recent years. Even in workplaces staffed by highly skilled information technology specialists, employers demand the right to spy on every detail of a worker's performance. Modern networked systems can interrogate computers to determine which software is being run, how often, and in what manner. A comprehensive audit trail gives managers a profile of each user, and a panorama of how the workers are interacting with their machines. Software programs can also give managers total central control of individual PCs. A manager can now remotely modify or suspend programs on any machine, while at the same time reading and analyzing e-mail traffic and Internet activity. A recent report by the American Management Association found that the vast majority US companies monitor employees at work by checking communications such as telephone conversations, computer files, e-mails and Internet connections or by using video surveillance for performance evaluation and security purposes.[308]

RFID chips can also be implanted in employees to track employee location.[309] In Sweden, mine workers carry RFID chips on their uniforms. In the event of an accident, the chip will radio the miner’s location to rescue crews. In Japan, employers use the chips to monitor employee efficiency. In Mexico City, eighteen government officials voluntarily received RFID implants in order to access restricted areas.[310] Istanbul recently approved an RFID contract to install chips on its municipal vehicles.[311] The EU’s Article 29 Data Protection Working Party examined the issue of RFID in the workplace in a working paper published in January 2005.[312] The group recommended the increased visibility to employees and others of the RFID chip, the increased security of personal data, as well as the right of employees to correct stored data.

An employer can monitor an employee’s computer usage through keystroke monitoring software. Numerous technologies are available which monitor and analyze the performance of IT workers. Some allow network administrators to observe an employee's screen in real time, scan data files and e-mail, analyze keystroke performance, and even overwrite passwords.[313] Once this information is collected, it can be analyzed by standard processing programs to determine a worker's performance profile. These monitoring products are sold at very low prices and have infiltrated the market. These snooping programs have also become popular not just among employers but also law enforcement agencies, private attorneys, investigators, and suspicious lovers.

Where staff are more mobile, companies are now using a range of GPS technologies to track geographic movements.[314] Some hospitals in the US now require nurses to wear badges on their uniforms so they can be located constantly.[315] Advances in this area now allow carrier companies to place an electronic mechanism (described as a geostationary satellite-based mobile communications system)[316] on trucks that then sends back to a main terminal the exact position of the vehicle at all times. In this way, carrier companies can ensure that no side trips or other deviations are taken from the prescribed route. In China, a man filed a lawsuit against his employer for spying on him through his cell phone’s GPS tracking ability.[317] Elsewhere in Korea, employees have accused Samsung of tracking their movements by decoding their cell phone transmissions.[318] Finally an Israeli company will install GPS chips on 3,500 buses in order to monitor their location in real-time.[319]

Telephone Monitoring

Telephone surveillance has become endemic throughout the private and public sector. In the United States, employers have broad discretion to monitor employees' calls for "business purposes."[320] Companies are extensively using telephone analysis technology. Call center workers for British Telecom are regularly presented with a comprehensive analysis sheet, showing their performance relative to other workers. Airline reservations clerks in the United States and elsewhere wear telephonic headsets that monitor the length and content of all telephone calls, as well as the duration of their bathroom and lunch breaks.[321]

In April 2007, the European Court of Human Rights issued a decision regarding employees' right to privacy in correspondence sent from a workplace. In Copland v. The United Kingdom, the Court found that the monitoring of a public employee's telephone, email, or Internet interferes with the right to privacy guaranteed by Article 8 of the European Convention on Human Rights.[322] Article 8 states that “everyone has the right to respect for his private and family life, his home and his correspondence.” The decision prohibits surveillance of private communications in the workplace if there is no legal basis for the monitoring.

Email, Internet Use and Blog Monitoring[323]

Computers and networks are particularly conducive to surveillance. In 2005 the American Management Association found that 76% of employers monitor Internet usage, and 55% retain and review employee email messages.[324] These percentages obviously increase dramatically when random surveillance checks are included. Employers can monitor e-mail by randomly reviewing e-mail transmissions, by specifically reviewing transmissions of certain employees, or by selecting key terms to flag e-mail. In the latter case, software analyzes a company's entire e-mail traffic phrase by phrase, and draws conclusions about whether a message is legitimate company business. It can be instructed to search for specific keywords and "damaging" phrases. Some programs can even use algorithms to analyze communications patterns and turn them into images. Monitors can then look at these images to follow traffic patterns and detect whether sensitive data is at risk.

Many employers rely on software for remote monitoring of e-mail messages. With a few clicks they can see every e-mail message that employees send or receive and determine whether they are "legitimate" or not. Managers give a variety of reasons for installing such software. Some say it is to protect trade secrets or preventing sexual harassment incidents. Others want to prevent oversized-mails clogging networks and using too much bandwidth. Still others simply don't want employees "wasting" company time by using the systems for personal activities. In an ideal world, this monitoring should follow the conventional format, i.e., identical to the quality check that has applied to correspondence sent out on company letterhead. However, the speed and efficiency of e-mail means that digital communication involves a vast intersection with personal correspondence. It also has features more in common with an internal memo, for which there has always been less monitoring and management. [325]

In New Zealand, it is accepted that employers may monitor Internet usage and dismiss employees for misuse, [326] and such misuse may have criminal implications.[327] In contrast, France has established stringent policies that protect the privacy of employees' e-mail usage. The French Supreme Court held that employers do not have the right to open any of their employees' messages. The Court ruled in a case between Nikon and a former employee that the company had no automatic right to search through an e-mail inbox.[328]

In the United States, few laws regulate the monitoring of employee e-mail and Internet usage. Courts generally hold in favor of employee monitoring [329] However there is an increasing trend among companies to dismiss or sue employees for divulging company "trade secrets" or defaming the company in chat rooms. These have become known as "John Doe" cases. Because most people log on to chat rooms anonymously or use an alias, once a company observes a certain party in a chat room engaging in "illegitimate" speech, they must subpoena the message-board services such as Yahoo! or America Online, it obtain the identity of the specific author. The service providers often turn over identifying information when presented with a subpoena without any notice to the individual. The number of these cases is rapidly increasing and threatens not only the privacy of employees but also their rights to anonymity and free speech.[330]

As the blogosphere grows, the junction between blogging at work and blogging grows murkier.[331] In the U.S., employees mistakenly believe that the First Amendment grants them the right to freely post their thoughts on personal webpages.[332] However, the First Amendment does not protect employees at private companies in employment-at-will states.[333] The lack of legal guidance has forced some employers to fire employee bloggers for postings of a non-work nature on personal blogs, out of a fear that employees will divulge confidential information or speak ill of the company online.[334] Other employers either ban the use of personal blogs completely, or adopt blogging guidelines.[335] Currently, fired employee bloggers have no legal redress.[336] Although these cases are more prevalent in the US, last year, a British ex-patriate living in France was also fired for authoring an anonymous personal blog. A French court ruled in her favor.[337] She is the second British citizen fired for blogging.[338]

The popularity of social networking sites has further distorted the line between the workplace and private persona. In the United States, employers now check a job candidate’s online profiles on social networking sites prior to extending an offer of employment.[339] Pictures depicting a potential employee engaged in personal activities such as drug use, drinking, or sexual exploits may harm that candidate’s chances of future employment.[340]

Drug Testing

There is also an increasing amount of drug testing in many countries. The number of companies using these tests has risen in proportion to the decreasing costs of the tests. For many employees, drug testing is now a standard part of working life. Companies routinely administer tests in the recruitment stage or at intermittent periods during employment, even where there is no evidence of misconduct, poor performance, or any other reason to suspect drug use. There are thousands of easy-to-use kits, which can detect traces of drugs within minutes and without the need for a laboratory, available on the market today. Most of these tests analyze hair or urine samples to detect traces of drugs such as amphetamines, marijuana, cocaine, opiates, and methamphetamines.

Internationally, the use of and justifications for workplace drug testing varies from country to country. In European countries, one of the most frequently used arguments for workplace drug testing and one of the least controversial is that the test is a means of ensuring the safety of employees. In France, Norway, and the Netherlands, only workers in traditional safety-sensitive positions, or those positions that include access to dangerous materials or classified information, are subjected to testing in any form.[341] Accordingly there is less testing and there are more legal restrictions in these countries. In the Netherlands, pre-employment testing is illegal, and in France only the occupational physician may decide to conduct drug tests, not the employer.[342] On the other hand, workplace drug testing is more commonplace in British and Swedish companies, where workers in all types of jobs are tested in order to ensure "business-safety."[343]

A major ethical issue implicated by drug testing is that the process amounts to an unwarranted invasion of privacy. Most guidelines for workplace drug testing, such as the ILO Guiding Principles on Drug and Alcohol Testing of 1996, require that informed consent be obtained before testing. Opponents of testing, such as the German Federal Data Protection Commission and the Swiss Data Protection Commissioner, argue that because workers are dependent on their employers, meaningful consent to workplace drug testing is not possible.[344] This policy is not followed in some countries. In the United Kingdom, failure to comply with a requirement for drug testing that is included in an employment agreement can be interpreted as a disciplinary offence.[345]

Some European constitutions, for example in Belgium and Finland, hold that fundamental rights such as the right to privacy are indivisible and that the individual cannot consent to waive these rights.[346] Privacy issues are often implicated in the realm of workplace drug testing within the larger concerns for data protection. The testing process involves collecting sensitive data both on use of drugs and on medication taken which might influence the test result. The collecting and storage of such information is therefore not only subject to strict controls in many European countries, but also the subject of European rules such as the EU Data Protection and Telecommunications Privacy Directives and the ILO Code of Practice on the Protection of Workers' Personal Data of 1996.[347] In some European countries, the tension between the need for workplace security and the protection of personal information is resolved by strengthening the role of the occupational physician. In Finland, France, Belgium, Germany, and Austria, the drug test results are communicated to the occupational doctor, not to the employer. The doctor is only allowed to inform the employer whether the person is fit for work or not; not what results were revealed from the drug test.

Drug testing is inaccurate and can often lead to false and misleading results. Highly sensitive tests can be positive even when the drug sought is not present. Some say positive reactions may result from a carry-over following a strong positive earlier or from human error, such as contamination due to failure to cleanse equipment.[348] Others note that certain legal substances can also result in positive tests for illegal drugs. For example, there have been reports of Vicks inhalers resulting in positive tests for amphetamines and methamphetamines, standard anti-inflammatory drugs like Ibuprofen showing up positive on marijuana tests, and even traces of morphine being detected from poppy seeds.[349]

Other issues that raise workplace privacy concerns are employer requirements that employees complete medical tests, questionnaires, and polygraph tests. In the United States, employer use of polygraph testing has been limited by federal statute. Congress passed the Employee Polygraph Protection Act (EPPA),[350] which makes it unlawful for private sector employers to require current or prospective employees to take a lie detector test. The statute exempts public employers at the federal, state, and local levels. However, there are a few exceptions to the EPPA. For example, employers may use polygraphs as part of an ongoing investigation involving economic loss or injury to the employer's business, and employers who provide security services are exempt.

Internationally, there are fewer workplace privacy laws that specifically address the use of polygraphs in the employment context. In Europe, honesty testing through mechanical devices, such as polygraphs or voice stress analyzers, or through questionnaires that strive to evaluate workers' attitudes to honesty, are not expressly regulated.[351] Elsewhere, mechanical honesty testing is prohibited by statute in the Canadian territories of New Brunswick and Ontario, and is also prohibited in the Australian State of New South Wales.[352]

In Hong Kong, the District Court awarded three men damages after the Equal Opportunities Commission concluded they had been fired as a result of genetic predisposition to schizophrenia.[353] The US House of Representatives recently passed the Genetic Information Non-Discrimination Act, aimed preventing employers and insurance companies from discriminating based on genetics.[354] The bill now sits before the Senate. Several European countries have also introduced banning insurers from using predictive genetic tests to decide premiums. Zimbabwe, Romania, and the Bahamas prohibit mandatory HIV testing in the employment context.[355]

Many African employers conduct pre-employment health screenings that include HIV testing.[356] The East African countries of Kenya and Tanzania law ban HIV screening, but Uganda has no equivalent law.[357] In West Africa, Nigeria[358] and Cameroon[359] have adopted policies addressed at treating the HIV epidemic while protecting infected employees from discrimination.

[274] For a helpful overview of workplace privacy issues, mainly in the United States, see generally the Electronic Privacy Information Center (EPIC)'s Workplace Privacy Page <http://www.epic.org/privacy/workplace/>.

[275] While not economically feasible, the possibility of genetic employment screening has prompted some companies like IBM to assure its employees that it will not use health data for employment screening purposes. Steve Lohr, “IBM pledges to assure privacy of employees’ genetic profile,” N.Y. Times Oct. 10, 2005.
[276] Article 21, Charter of Fundamental Rights of the European Union <http://www.europarl.europa.eu/charter/pdf/text_en.pdf.

[277] The Privacy Foundation, The Extent of Systematic Monitoring of Employee E-mail and Internet Use, July 9, 2001 <http://www.sonic.net/~undoc/extent.htm>.

[278] "Protection of workers' personal data," An ILO Code of Practice, Geneva, International Labour Office (1997).
[279] International Labour Office, Conditions of Work Digest: Worker's Privacy Part I: Protection of Personal Data 10 (2) (1991); Worker's Privacy Part II: Monitoring and Surveillance in the Workplace (1993) 12(1); and Worker's Privacy Part III: Testing in the Workplace, 12(2) (1993).
[280] Protection of workers’ personal data, supra.

[281] Id.

[282] Employees lacking possessory interest in the place of employment cannot have a reasonable expectation of privacy in that place of employment. See, e.g., Hall v. State, 258 Ga. App. 502, 574 S.E.2d 610 (2002); McInnis v. State, 657 S.W.2d 113 (Tex. Crim. App. 1983).
[283] A 200 survey by the American Management Association (AMA) found that of the employers that engage in monitoring and surveillance, the vast majority inform employees that their webpage usage, e-mail, and keystrokes are being tracked. AMA, “2006 Workplace E-Mail, Instant Messaging & Blog Survey: Bosses B

ttle Risk by Firing E-

ail, IM & Blog Violators.[2]
‘, available at <http://www.amanet.org/press/amanews/2006/blogs_2006.htmivacy Library, <http://www.mofoprivacy.com/default.aspx?tabNum=2>.
[284] See "Data Protection at Work: Commission Proposes New EU framework to European Social Partners," European Commission (2002) <http://europa.eu.int/comm/employment_social/news/2002/nov/181_en.html>.
[285] Directive Concerning the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector (Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997), available at <http://www.spamlaws.com/docs/97-66-ec.pdf>.

[286] For a summary of European countries and their legal frameworks for protection of employee privacy, see Catherine Delbar, et al, “New technology and respect for privacy at the workplace,” 2003, available at <http://www.eurofound.europa.eu/eiro/2003/07/index.html>.
[287] Id.
[288] European Industrial Relations Observatory On-line (EIRO), “New rules on workplace privacy come into force,” Feb. 15, 2005, <http://www.eurofound.europa.eu/eiro/2005/02/inbrief/fi0502201n.html>.
[289] Delbar, “New technology and respect for privacy at the workplace,” supra.
[290] Data Protection Commissioner, Employment Practices Code, June 2005.
[291] Id.

[292] Data Protection Working Party - Article 29, Working Document on The Surveillance of Electronic Communications in the Workplace, 5401/01/EN/Final WP 55, May 29, 2002, available at <http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2002/wp55_en.pdf>.
[293] "Data Protection at Work: Commission Proposes New EU framework to European Social Partners,” supra.
[294] Id.

[295] ILO, “The situation of workers of the occupied Arab territories,” 2007, available at <http://www.ilo.org/public/english/standards/relm/ilc/ilc96/pdf/rep-i-a-ax.pdf>.
[296] See generally ILO, “The Decent Work Agenda in Africa: 2007-2015,” Apr. 2007, available at <http://www.ilo.org/wcmsp5/groups/public/---dgreports/---dcomm/---webdev/documents/publication/wcms_082282.pdf> (discussing the need to eradicate child labor prior to implementing employment standards).
[297] China’s Golden Shield Project aims to create an all-encompassing surveillance network, complete with speech and face recognition, CCTV, smart cards, and Internet surveillance technology. This project will affect all aspects of a citizen’s life. See Clive Thompson, “Google’s China Problem (and China’s Google Problem),” N.Y. Times, Apr. 23, 2006.
[298] “Thailand: Military-Backed Government Censors Internet,” Human Rights Watch, May 24, 2007, available at <http://hrw.org/english/docs/2007/05/23/thaila15996.htm>.

[299] 18 U.S.C. §§ 2510-2522.
[300] Thompson v. Johnson County Community College, 930 F. Supp. 501 (D. Kan. 1996).

[301] "Report 98, Surveillance: an interim report," Law Reform Commission Publications (2001) <http://www.lawlink.nsw.gov.au/lrc.nsf/pages/r98chp07>.
[302] Workplace Surveillance Bill 2005 (NSW), available at <http://www.parliament.nsw.gov.au/prod/parlment/NSWBills.nsf/0/941266A03EB10718CA256FF600242EDB>.
[303] “Bosses face new privacy laws in toilets,” The Age, July 1, 2007.
[304] Irish Data Protection Commissioner, “Use of CCTV in Business Premises, including toilet areas,” <http://www.dataprotection.ie/viewdoc.asp?DocID=410&m=f>.

[305] "Workplace Monitoring, Surveillance "Common,'" News From the Office of The Privacy Commissioner,
Issue No. 30, Jan-Feb 1999 <http://www.knowledge-basket.co.nz/privacy/semployf.html>.

[306] Case Note 33623 [2003] NZPrivCmr 5.
[307] OCS Limited v. Service and Food Workers Union Nga Ringa Tota Inc., WN WC 15/06 [31 August 2006].

[308] American Management Association, “2005 Electronic Monitoring and Surveillance Study,” 2005, available at <http://www.amanet.org/research/pdfs/EMS_summary05.pdf>.

[309] See VeriChip Corporation, <http://www.verichipcorp.com/>.
[310] ILO, World of Work Magazine, “RFID and Surveillance in the Workplace,” April 2007, at 16-19.
[311] “Istanbul Municipality Selects Alien RFID Solution,” Digital Media Asia, June 6, 2007.
[312] Article 29, Data Protection Working Party, “Working document on data protection issues related to RFID technology,” January 2005.

[313] See generally, Privacy Rights Clearinghouse, Workplace Privacy and Employee Monitoring, 2006, <http://www.privacyrights.org/fs/fs7-work.htm>.

[314] Murray Singerman, GPS Invasion of Worker Privacy, 37 Jun. Md. B.J. 54 (May/June 2004).
[315] "Monitoring Shrinks Worker Privacy Sphere," Eric Auchard, Reuters, May 29, 2001.
[316] "Bulkmatic Equips Fleet with OmniTRACS System," Qualcomm Press release, December 19, 1996. <http://www.qualcomm.com/press/releases/1996/press583.html>.
[317] Raymond Li, “Firm accused of spying on worker,” South China Post, May 12, 2007.
[318] “Civic Groups to Select Worst Privacy Offenders for This Year,” The Korea Times, November 19, 2005.
[319] Ran Rimon, “3,500 Egged Buses to Get GPS,” Financial Times Information Ltd., November 15, 2006.

[320] Under federal law, employers man monitor employee calls unannounced, but once the employer realizes the call is of a personal nature, monitoring must stop. Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983).
[321] Laura Pincus Hartman, "The Economic and Ethical Implications of New Technology on Privacy in the Workplace," Business and Society Review, March 22, 1999.

[322] Copland v. United Kingdom, [2007] ECHR 253, available at <http://www.bailii.org/eu/cases/ECHR/2007/253.html>.
[323] For an overview as to the prevalence of computer, Internet, and email monitoring in the United States, see U.S. Gen. Accounting Office, Employee Privacy: Computer-Use Monitoring and Policies of Selected Companies (2002).

[324] AMA, “2005 Electronic Monitoring and Surveillance Study,” supra. In addition, in 2001 the Privacy Foundation found that fourteen million employees in the United States are subject to this kind of surveillance on a continuous basis. See Privacy Foundation, The Extent of Systematic Monitoring of Employee E-mail and Internet Use, July 9, 2001 <http://www.sonic.net/~undoc/extent.htm>.

[325] Id.

[326] See Bisson & Ors v. Air New Zealand Ltd., CA 98/06 [3 July 2006] P. Montgomery (investigating identity of employee who accessed pornographic sites when all employees shared user information); Cliff & Groom v. Air New Zealand Ltd., AC 47/06 [23 August 06] Shaw J. (holding that data indicating Internet misuse may instead be the result of pop-ups and other non-manual hits).
[327] See “Man convicted of theft for internet use at work,” Northern Advocate, August 22, 2006.
[328] Nikon v. Onof, Decision No. 4164, October 2, 2001 (99-42.942).

[329] Privacy Rights Clearinghouse, Workplace Privacy and Employee Monitoring, 2006, supra.
[330] Currently pending cases on this issue include Swiger v. Allegheny Energy, Inc., 2007 U.S. Dist. LEXIS 8610 (E.D. Pa. Apr. 4 2007) (contesting company’s use of a subpoena to find identity of employee messageboard poster, and firing the employee after discovering his identity) and H.B. Fuller Co. v. Doe, 2007 Cal. App. LEXIS 894 (Sup. Ct. of Santa Clara Cty., May 31, 2007) (attempting to discover identity of anonymous message board poster based solely on pleaded facts in complaint).

[331] AMA, 2006 Workplace E-Mail, Instant Messaging, & Blog Survey: Bosses Battle Risk by Firing E-Mail, IM, & Blog Violators, July 11, 2006, <http://www.amanet.org/press/amanews/2006/blogs_2006.htm>.
[332] Electronic Frontier Foundation, How to Blog Safely (About Work or Anything Else), May 31, 2005, <http://www.eff.org/Privacy/Anonymity/blog-anonymously.php>.
[333] Id.
[334] Todd Wallack, “Beware if your blog is related to work,” San Francisco Chronicle, January 24., 2005.
[335] IBM, Blogging guidelines, <http://www.ibm.com/blogs/zz/en/guidelines.html>.
[336] Electronic Frontier Foundation, How to Blog Safely (About Work or Anything Else), May 31, 2005, supra.
[337] Bobbie Johnson, “Briton sacked for writing Paris blog wins tribunal case,” Guardian International, March 30, 2007.
[338] Angela Doland, “Sacre blog! Fired gossip sues in Paris,” Chicago Tribune, July 21, 2006.

[339] Alan Finder, “For Some, Online Persona Undermines a Resume,” N.Y. Times, June 11, 2006.
[340] For more information on social networking and its implications on privacy, see Privacy and Human Rights section on Social Networking.

[341] Behrouz Shahandeh & Joannah Caborn, "Ethical Issues in Workplace Drug Testing in Europe," SafeWork: ILO Geneva (February, 2003) <http://www.ilo.org/public/english/protection/safework/drug/wdt.pdf>.
[342] Id.
[343] Id.

[344] Id.
[345] Id.

[346] Id.
[347] Id.

[348] John P. Morgan, "Problems of Mass Urine Screening for Misused Drugs," Journal of Psychoactive Drugs. Volume 16(4) 305-317 (1984).
[349] National Academy of Sciences, "Under the Influence? Drugs and the American Work Force," 1994. See also ACLU, "Drug Testing: A Bad Investment," September 1999, available at <http://www.aclu.org/issues/worker/drugtesting1999.pdf>.

[350] 29 U.S.C. §§ 2001-2009.

[351] Proposals for the agenda of the 87th Session (1999) of the Conference, before the ILO Governing Body, GB.267/2, 267th Session, Geneva, November 1996 <http://www.ilo.org/public/english/standards/relm/gb/docs/gb267/gb-2.htm>.
[352] Id.

[353] “China is thwarted by jobs ruling: Hong Kong judge’s decision on gene data hailed as civil rights landmark”, The Observer, 1 October 2000.
[354] Genetic Information Non-Discrimination Act of 2007 (GINA), H.R. 493, 110th Cong. (2007).
[355] “Equality at work: Tackling the challenge,” ILO, 2007.

[356] Center for Global Development, Does the Private Sector Care About AIDS?, January 20, 2006, available at <http://www.cgdev.org/content/publications/detail/5850>.
[357] “Does the Private Sector in East Africa Care About AIDS?,” The East African, January 31, 2006.
[358] See “FG approves workplace policy on HIV/AIDS,” This Day, May 13, 2007.
[359] See Zekeng L. et al., “Scaling-Up HIV/AIDS prevention and care in Cameroon: Lessons learned by the National AIDS Control Committee (NACC),” International Conference on AIDS, July 11-15, 2004; “Gov't Tackles HIV/Aids in the Workplace,” Cameroon Tribune, January 17, 2006.