The personal use of tools can be exceptional for some employees (personal emergency to be treated for example) but for others, it is daily. According to a study published by Olfeo in 2016, French employees spend 1h15 per day, or one month per year, using the Internet for personal purposes (Facebook, Youtube, Le Bon Coin, travel sites, etc.) which leads to a decrease in productivity of 17.6%. Is personal use of the work computer permitted? Can the employer control the activity of his employees? What are the sanctions that can be applied?
Is Personal Use Of The Work Computer Permitted?
Generally, the IT charters put in place by companies mention that personal use of the Internet is tolerated, provided of course that it is not abusive. The CNIL indicates that it must be reasonable, but no time limit is specified. It is essential that personal use does not compromise network security, employee productivity and the smooth running of the business. If there is no IT charter , files, emails and SMS are considered personal, despite the use of company equipment. In any case, it is better to use your personal equipment.
Control Of Employee Activity
The employer can monitor the browsing history (it can be recovered even if it is deleted), messages and files of its employees. Receipt in automatic copy of messages sent or received from employees, keyloggers allowing remote recording of actions performed on a computer and the conservation of connection logs older than 6 months are prohibited.
In addition, employees must be informed of the control systems put in place and the retention period of data by means of an IT charter. To be valid, staff representatives must first give their opinion on it. Then, it must be sent to each employee and made available in the workplace, on the intranet for example. The employer must ensure that all employees are aware of it. A copy of the charter is filed with the registry of the industrial tribunal and two copies are sent to the labor inspectorate.
In addition, if an individual control system for employees is put in place, the CNIL must be informed or a data protection officer must be appointed.
Purpose Of The Control
The employer can monitor and limit the use of internet and messaging. Site filtering devices, virus detection, tools for measuring the frequency of message sending, spam filters, access during certain hours, prohibitions on downloading software or using personal equipment to the site may be set up. within the company… Moreover, 64% of companies have chosen to set up access controls and filters to prevent their employees from going on social networks . It is necessary to prevent them, as well as the CNIL. The purpose of the control is to ensure the security of the networks and to limit abusive personal use.
Refusal Of Control
An employee cannot refuse control of the company if it judges that an imminent risk exists. The employee can be ordered to open documents, even personal ones, in the event of suspicion. In case of refusal, a legal procedure can be put in place to oblige it.