Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Court Rules Bosses Can't Use Keyboard-Tracking Software To Spy On Workers (thelocal.de)

Posted by BeauHD on from the every-move-you-make dept.

An anonymous reader quotes a report from The Local: The Federal Labour Court ruled on Thursday that evidence collected by a company through keystroke-tracking software could not be used to fire an employee, explaining that such surveillance violates workers' personal rights. The complainant had been working as a web developer at a media agency in North Rhine-Westphalia since 2011 when the company sent an email out in April 2015 explaining that employees' complete "internet traffic" and use of the company computer systems would be logged and permanently saved. Company policy forbade private use of the computers. The firm then installed keylogger software on company PCs to monitor keyboard strokes and regularly take screenshots. Less than a month later, the complainant was called in to speak with his boss about what the company had discovered through the spying software. Based on their findings, they accused him of working for another company while at work, and of developing a computer game for them. [...] So the programmer took his case to court, arguing that the evidence used against him had been collected illegally. The Federal Labour Court agreed with this argument, stating in the ruling that the keylogger software was an unlawful way to control employees. The judges added that using such software could be legitimate if there was a concrete suspicion beforehand of a criminal offense or serious breach of work duties.

52 of 72 comments (clear)

  1. if only we had an Federal Labour Court or union us by Joe_Dragon · · Score: 1

    if only we had an Federal Labour Court or union in the usa.

    Dam the EU is so nice. Over time cap / better workers rights and healthcare not tied to jobs.

  2. TL;DR version by war4peace · · Score: 4, Interesting

    1. Company A used blanket monitoring software on its employees' machines;
    2. Employee was caught by above-mentioned software working for another company while at work at company A;
    3. Employee argues proof gathered was gathered illegally.
    4. Court agrees with employee.

    Outcome might have been differently if company A would only have monitored suspected employees instead of all of them.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    1. Re:TL;DR version by war4peace · · Score: 1

      Outcome might have been *different.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:TL;DR version by Anonymous Coward · · Score: 2, Insightful

      Your opinion is irrelevant. This is about law. Internal regulations are never above law. In Europe, you have a right to privacy even during working hours. In this context, employers are not allowed to forbid personal commodity hardware (personal computer, personal phone, ... Not talking about servers, generic mailbox, functional mailbox or anything not specifically assigned to you ) to be reasonably used for private matter. And consequently, they are not allowed to eavesdrop all your communications.

    3. Re:TL;DR version by Anonymous Coward · · Score: 2, Insightful

      Bullshit. If there was any fairness in industrial regulation it would be illegal for the business to demand such a thing. You certainly don't see that kind of nonsense in industries where there is low unemployment or workers have any kind of power. Workers are humans, not automations. It's simply not possible to avoid all personal use when you have been assigned a general purpose machine and you are forced to use all day. It's abusive.

      And aside from the moral dimension, it is simply stupid. The only outcome that ever arises from restricting what your employees can do and monitoring them round the clock is *reduced* productivity, not to mention ending up with employees who feel they don't owe you shit if not actively sabotaging the operation. They teach you this in business school for fucks sake.

      This company doesn't deserve employees.

    4. Re:TL;DR version by thegarbz · · Score: 1

      Outcome might have been differently if company A would only have monitored suspected employees instead of all of them.

      Not in Germany no. Frankly this won't be the end of it. Expect to hear about huge fines dished out to the company for this. The Germans have workplace privacy dialled up to 11. It is hard enough to capture working metrics on equipment that involves a person operating it if it is possible to link it to a person. e.g. "Alarm at 10:31am, Operator acknowledged alarm at 10:32am" if you have a record of who the operator of the equipment was you damn well better not be capturing the alarm information.

      The guys running this company must be really stupid. ... Or not German + clueless.

    5. Re:TL;DR version by Anonymous+Brave+Guy · · Score: 1

      On the other hand, you are also typically expected as part of an employment contract to do your job and not to collect a salary from your employer and use their resources but actually be working for someone else. Obviously there are serious privacy concerns with the kind of mass surveillance used here, but let's not pretend the employee was somehow making reasonable personal use of the equipment either.

      Also, you're generalizing as if the law is the same on this issue across all of Europe. It's not.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    6. Re:TL;DR version by Anonymous+Brave+Guy · · Score: 1

      It's simply not possible to avoid all personal use when you have been assigned a general purpose machine and you are forced to use all day.

      Of course it is. How do you think the many millions of people whose jobs do not involve sitting at a desk and using a computer at all manage, or those who do work on a PC but with limited access because it's locked down for security reasons? This isn't nearly as clear-cut an ethical issue as you're making out.

      The only outcome that ever arises from restricting what your employees can do and monitoring them round the clock is *reduced* productivity

      Reduced productivity compared to them taking your money, using your gear, but doing work for someone else entirely?

      The employer might have gone about this the wrong way, and apparently they paid for that when their day in court came, but I suspect your hypothetical business school would have a few words to say about how the employer should deal with employees who are flagrantly abusing their position as well.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    7. Re:TL;DR version by hey! · · Score: 1

      What the rule really needs to be is no spying on workers unless there's something to find. Of course if you knew there's something to find, there'd be no reason to spy on workers.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    8. Re:TL;DR version by rtb61 · · Score: 1, Interesting

      The claim was not about whether or not the worker was doing their assigned work but what they were also doing. So you do not punch you workers in the mouth when they chat with other non-productively if they are completing their work assignment. So in this instance they could have been firing their most productive worker, one who can finish his work load far faster than the other workers and thus had lots of spare time, which they then filled. So companies go nuts on idle time, must get profit out of worker 24/7/365, to the companies own detriment. Always watch for far more productive workers who seem to be doing not much, compared to unproductive workers who are always busy. The worker likely sued because they knew they were completely all required tasks and that they were far more productive than their fellow staffers, every right to be pissed off (although he would have been smarter to get away from salaried and move to contractor).

      --
      Chaos - everything, everywhere, everywhen
    9. Re:TL;DR version by Tom · · Score: 4, Insightful

      That is not entirely true.

      Keeping human dignity intact at the workplace is great in Germany, but that doesn't mean that there are not ways to do it. In larger companies, where you have a workers council, getting their agreement is one way to do it. In all companies, having a suspicion and acting on it instead of doing some kind of Big Brother mass surveilance will most likely not get thrown out in court.

      What we in Germany don't like is treating workers as hamsters in a lab and recording every little thing they do just because you can.

      --
      Assorted stuff I do sometimes: Lemuria.org
    10. Re:TL;DR version by Carewolf · · Score: 1

      Who cares if the evidence was collected illegally, this is not the US, so facts aren't arbitrarily ignored or thrown. and even if it was the US, a company isn't the police.

    11. Re:TL;DR version by houghi · · Score: 3, Informative

      Same in Belgium. First you need to inform the employees what you intend to do and why. e.g. recording calls from customers MUST be recorded. It also means that you not only must inform the customer, but also the employee.
      You can do screenshots and even complete recordings of the screen, but only during the conversation with the customer. And again the employee must be informed with that and even needs to give his OK. Yes, I have had people who refused. Those people did not last long and that had nothing to do with the fact they refused. It was just not a the right job for both of them.

      There are also serious restrictions on filming employees.

      I believe that this all comes because Europe and the US see privacy in a different thing.
      In the US everything is public, unless it is private. In the EU everything is private, unless it is public.
      This is obviously not 100%. You could compare it a bit with opt-in vs. opt-out.

      That means that even in a public place you will have some sort of right on privacy. Your data belongs to you and can not just be sold to others.

      If a friend asks for my phone number at a third mutual friend, they will not just give it. They will ask me permission to give it.
      That means that my N+1 has my phone number, but not HR. There is no need for them to have it.

      So it is very different from what would be standard in the US.

      --
      Don't fight for your country, if your country does not fight for you.
    12. Re:TL;DR version by fazig · · Score: 1

      I'd argue that the vast majority of people still has access to some kind of phone. May it be their private cellular type phone, or a business cellular/landline phone at the work place. Employers aren't easily allowed to eavesdrop on conversations carried out by those devices.

      With the other paragraph you're using a red herring. The main problem here is how that corporation obtained their evidence. The employee can still be guilty of what they did, it's just that the evidence the company collected can't be used in a court of law. The privacy laws here state that you can't simply treat everyone as a suspect and subject them to blanket surveillance in the hopes to catch someone doing something illegal. By doing this you violate the individual rights of all other employees. Here the measures taken are out of proportion, they don't fulfil the requirements for 'necessity', so the ends don't justify the means here. For pretty much the same reasons all attempts at mass surveillance by the government were shot down by the courts as being unconstitutional.

    13. Re:TL;DR version by ScentCone · · Score: 2

      The problem is that this should never even have COME to a court. The employee is using the employer's time, bandwidth, and equipment and collecting a paycheck from them while actually doing work for another company, presumably also being paid for that. Court? There's no court needed to simply fire someone that's abusing their trusted position. You abused your job here, and we're not going to pay you any more, goodbye. Why does a court need to get involved in that private matter between two parties? The employee can quit when they want to, and so can the employer.

      --
      Don't disappoint your bird dog. Go to the range.
    14. Re:TL;DR version by fazig · · Score: 1

      Yes, the corporation could have handled the situation in a way more elaborate manner.
      Even with Germany's rather strict employee protection laws a corporation can almost always find a valid reason to fire their employees if they don't do it without prior notice. I mean 'have to let some people go' because of a tight financial situation always seems to work, no matter how the actual situation is. So the real issue here is that they were pretty honest with their employee and stated the exact reasons for doing this. They probably did so without having had some legal counselling, which may have told them that being overly honest equals liability in these cases.

    15. Re:TL;DR version by gnick · · Score: 1

      ...their most productive worker, one who can finish his work load far faster than the other workers and thus had lots of spare time...

      At your job, finishing early means you get "lots of spare time"? At my job, it would mean an increased work-load. If that wasn't available, it might mean reduced hours. I take breaks throughout the day and do things like check the news or post to slashdot (posting to slashdot is probably pushing things). But my boss would be unhappy if I had "lots of spare time," even if I showed good results.

      Not all jobs are the same.

      --
      He's getting rather old, but he's a good mouse.
    16. Re:TL;DR version by Neuronwelder · · Score: 1

      Go Germany! Humane treatment!! Maybe the US could learn something.

    17. Re:TL;DR version by thegarbz · · Score: 1

      where you have a workers council, getting their agreement

      Ahhh I see what you did there. No man I'm not playing your silly game. I'd rather dedicate my time to something with a higher success rate, like finding the last surviving unicorn.

    18. Re:TL;DR version by houghi · · Score: 1

      The German courts care. The people care and the Unions care.
      I would LOVE if they fired me over legit evidence that was collected illegally. No more working for the rest of my life and the company pays. It would become pretty expensive for them and all I have to do is sit at home and collect.

      And I am talking about evidence they find against me that I admitted to have done. Because that would mean the evidence could not be used in any way.

      --
      Don't fight for your country, if your country does not fight for you.
    19. Re:TL;DR version by Carewolf · · Score: 1

      Only in punishing the person illegally collecting the evidence. It is not the US, evidence is evidence, it is not ignored unless it is untrustworthy or false.

    20. Re:TL;DR version by Tom · · Score: 1

      Argued like a real pro from a sample size of what, may I ask? One?

      There are some dick-headed workers councils that don't see beyond their class-warfare politics. There are some worthless councils that say "yes, master" to everything the company wants. There are some fantastic councils who manage the balance between protecting employee rights and being pragmatic with the needs of the company. Most councils fall somewhere inbetween these extremes.

      --
      Assorted stuff I do sometimes: Lemuria.org
    21. Re:TL;DR version by Tom · · Score: 1

      Please. Name one country on this earth that doesn't have its own history of genocide, warfare, witchhunts or other barbarism.

      --
      Assorted stuff I do sometimes: Lemuria.org
    22. Re:TL;DR version by thegarbz · · Score: 1

      Argued like a real pro from a sample size of what, may I ask? One?

      Not argued, just being slightly facetious. You summarised it quite well, there's workers councils across the spectrum. I just happen to deal with the class warfare political side in our German plants, but it's likely due to the class of people (protection of the working class) and the history (chequered ownership with joint ventures from foreign companies).

    23. Re:TL;DR version by Tom · · Score: 1

      These guys are typically problematic.

      My former HR boss is consulting in this field. I work with him sometimes. If you need professional support, I can set you up (my schedule is full, but I think he can fit a couple days in).

      --
      Assorted stuff I do sometimes: Lemuria.org
    24. Re:TL;DR version by rtb61 · · Score: 1

      Dude all bosses are the same, regardless of the job. You are not working for them, you are sucking up their profits. You do not earn money for the, you are a parasite sucking away their money. Generally speaking, you want to soundly manage your working life, work for yourself, don't work for someone else. I can only think all that craps enters their head because of guilt, stealing the bulk of your labour, as well as the labour of your coworkers to feed the bosses greed. You can most definitely get fired for being too good at your job (from the boss noticing not being busy enough all of the time to the other workers plotting together to get rid of you because you are making them look bad).

      --
      Chaos - everything, everywhere, everywhen
  3. Re:Welp by Nutria · · Score: 1

    But one screen of code looks pretty much like any other, especially to managers.

    --
    "I don't know, therefore Aliens" Wafflebox1
  4. Rogue Engineers by Anonymous Coward · · Score: 1, Funny

    How else is Volkswagen supposed to catch those 'rogue engineers' who programmed cheats into the control systems of diesel powered cars?

  5. Re:Welp by Captain+Splendid · · Score: 1

    Gutting and cleaning your catch on top of your TPS reports is a dead giveaway though.

    --
    Linux, you magnificent bastard, I read the fucking manual!
  6. Who here had too much time on their hands? by Arzaboa · · Score: 2, Insightful

    Sounds like the manager had way too much time on their hands.

    Sounds like the employee had way too much time on their hands.

    Looks like "upper-management" needs to focus on real worries, like getting more business or making the job more fulfilling. Clearly the employee was bored and wasn't one that was going to sit on their hands and do nothing while they still had a brain to use.

    It appears this could have been handled very differently by all parties involved.

    When office life turns into cops and robbers, no one is winning and it speaks to bigger issues.

  7. Special EU rules for other data as well. by Anonymous Coward · · Score: 1, Interesting

    In this case the company installed software for the specific purpose of monitoring employees, but special rules also apply in the EU for routinely collected data that can be used to make inferences about peoples' work.

    Some of the commercial applications I administrate for my company automatically log whenever a user starts or stops the application. Those logs can be used somewhat to track how people spend their time at work.

    For US based employees we routinely publish usage summaries to help manage our software resources.

    For EU based employees our legal department has advised be the usage data is confidential and cannot be shared with management without violating EU privacy laws.

    1. Re:Special EU rules for other data as well. by stephanruby · · Score: 1

      For EU based employees our legal department has advised be the usage data is confidential and cannot be shared with management without violating EU privacy laws.

      No, I doubt that's what they said.

      What your legal department probably told you instead was to anonymize the data and create reports using aggregates where possible. And where it wasn't possible, because the identity of the user(s) could be inferred, then yes, do not share that data with management.

  8. Re:Welp by Anonymous Coward · · Score: 2, Interesting

    I used to be the manager of 84 people. I mostly knew what my people were doing. I even knew some were working on side jobs during their official working hours. They did not even hide this to me. We talked about. But these people were also the best one I got. They were the only one able to deliver, even off hours when it mattered.

      If do not create a trustworthy relationship, breaking news, people are very imaginative to hide from you. And like most thing, people gets addict to hiding, and soon you are a manager having not a clue what is going on in your team. Well done, now you are learning everything when it is too late: projects failures...

  9. CEO keylogger by MobyDisk · · Score: 1

    Did they have a keylogger on the CEOs computer? That could be a can of worms.

  10. Re:Make all workers sign a Contract... by Anonymous Coward · · Score: 4, Insightful

    Europe abolished slavery long time ago: no contract can override the laws. What you propose is totally illegal. You have a right to a reasonable privacy even at work. You have the right to call your wife on the work phone to say you will be late or to call to cancel a prostate testing, and doing that without your boss or anybody eavesdropping.

    Only a terminally ill society allow this kind of shit.

  11. Re:if only we had an Federal Labour Court or union by Anonymous Coward · · Score: 2, Interesting

    Europe is far from a paradise. But on this account you are right: employment and slavery are very distinct matters in EU.

  12. Re:Welp by F.Ultra · · Score: 1

    I remember that there where one game on either C64 or Spectrum where you could press a "the boss is coming" key which would present a fake spreadsheet page :). Don't remember which game it was though.

  13. Keyboard tracking by wonkey_monkey · · Score: 4, Funny

    German Court Rules Bosses Can't Use Keyboard-Tracking

    Keyboard tracking?

    09:00 Keyboard is on desk
    09:01 Keyboard is on desk
    09:02 ...

    Well, you get the idea with that.

    --
    systemd is Roko's Basilisk.
  14. Re:Welp by slew · · Score: 2

    I remember that there where one game on either C64 or Spectrum where you could press a "the boss is coming" key which would present a fake spreadsheet page :). Don't remember which game it was though.

    I remember the game GATO had a fake spreadsheet when you hit the DELETE key...

    Then of course, there was the reverse. Office 97, had a couple easter-egg games. Excel had a flight-simulator and Word had a pinball game...

  15. Re:Welp by F.Ultra · · Score: 1

    Just love that GATO have a morse code table in the manual, these days if a game does not have a GPS style map so you don't have to keep track of your bearing yourself gamers freak out.

  16. Can the West Coast join the EU? by WillAffleckUW · · Score: 1

    Asking for a friend.

    --
    -- Tigger warning: This post may contain tiggers! --
  17. Re:Make all workers sign a Contract... by Anonymous Coward · · Score: 2, Insightful

    The Germans are a bit more sensitive to surveillance by power (state or corporations). They have a few people still alive who remember what happens when it all turns to shit.

    The law there is very specific. it is functionally equivalent to the US restrictions on government. sure they can monitor, but they need cause first. no blanket drag nets.

  18. How would this play out anywhere else? by blindseer · · Score: 1

    That's how Germany does this but how might this go over in some other part of the world? In a place like China or North Korea I can see a manager doing this but since the government owns everything that's just life in a dictatorship. What about free parts of the world where people are free to work and live where they like?

    I've heard of places with union rules that prevent such monitoring. That might not stop the practice but it does require being quiet about it. Places where people work on government contracts might have some pretty heavy handed rules on monitoring computer use, but protecting lives when dealing with potential data leaks is different than just finding out if a code monkey is goofing off.

    Some of this employee monitoring is getting out of hand and cheap electronics is making this possible. A "first world" problem I guess. Sometimes people just need to be able to stare at the ceiling for a bit to think, or make a few quick phone calls. Allowing employees to bullshit when things get tense, boring, or just because, helps with morale.

    I suspect this guy isn't being honest about how long he's spent away from his work while on the job. I still don't care if the company got slapped about for logging every keystroke. Maybe instead of taking screenshots of his computer screen they should have managers that, you know, manage those under their charge.

    --
    I am armed because I am free. I am free because I am armed.
  19. my cisco story by Anonymous Coward · · Score: 5, Interesting

    I worked for cisco a long time ago and have a friend who's been there almost from the very beginning. he moved to europe and stayed with cisco. he told me a story. it goes like this:

    in the US, cisco installs spyware on EVERY pc laptop (along with fake certs that allow them a MitM access to their pseudo encrypted network i/o). in the US, cisco does not tell their employees this, exactly; they just say 'they have the right to monitor employees' but they don't say anything more than that and most cisco employees (the younger ones, at least) are kept ignorant. I saw them reading personal email on work systems, etc etc. really stupid!

    in europe, cisco is FORCED to tell employees much more detail about their spying and keylogging. it was via this route (lol) that I found how what cisco is really up to. the guys in holland, germany (etc) know they are being monitored (to the extent that its legal) but in the US, employees are kept in the dark.

    note, this is not about cisco; its probably EVERY large corp in the US. the point is: the US is too business-friendly and consumer/employee hostile. overseas, its much more balanced. they have more rights over there, in general, and companies don't OWN their fucking asses like they do here.

    folks, be careful if you work for a large corp in the US. you have been spied on, data logged and MitM'd. and likely, you had no idea, either, since no one told you (for certain).

  20. Re:Make all workers sign a Contract... by hey! · · Score: 2

    It'd be interesting to know whether such a contract would be legal under EU law, which (unlike US law) explicitly recognizes a fundamental right to individual privacy.

    If you look into privacy cases, you'll see that expectation of privacy is an important factor. If you are going to monitor your employees' keystrokes, the only way it could possibly be reasonable is if you're up front about it. That way they know that the pissed-off email they draft but never send (a bad idea in any case) will still be read by the boss.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  21. Re:if only we had an Federal Labour Court or union by jandersen · · Score: 2

    Dam the EU is so nice. Over time cap / better workers rights and healthcare not tied to jobs.

    Somewhat startlingly, these are among the very reasons that some wanted UK to leave EU. They call it "taking back control", but things like this are what has irked a lot of the anti-Europeans in the Conservative party.

  22. Depends by nospam007 · · Score: 2

    I was a railway dispatcher before retirement and all my keystrokes were logged by law, (ESTW) because otherwise nobody would have known which actions were triggered when by whom, in case of an accident. Also all my communications, phone, radio etc were recorded as well.

    For air traffic controllers it's the same thing.

  23. Re:Make all workers sign a Contract... by Shinobi · · Score: 1

    Correction: They have a LOT of people still alive who remember what happens when it all turns to shit. Don't forget about DDR(east Germany).

  24. Funny.. by SuperDre · · Score: 1

    The man went to court for being fired based on the tracking software, and won, but he didn't dismiss working on a game for another company during working there.. That's his biggest mistake... Now the company can claim ownership over the code he wrote for the game, as they can claim the code was written while working for the company (doesn't even really matter if it was in his free time (unless his job entailed something completely different like being a busdriver for the company).
    As an employee you should make sure it's laid down in you contract what happens to stuff you create in your own free time (so a software developer developing software, or a hardware engineer creating hardware), otherwise if you have a crap boss your project might belong to the company (as it's perfectly feasible you were thinking and even developing it on company time).
    But in this case the company just fired him because of it, he should have left it with that, as if I was the boss after being taken to court over his dismissal, I would be going after him for what he was developing during being in the service of my company as I would have every right to it as he even admitted to developing it during working hours in my company.

    1. Re:Funny.. by Wulf2k · · Score: 1

      "We're ignoring your proof" would be the answer they got if they tried that. ...Exactly like what happened here.

    2. Re:Funny.. by SuperDre · · Score: 1

      That's a completely different case. It doesn't even really matter if the code was written during his free time. As I said, you have to make damn sure your contract has these things covered, but most contracts don't as developers don't even think about this possibility until it happens to them.
      He couldn't be fired because of the method they used to find out he did work for another company during office hours, but they certainly can use it to proof he did work on other companies software during his time at the company, at least they can use it to help them investigate it.

  25. Re:Make all workers sign a Contract... by Dragonslicer · · Score: 1

    Designate ALL internal documents as "TRADE SECRETS" and the Contract/NDA/NoCompete is then not only legitimate, but required by law!

    You might want to check with a lawyer on this one. If it ever comes to a courtroom, the judge is not going to look kindly on a company that claims trade secret protection for things that clearly are not trade secrets.