Digitalisation and surveillance at work: is your boss spying on you?
Global demand for employee surveillance technology has increased during the pandemic. This is causing concern in Switzerland, not least because the country’s legal system is not set up to deal with it.
Working from home will be one of the long-lasting global side-effects of the Covid-19 pandemic. This has been enabled by a structural change in the way we work due to the ongoing digitisation of the workplace.
The encounter between digital transformation and the world of work has all the ingredients to be a story which ends well. It is not only the productivity and satisfaction of workers that stands to gain, but also the climate. Teleworking for half a week could reduce greenhouse gas emissions by some 54 million tonnes each yearExternal link.
According to a global survey conducted by the consultancy firm GartnerExternal link, as of March 2020, as many as 88% of companies have encouraged or made teleworking mandatory in order to respond to health emergencies while ensuring staff uptime and continuity of services.
In Switzerland, a survey by Deloitte SuisseExternal link showed that, in the first few months of 2020, around half of the population worked from home and were no less productive. In the third quarter, this figure fell slightlyExternal link, but the trend remains important and is expected to continue in 2021. Some estimatesExternal link predict that 25-30% of employees worldwide will continue to work from home several days a week in the new year.
But that progress has come at the price of workers’ privacy. A study from TOP10VPNExternal link, which analyses and reviews VPN services worldwide, found that global demand for surveillance software has increased by 51% since the start of the health crisis. In April alone, this figure stood at 87%, well above pre-pandemic levels.
Surveillance at work is also on the rise in Switzerland. Although there is a lack of precise statistics on the activities of private companies, the Federal Data Protection and Information Commissioner (FDPIC) has confirmed that the phenomenon is growing in scale and is under observation. “During the pandemic, there has been an increase in the number of reports concerning breaches of privacy at work. We are aware of the problem and have opened an investigation into one company. Unfortunately, we cannot reveal any more details,” Hugo Wyler, Head of Communication at the FDPIC, told SWI swissinfo.ch.
A surveyExternal link of 213 senior Swiss HR managers conducted between June and September 2020 by the Research Institute for Work and Employment at the University of St Gallen found that investments in People Analytics solutions systems are conscious investments, independent of the pandemic. The survey also highlighted that those who invested in these technologies before the crisis will continue to do so after, and that investments in performance analytics solutions increased by 10% since 2018.
“Without a well-defined legal framework, nothing is illegal, and society will continue to adapt to technology, and not vice versa.” Jean-Henry Morin, University of Geneva
A spy in your computer
Surveillance software is capable of performing a wide range of operations to monitor any activity on an employee’s computer, from recording typed words to monitoring the screen, internet searches and e-mails. Some software even includes camera surveillance, geolocation, audio recording and mobile phone access. The most popular programmes, including Hubstaff, Time Doctor and FlexiSPY, offer most of these functions.
Microsoft recently launched a software called Productivity Score, which in its first version could track the activities of individual employees. The programme raised concerns about privacy violations, forcing Microsoft to rectify the situation and withdraw some of the more privacy-intrusive features that allowed employers to access employee data and monitor the use of Microsoft 365 services and apps on an individual level. Microsoft is the world’s largest software provider by revenue and its desktop operating systems have more than 75% of the global market share, largely in business settings.
In a note published on the internetExternal link, Jared Spataro, vice president of Microsoft 365, said that the company, in addition to removing users’ names from the product, was “changing the user interface to make it clearer that Productivity Score measures enterprise-wide technology adoption, not individual user behaviour”. Would Microsoft have intervened on such a significant issue – such as protecting user privacy – even if its solution had not caused a stir? Microsoft Switzerland did not respond to questions by SWI swissinfo.ch.
It is nevertheless important to distinguish between the surveillance of the behaviour of individuals, which is prohibited by Swiss data protection law, and the collection of information to verify the contractual duties of employees.
“The employer does not have the right to monitor the employee during, for example, his lunch break, but he can investigate what he does during working hours, without trespassing on the surveillance of individual behaviour”, Wyler explains. Companies are still obliged to inform employees in a transparent manner about the data analysed.
More
Your employer might be watching you. Should you care?
Drawing the lines
But the line between invasion of privacy and monitoring of work is perhaps too fine to avoid abuses that are often not even recognised by workers. The Swiss civil code, the labour law and the federal law on data protection define the right to dignity, health and privacy of the worker in Switzerland, but these laws are technology-neutral. This means that companies are free to choose the technologies they consider most appropriate to achieve certain results, without taking into account the ethical or social implications. Moreover, none of these laws legally define the concept of ‘surveillance’, which leaves room for uncertainties in legal interpretation.
“Switzerland is less strict than other European countries with regard to data protection. There are much lower risks in the event of a breach, rarely any fines, and employees have less incentive to report their employer. The European Data Protection Regulation (GDPR) is fairly strict, but it doesn’t apply in Switzerland,” explained David Vasella, a data protection lawyer at a firm based in Zurich. Vasella explains that there are generally no strict restrictions in Switzerland nor a one-size-fits-all answer to the question “can my boss look at my emails?” because a lot depends on the circumstances and the industry.
Article 328 of the Swiss Civil CodeExternal link and Ordinance 3 concerning the Labor Law (Article 26) define the employer’s obligations to protect the personality of the employee also in the processing of personal data and prohibit the use of systems to monitor and control the behavior of employees in the workplace. In addition, Ordinance 3 states that “Surveillance or control systems, if they are necessary for other reasons, must be designed and arranged in such a way that they do not impair the health and freedom of movement of workers.”
The Federal Act on Data ProtectionExternal link is an important complement to these laws, but it does not define the concept of surveillance, even from the perspective of associated or associable technologies.
In the absence of a defined legal framework, the use of technology for a variety of purposes is positioned in a grey area where anything is possible. “Technically, it is very easy for a company to install software on its own PCs that can supervise the work of employees. Any malicious attack on the user’s computer acts as a surveillance programme. From a certain point of view, the software installed by companies to supervise the activities of employees works just like malware,” says Stefan Lüders, head of IT security at CERN in Geneva.
Lüders explains that malware is also able to monitor what we type on our keyboard and see on our screen, take control of the microphone and camera by seeing, for example, how we are dressed or what our living room looks like.
Stopping Big Brother
To avoid the “Big Brother” effect, which is possible at the technical level, data collection must remain at the macro level and be compatible with ethical aspects, says Jean-Pierre Hubaux, head of the data security laboratory at the Lausanne Polytechnic Institute. For Hubaux, it is also important to involve union representatives to “watch out” for the temptation of surveillance. Formulating clear laws, however, remains a cornerstone for defining the limits of technology in the digital age.
“We should always ask ourselves what kind of digital society we want to build and live in. Without a well-defined legal framework, nothing is illegal, and society will continue to adapt to technology, and not vice versa,” says Jean-Henry Morin, professor of information systems and service science at the University of Geneva.
Morin believes that Switzerland is not really investing in digitisation and does not see it as a major issue. The absence of a secretary of state or an institutional figure in charge of leading the digital transition of the country is proof of this and is a serious mistake for the country’s future, he says.
As of 1 January 2021, Switzerland has a new delegate for digital transformation, Daniel Markwalder, but his scope seems to be limited to the digitisation of the federal administration. Morin does not think the appointment goes far enough to address the issues at hand, not least because no additional budget has been earmarked for the effort. “At the moment, we are building a new digital world based on old patterns. This is dangerous, because redefining the requirements is crucial,” he says.
More
Police need permission to film employees at work
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
You can find an overview of ongoing debates with our journalists here . Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.