The market for surveillance software is overflowing with smart applications that allow employers to monitor employees on the job. For example, your employer can monitor your efficiency, routines, SoMe networking and meeting activity - or measure your mood, voice and satisfaction with management or other colleagues.
In this FAQ, you can find answers to common questions about your rights as an employee concerning surveillance at work.
There is only limited regulation of which tools may be used in Danish workplaces, as long as the tools comply with GDPR legislation. Often, workplace monitoring is hidden behind terms such as "management technology" or "control measures".
The Danish rules are briefly described in the "Circular on agreement on control measures" which is an agreement concluded between the social partners in the public sector in 2010.
The Circular states, among other things, that the control measures must be objectively justified on operational grounds and have a reasonable purpose. They must not be offensive to employees and must not "cause employees loss or significant inconvenience".
On home workplaces, it states that privacy-invasive controls must not be put in place.
The private sector is governed by a similar agreement between DA (the Confederation of Danish Employers) and LO (Danish Confederation of Trade Unions). DI, The Confederation of Danish Industry, stresses that only the necessary information may be processed, and only for as long as is necessary. In addition, employers must comply with the duty to inform employees so that they know what information is being processed about them.
Ultimately, there are various options for contacting the Data Protection Authority:
Read the circular on the control measure agreement at retsinformation.dk (In Danish)
Read DA-LO agreement on control measures (In Danish)
If your employer monitors you at work, your employer must inform you of:
The personal data your employer may collect about you depends on the data in question and the purpose for which the data is to be used.
In general, information about you can be divided into two categories: general and sensitive personal data.
As a general rule, your employer has the right to process all personal data that you have provided in the course of your employment and that your employer has obtained in the course of your employment. This may include your age, date of birth, marital status, sick leave, salary, private telephone number, address and tax information.
The employer needs this information to draw up an employment contract, pay salary, etc.
Personal data is:
CPR number and criminal record are a category of their own and therefore not considered general or personal data, but must be protected as well as sensitive information.
An employer will usually only be able to record sensitive information about you as an employee if you have consented to it. This could be the case, for example, if you have provided health information in connection with a reimbursement of sickness benefit.
If information about you is anonymised, i.e. you can no longer be identified from the information, it will not be personal data.
Your employer has a duty to inform you when they process your personal data. This means that your employer must tell you what personal data the company is processing about you, why and for what purpose, and what the legal basis for the processing is.
The obligation to provide information also applies when your employer makes use of control measures, such as:
As a general rule, you must be informed of control measures at least 6 weeks before they are implemented. However, there may be exceptions, for example if the purpose of the control measure cannot be achieved because of the notification, or there are operational reasons why you cannot be notified in advance.
In this case, you must be informed of the control measure as soon as possible and you must be told why you could not be informed of the control measure in advance.
As a new employee, your employer is obliged to inform you about control measures. This may be stated in your employment contract or in a welcome email. Verbal information or a reference to the intranet about the control measures used by the company is not enough.
Under the Data Protection Act, you have the right to see the personal data that a current, former and/or potential employer processes about you electronically.
This makes it easier for you to check that your personal data is accurate and processed lawfully.
Write to the HR department of your company to request access to the personal data they process about you. We recommend that you contact IDA for advice before approaching the company.
The rules on surveillance and data protection are complex and you may have many unanswered questions. You may find that your employer won't hand over data, or you may be unsure whether you have consented to monitoring measures.
That's why we in the IDA Legal Department are ready to advise and help you. You can call us or write to us via Mit IDA.
In order for the employer to log/record and check employees' visits to websites and subsequently review the record in case of suspected misuse of the Internet, the following conditions must be met:
It will therefore always be a specific legal assessment as to whether the employer meets the requirements of fairness and proportionality when processing personal data of employees. It is IDA's legal specialists who make the assessment and, if necessary, contact the Data Protection Authority if we deem it necessary.
Under the Data Protection Act, your employer is allowed to log your searches, downloads and general internet use on your work computer, tablet or phone, if you agree in advance:
This also applies when you use the employer's IT tools outside normal working hours and/or when you use the employer's IT tools for private use.
The reason is that the company must be able to log all threats that may occur, even outside the employee's working hours or when the employee uses the employer's IT tool for private use. Cyber security must never be undermined.
Your employer should always inform you how your digital behaviour is monitored or logged and what exactly is logged in relation to your internet use.
You should therefore be able to get an answer from your employer on how long your data is kept in accordance with Article 13 of the Data Protection Regulation.
IDA generally advises that you do not use your employer's IT tools for private use, even though this is an option you often have according to your Employee Handbook.