Slashdot Mirror
In EU, Internet Use From Work May Be Protected
athloi wrote with a link to an Ars Technica article on a case involving the right to privacy on the internet. "A Welsh university employee has successfully sued the UK government in the EU court of human rights over monitoring of her personal internet use from work. According to the complaint, the woman's e-mail, phone, Internet, and fax usage were all monitored by the Deputy Principal (DP) of the college, who appears to have taken a sharp dislike to her. The woman claimed that her human rights were being abused, and pointed specifically to Article 8 of the European Convention on Human Rights, which governs private and family life." The courts agreed; despite a lack of a notion of 'privacy' in English law, the EU convention forced their hand. The ruling doesn't try to dissuade employers from monitoring employees, but does encourage them to inform employees about surveillance.
I for one am welcoming our new internet monitoring overlords, isnit.
It's true I tell you, feller at work's next door neighbour read it in the paper.
I have never worked at a place that didn't have an AUP that wen't roughly along the lines of:
Do anything that would get us sued and you will be fired. Don't do your job and you will be fired.
Since the former covers porn (respect at work acts) and the latter covers goofing off all day, unless you happen to be so good at your job that you can still manage to get everything done *and* goof off, then all eventualities are covered.
Beep beep.
I thought that when you began monitoring someone you were to inform them that there was a chance that they could be under monitoring or could at any time be monitored.
Eh. What do I know. I signed up for a monitoring service when I entered my college Dorm and brought my computer to "Operation (screw over you) PC" on move in day.
Procrastinating life a way at a rapid rate of speed.
In this case, the snooping would appear to be more than warrented by employee productivity or asset/network integrity. Very targetted, and unarguably an abuse of employer power. Something dreaded in the EU and prohibited by a whole host of laws.
I would hope that even in the US this sort of inter-personal grudge nursing would be similarly identified as malfeasance. The snoopers boss ought to fire her for abuse of company assets and damage to reputation. Snooping is never free.
The company I work for now has no AUP. None at all. I think it's insane, but they don't see the value in it.
/.
However, anything you do using your employer's equipment using services paid for by your employer is audit-able by your employer. Should not be a surprise.
I suspect there's more to this. Most likely she's one of those people who spends most of her day on IM and making personal phone calls instead of doing her job. Or posting
Sure, getting people to read article/comments is important, but perhaps a little accuracy in headlines is appropriate?
It is still quite legal for an employer in the EU to declare that its computers, phones, etc are for business use only, and that correspondence will be monitored. This does not contravene Article 8, since only *private* correspondence is protected by Article 8; use of company machines for correspondence therefore makes such correspondence not private.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Part of me says employers shouldnt be able to watch employees internet actions for this very reason (targeting specific employees) The other part of me says, if your that worried about it, why are you doing it at work?
Score one for our "surfing porn at work" bothers and sisters!
She should have faxed some electricity before going to work.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Otherwise, we would not have time to post at Slashdot during the day.
excitingthingstodo.blogspot.com
Most people dont need web browsing. Just turn it of. Turn off everything but email and IM.
Isn't this more of a case of a woman being harassed or stalked rather than having her "privacy" invaded?
How can you have any expectation of privacy when using company resources to have your private communications? Just step out of the work place, use your private cell phone, and conduct your private business.
What I don't understand is why this university doesn't have a policy to cover this sort of monitoring. Most places that I have worked have had a policy that specifically states that the employee's use of corporate communication assets can and will be monitored, and the employee has to sign stating he read this policy. Basically, it's the company's way of covering their arses. Granted, the actions supposedly took place in 1999 and I am too young to comment on the state of corporate communication policies in 1999, but I would think it would have been naieve for any business entity not to have covered themselves legally with some sort of "you might be watched" policy.
That said, if the university didn't have such a policy, then I don't see a problem with the woman suing. Especially in light of the fact that the person monitoring her actions went so far as to call back numbers she had previously called to see who she was calling.
Anyway, lawsuits like these are why companies today have aceptable use policies.
If Murphy's Law can go wrong, it will.
And in case you wonder why we have a special european human rights convention when we already have the UN Universal Declaration of Human Rights: This is similar, but goes a bit further in the areas where it was impossible to gain international concensus in the UN in 1948. For example, see article 8 in the european human rights
and compare this to the corresponding article in the UN human rights:Not only that but Slashdot is actually work related for many of us. I know I was ready for the recent ANI fix because of the article here at slashdot. The MS site didn't really have anything until after the patch was already released.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I have never worked at a place that didn't have an AUP that wen't roughly along the lines of:
Do anything that would get us sued and you will be fired. Don't do your job and you will be fired.
You didn't say anything about them watching you. It's one thing for a company to make that statement, its another for them to monitor every single resource you use (without notifying you) to ensure you are complying with that statement.
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
Not only that but Slashdot is actually work related for many of us. I know I was ready for the recent ANI fix because of the article here at slashdot.
Reading slashdot for the vunerability announcements is like buying playboy for the articles.
What do you perceive to be the problem?
the NPG electrode was replaced with carbon blac
Yes, but telling your boss you read slashdot for the vulnerability announcements is in no way like telling your wife you read Playboy for the articles. Your boss will probably believe you.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
English law in Wales... theres the problem.
Doesn't every employee handbook basically contain something that says "anything you do at work, using work resources, can be monitored and archived at any time, for any reason, by the company?"
I have read quite far down the discussion and very few people seem to consider the fact that the manager might be incompetant and stupid.
Normally in business incompetent people reach a point where they fuck up and get fired. Or they fuck up and get demoted, however this was a council.
That means that the manager was probably fairly useless anyway (or she would have got a proper job, not working for a council). On top of this the manager did not run what she was doing past the legal team or the organisations HR officer. If she had we would not be discussing this as it never would have ended in a stupid legal fight which has probably cost the british tax payer (me) more than the pair of them's wages for ten years combined.
The reality is that most councils seem to have a high turnover of high quality staff as the good people leave when they have done enough time for it to look good on their CV. The crap people can't get sacked as nobody ever gets sacked so they just end up in positions of management by default as nobody else wants to stay that long. The manager in question was probably victimising this member of her staff for two reasons:
1) She was too stupid to find something she could sack the employee for.
2) The employee was actually good at her job and was making the manager look bad in comparison.
I dont read
I'd say UK law has pretty good privacy provisions compared to, for example, US law, where all your personal data can be sold to anyone who wants it, and the government can tap your phone illegally and nobody even loses their job when they're found out.
Forbit your employees the use of the network for private mail. This should not be too hard to enforce. By all means, you can't use the posting service for private use as well.
Then as a nice gesture, you can put some boxen on a seperate subnet for people to use during their lunchtime.
The next thing you can do is make a whitelist. Block all and everything and only allow those sites for those departments/people who actualy need it. Some people might need access to certain sites. Some even to all sites, but the majority does not need interentaccess at all, or only to very few domains.
The way many companies go about it now is by blocking e.g. hotmail. When that happend with us, it took about 10 minutes till everybody had an account somewhere else.
Anyway, I don't care, I just ssh home and run mutt. Andf the times that was not possible, I just waited till I was home and read my mail then. I say, block it. You are on a payroll.
Don't fight for your country, if your country does not fight for you.
As an IT director, I am responsible for ensuring connectivity and bandwidth for my company. As part of this job function, from time to time, I turn on "monitoring" on my firewall. This doesn't tell me who is doing what... it just tells me what sites are being hit.
This is a great way to do statistical monitoring without intruding on one particular person's privacy. If I notice that more than a little of our traffic is going to MySpace or the porn flavor of the day, I re-send out a reminder of the AUP to all staff. (I also remind people that, with VNC, I can observe their screen directly (not that I would, except for tech support-related issues, but I want them to know that anyone in IT could)). After that, the non-work traffic dwindles to next to nil.
Isn't that a better way of doing it all around?
P.S. FWIW, my firewall is a ZyXel, and that behavior is the default functionality. I would have to install separate software to log what each individual is doing, and... why would I want to? The real issue (at least from an IT perspective) isn't who is abusing company resources... only that the abuse stop.
--
Government of, by, and for ALL the people.
WTF, internet useage at work isnt a 'human right'.. geesh..
---- Booth was a patriot ----
Yeah. My CEO surfs porn all day (no, not kidding). What am I supposed to do about that??
I just got fired for reading this article.
:P
I'm one of those ;-). Although corporate is starting to filter out message boards and sites of that nature. In most of those cases all I have do is hit "continue" to view the site anyway.
I work in IT as a Network Administrator and most of the time I am able to fix what goes wrong in five to 10 minutes while in charge of rougly 200 computers, five server rooms, application servers, support about 160 employees...a lot of the free time I have I spend reading articles online (mainly RSS feeds).
OK.. looks like the privacy issue has been beaten to death. Using company owned equipment for personal business and all that.
As a manager who has to deal with HR/legal considerations, it strikes me that there would be more of a case with a "company policy" only being applied to one person. Every manager has to face a habitual line stepper on their team at least once in their career. The first thing out of HR mouths is always to question whether policy/process is applied uniformly or is singling someone out for corrective action.
Seems like more of a case of employer harassment than a privacy issue.
In Soviet Union, Work May Be Protected From Internet Use!
Now companies will want a COMPLETE BAN for fear of being sued.
http://www.rense.com/general79/wdx1.htm
First, s/warrented/warranted/
But that's a minor nit. What I am actually writing to complain about :) is the use of the phrase "more than warranted". In English this means that it is not just warranted, but completely warranted. (And in English, these phrases mean different things!) The phrase you want is "more than is warranted".
HTH, HAND.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
...when everyone will be permanently connected to cheap internet with affordable subnotebooks.
...when the iPhone comes out. :)
I understand that in this case it was a University... but the decision applies to all employers, public or private. What the courts have created is a situation where a company can't possibly avoid being the bad guy.
The courts have ruled that companies are responsible for the actions that their employees take with company resources... That if an employee uses the company email to send out harrassing messages, for example, even if the company did not authorize it and even if the company punished the behavior, the company would still be liable because they have an obligation to police their own resources to prevent such things.
On the other hand, if the company actually tries to police their own resources, that is a "violation of human rights", and they can be held liable for that too.
Don't worry folks, there is a solution... Move the office to a country where the legal system isn't structured into a catch-22 designed to destroy everyone. I am sure you don't have to worry about that kind of stuff if you open an office in India and China. China might be a police state, but unlike England they aren't a self-destructive police state... they aren't going to police away their own economic base.
Playboy.... has articles?
I've fallen off your lawn, and I can't get up.
During one interview for my current job, I stated that I read Slashdot for the news of new technology, and I still got hired. Not that I read it regularly at work or anything...
I can call my doctor on my cell phone, or call my lover, but now much of that is done with the net. If I get one thing wrong on one project at work, this empowers my employers to know too much about me, and use it against me. It's as if Big Brother was a corporation not a government.
Anti-Globalism, Traditionalism, and FreeBSD.
The EU court decision mentioned in TFA strengthens what should be considered universal consensus. Although reality often looks different, at least employees themselves are not to be regarded as property, and they do not rid themselves of everything private by entering their workplace. Most EU courts accordingly and sensibly rule that a sensible amount of private communication is to be tolerated at the workplace, and that the use of the workplace computer is ok to be used for it, except when employer and workforce explicitly ruled that out by contract. Reason: the matter-of-courseness of using computers, wherever they are, for everyday personal communications.
It's the old question of property vs. people, how much power over (other) people should property (owners) be allowed to get. BTW, some constitutions actually contain the phrase "property obliges" (the owner). No property owner is ever absolutely free to do what he pleases with his property - only as long as his doings do not interfere with the rights of others.
Playboy... has women?
Local DACH privacy laws already prevent companies from, eg., doing automated spam-filtering on their employees' makil accounts. Mad as toast? yes I agree, but that's the law.
Everything I needed to know about life, I learnt from Blake's Seven
Strange, when i read the article, i got the impression the woman was singled out by a vindictive colleague who misused his position in the university to try to build a case against her. To me it sounded very much like harassment and very little like abusing resources.
But there's more in the friendly article: article 8 of the European Convention on Human Rights says: "everyone has the right to respect for his private and family life, his home and his correspondence." And European Court case law also says "telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of Article 8.".
And, OF COURSE, people need to be able to contact home, when at work, for all the obvious reasons. Now, if you were talking of downloading porn, i'd agree with you but this isn't simply a case of abusing company resources.
More truth in that than I care to thing about. You will be thought much more highly of for 'working hard' filling in a 5000 line spreadsheet, one line at a time, for 2 weeks, than you will for writing a shell script that does it in 10 minutes, do almost 2 weeks of work, and slack off a bit on the last day. When you point out that you accomplished the same amount as the guy at the next desk in the same period of time, then clearly you are being obstructive and critical of fellow employees.
Go look for a job at a small company. Part of the problem is that for a large corporation, unless you're high up the chain there, nothing you do or don't do is likely to affect the overall results of the company that much. The company has to have a really good set of people in charge watching the real contributions made by everyone or there is just no way to tell if you're good at work or good at appearing to be busy.
The place I work has under 100 people and a decent profit share scheme. I know everyone by name and at least say hello to the top management every day. A few uni friends work at similar places and have similar experiences.
And I am as anxious as anyone that a reasonable work environment is achieved, that people can celebrate in their workplace, work at their own speed in their own way, not feel constantly oppressed.. etc.
However, you also need the power to pull an employee up if they are taking unfair advantage of the rules, and if necessary sack them if they are causing unacceptable problems.
One additional line I have found useful is that an employee can use corporate services for non-corporate use so long as
it's legal
it's for the private use of employee
it's authorised by the line manager
it isn't excessive
it doesn't disturb the smooth running of the company or bring it into disrepute.
Note that sitting around with your feet up scanning slashdot when there is a visitor on the premises falls foul of the last of these. Thats why I have this shrunk to a very small window at the moment!
Rediculous concept if you ask me. You're being paid to work ... arguably as a University employee she is not being paid very much and what she does barely constitutes work :)
But in principle when you're at work you are not on their own time, you _belong_ to the employer while at the office.
Where does this stop? If my wife comes to the office at lunchtime can I insist my office mates give me some privacy and look the other way while we "get it on" on the floor of my cube?