New Ways of Working

Explore and keep track of key legal and compliance considerations for multinational employers as new ways of working become increasingly embedded as the pandemic begins to recede. Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

02. Outline the key data protection risks associated with remote working in your jurisdiction.

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Employers must ensure the protection of their company’s data but also of employees’ data.

According to article L. 1222-10 of the French labour code, the employer must inform the teleworking employee of the company's rules regarding data protection and any restrictions on the use of computer equipment or tools. Once informed, the employee must respect these rules.

The collective national agreement of 26 November 2020, provides more details in article 3.1.4. It is the employer's responsibility to take necessary measures to protect the personal data of a teleworking employee and the data of anyone else the employee processes during their activity, in compliance with the GDPR of 27 April 2016 and the rulings of the National Commission for Technology and Civil Liberties (the CNIL).

The CNIL said in its 12 November 2020 Q&A on teleworking that employers are responsible for the security of their company's personal data, including when they are stored on terminals over which they do not have physical or legal control (eg, employee's personal computer) but whose use they have authorised to access the company's IT resources.

The National Agreement of 26 November 2020 recommends three practices:

  • the establishment of minimum instructions to be respected in teleworking, and the communication of this document to all employees;
  • providing employees with a list of communication and collaborative work tools appropriate for teleworking, which guarantee the confidentiality of discussions and shared data; and
  • the possibility of setting up protocols that guarantee confidentiality and authentication of the recipient server for all communications.
Last updated on 21/09/2021

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Until the pandemic, teleworking was used rather infrequently, and most Portuguese employers were not prepared – namely in terms of technology and data storage – to suddenly have their workforce almost entirely and permanently working from home or remotely.

For those reasons, teleworking mainly raised – and continues to raise – concerns regarding the employer’s capacity to ensure that information is protected and that it stays confidential despite being remotely accessed and processed. Remote working enhances security vulnerabilities, which can lead to data breaches.

We would also like to highlight the use of technological solutions that, on one hand, allow employers to exercise their powers of management and control over work performance, but that, on the other, do not violate the general rule prohibiting the use of remote surveillance to control employees' professional performances, or that do not cause excessive restrictions on employees’ private lives.

Last updated on 13/07/2022

03. What are the limits on employer monitoring of worker activity in the context of a remote-working arrangement and what other factors should employers bear in mind when monitoring worker activity remotely?

03. What are the limits on employer monitoring of worker activity in the context of a remote-working arrangement and what other factors should employers bear in mind when monitoring worker activity remotely?

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

The rules for monitoring employees do not differ between teleworkers and office workers. Thus, like any employee, teleworkers must be informed in advance of the methods and techniques used to monitor his or her activity (article L. 1222-3 of the labour code).

The implementation of a device allowing the control of the employee's working time must be justified by the nature of the task to be performed and proportionate to the purpose (National Agreement of 26 November 2020).

The CNIL said in a Q/A on 12 November 2020 that the devices used to monitor employees’ activity must not be aimed at trapping employees and cannot lead to permanent surveillance of employees. Thus, audio or video devices, permanent screen-sharing or keyloggers must not be implemented.

If the employer exercises excessive surveillance on his employee, it may receive a financial penalty.

Finally, the CNIL advises employers to prioritise monitoring the completion of missions by setting objectives rather than monitoring the working time or the daily activity of employees.

Last updated on 21/09/2021

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

In terms of privacy, the teleworking regime establishes that employers must respect employees’ privacy and time with their families, as well as provide them with good working conditions, both physically and psychologically. This was made even clearer with the new teleworking law.

Whenever remote working is carried out at an employee's home, visiting the workplace should only be necessary to check work performance or equipment and can only take place during the employees’ working hours, in the presence of the employee or a person designated by the employee, with prior notice of at least 24 hours and the employee’s consent.

Regarding limits on employers monitoring employee activity, the Portuguese Labour Code prohibits the use of remote surveillance in the workplace to monitor the professional performance of employees.

Especially during the pandemic, when remote working and teleworking, in particular, were normalised, concerns arose regarding the limits of monitoring and how to adequately safeguard employees’ privacy.

On 17 April 2020, the National Data Protection Commission (CNPD) issued guidelines on remote control during teleworking, especially the need for monitoring working time and the fact that, in several companies, employees were using their own devices to work.

In these guidelines, the National Data Protection Commission clarified that, regardless of who owns the work equipment, under the teleworking regime employers retain powers to direct and control the execution of work by employees. However, since there are no special provisions on remote control during teleworking, the National Data Protection Commission believes that the general rule prohibiting the use of remote surveillance fully applies.

Therefore, technological solutions for remote monitoring of employee performance are not allowed. For example, software that, in addition to tracking working times, records websites visited; tracks equipment locations in real-time; monitors the use of peripheral devices; captures screenshots; records when access to applications is initiated; controls the document being worked on; or records the time spent on each task are all prohibited.

Please note that, during the pandemic, when remote working was most widespread, the National Data Protection Commission and Trade Unions reported a significant increase in employees’ complaints about illegal monitoring taking place.

Also, since Portuguese labour law imposes an obligation to register working time (eg, start, pauses, end of work time), in teleworking this can be done through technological solutions. Applications specially designed for this purpose are allowed provided data protection principles are respected.

Concerns regarding these technological solutions were partially addressed by the new teleworking law, which states that when controlling the performance, the employer must respect the principles of proportionality and transparency, notably the employer cannot impose a permanent connection on employees through image or sound.  Also, it is forbidden to capture and use images, sound, keystrokes, browsing history, or other information that may affect the employee's right to privacy.

Last updated on 13/07/2022

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

10. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

Flag / Icon

France

  • at Proskauer Rose
  • at Proskauer Rose
  • at Proskauer Rose

Please see above (questions 8 and 9) regarding the workplaces and specific industries concerned by making the access to the workplace conditional on individuals having received a Covid-19 vaccination.

Last updated on 21/09/2021

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

No, there are not.

Last updated on 13/07/2022