Links to the case law on workplace surveillance
ATF 139 II 7
(judgment available in French and Italian): Use of spyware (installation of spyware to monitor a civil servant's computer operations; surreptitious use of spyware to verify the suspicion that an official is unlawfully using the IT resources for purposes unrelated to his official duties).
ATF 143 II 443
(judgment available in French and Italian): Monitoring the use of the internet at work or the work mobile phone.
ATF 145 IV 42
(judgment available in German and Italian): The court held that monitoring systems, installed by the police with the employer's consent, constituted a coercive measure, the result of which had to be rendered inoperable in the absence of authorisation by the court.
ATF 130 II 425
(judgment available in German and Italian): (GPS satellite tracking system installed on company vehicles). This judgment concludes ‘that a monitoring system is prohibited by Article 26 EmpO 3 if its sole or main purpose is to monitor the actual conduct of workers. On the other hand, its use is not prohibited if, although it objectively has such a monitoring effect, it is justified on legitimate grounds, such as safety or security requirements or reasons relating to the organisation or planning of work or the nature of the employment relationship itself. However, the monitoring system chosen must appear, in the light of all the circumstances, to be proportionate to the aim pursued, and the employees whose data is processed (the data subjects) must be informed of its use in advance’.
4A_518/2020 of 25.08.2021
(judgment available in French and Italian): Article 328 paragraph 1 CO provides that the employers must acknowledge and safeguard employees' personality rights. According to Article 328b CO, the employer may handle data concerning the employee only to the extent that such data concern the employee’s suitability for the job or are necessary for the performance of the employment contract. An employer who accesses an employee's private messages violates the employee's personality rights.
Modern monitoring systems in the workplace are becoming increasingly intrusive, both in the monitoring of internet or e-mail use and in the use of people analytics tools.
Trend towards increased surveillance
Many companies use increasingly intrusive monitoring systems in the workplace. Regardless of the systems used, monitoring employees leads them to feel being spied on or pressured, and this can affect their health. It can also amount to a breach of privacy. Employers must therefore have an objective need to use a surveillance system and cannot simply monitor employees' behaviour. Monitoring must comply with data protection standards whenever personal data are processed.
The protection of the employee's personality rights is enshrined in Article 328 of the Swiss Code of Obligations (CO) and Article 26 of Ordinance 3 to the Employment Act (EmpO 3). This provision prohibits the use of monitoring or control systems to monitor the behaviour of employees in the workplace. It also states that where monitoring or control systems are necessary for other reasons, they must, in particular, be designed and installed in such a way as not to affect employees’ health and ability to move around normally without being under constant surveillance.
However, behaviour and performance are often linked. It is often difficult to differentiate between authorised surveillance for reasons of security, performance or efficiency and unauthorised monitoring of general behaviour. Permitted monitoring systems for the verification of the performance or output include electronic badges for access to the company, recording the time when workers enter and exit the premises, quality control to record the output of a workstation, recording the route of company vehicles for the purpose of route planning to reduce travel costs (provided the driver is informed), monitoring the number of calls to a call centre, or recording the number of items produced.
Surveillance to monitor the behaviour of workers through detailed analyses of their activities on a continuous, periodic or sampling basis is prohibited. This means that certain systems may, depending on their use, violate the ban on monitoring employee behaviour. Such systems would include the use of artificial intelligence tools for automated evaluation of employee-based data (vision, movement, speech or communication patterns, psychological results) or systems that monitor the computer or mobile phone activities of employees in the company or while teleworking (spyware, activity trackers, application and website logs, content scanners of e-mails, mouse and keyboard logs).
As is clear from legal precedent of the Federal Court in the case of a GPS satellite tracking system on company vehicles, Article 26 EmpO 3 is not intended to impose a general ban on the use of surveillance systems. Systems that aim to monitor the behaviour of employees are prohibited, but not, in principle, monitoring systems used ‘for other purposes’. It is not so much the type of surveillance or its effects as such that determine whether or not surveillance is permitted, but rather the reasons for its introduction or its purpose. In short, a surveillance system is prohibited if it is intended solely or primarily to monitor the actual behaviour of employees. However, the same system will not be prohibited if it is used for on legitimate reasons, such as ensuring safety or enabling the organisation or planning of work. However, the system chosen must be proportionate to the aim pursued and the employees must be informed in advance (cf. Decisions of the Swiss Federal Supreme Court 130 II 425, paras. 4.1 and 4.4). Whether a monitoring system meets the legal requirements and limitations set out in Article 26 EmpO 3 needs to be examined on a case-by-case basis.
If a monitoring system involves the processing of personal data within the meaning of Article 5 letter d FADP, the employer must comply with the principles of the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
The processing of personal data must be lawful (Art. 6 para. 1 FADP) and must be justified (Art. 31 FADP). This requires a balancing of interests between reasons for monitoring in the interests of the company and respect for the personality rights of the employees. The overriding interests of the company include, for example, the safety of employees, third parties and company assets or the monitoring of production, performance and efficiency. When obtaining the consent of employees to monitoring systems, employers should be careful not to make their employees feel pressured or restricted in their freedom to decide.
The processing must also respect the principles of good faith and transparency (Art. 6 paras 2 and 3 FADP). It must be done in such a way that employees are aware that it is taking place, i.e. they must be informed in advance. It is therefore advisable for companies to draw up rules for the use of monitoring, describing how, when and where monitoring is to be carried out. Under Article 6 paragraph 3 FADP), personal data may only be processed for the purposes stated at the time of collection.
Compliance with the principle of proportionality (Art. 6 para. 2 FADP) plays a decisive role in the context of monitoring. Indeed, before resorting to a monitoring system, the company must clarify whether it is not possible to achieve the intended purpose in a way that is less intrusive to the private sphere of the employees. The principle of proportionality also implies that only the required data are processed. Access to the data should be regulated and limited to those authorised to analyse it.
Development of intrusive systems
Particular caution should be taken when using personnel data analysis systems (People Analytics, HR Analytics, Workforce Analytics), which are becoming increasingly prevalent. These tools make it possible to better identify the organisation's resources, predict its needs or increase and optimise performance. When used by human resources managers, the methodology is directly related to the practices used in big data: it consists of collecting and aggregating a multitude of data, both internal to the company (objectives, resources, marketing, sales, productivity tools, monitoring and tracking software, secondary data analysis) and external (customer satisfaction, loyalty, new customers, website visit management tools). However, as noted above, the use of such systems must comply with employment law, which allows the verification of work performance but prohibits the monitoring of behaviour; it must also comply with the general principles of data protection.
Among the tools mentioned above, the analysis of secondary data generated during internet and email use is a particularly intrusive monitoring tool. Secondary data is log data showing who did what, when, and with whom. Under Article 321d CO, employers have to issue instructions on how employees may use the internet and email for business and non-business purposes, and need to explain what is not allowed.
Employers must comply with the data protection provisions if they intend to carry out secondary data analysis, which can be done in anonymous, pseudonymous or nominal form. For data processing to be proportionate, employers must always choose a form of processing that is appropriate for the purpose and constitutes the least significant interference with the employees' privacy. The analysis of secondary data in the Federal Administration is specifically regulated in the Government and Administration Organisation Act (GAOA) and in the Ordinance on the Processing of Personal Data in Connection with the Use of the Electronic Infrastructure of the Confederation ('Secondary Data Ordinance’).
Last modification 11.05.2023