Legality of using company smart phones to track employees

2 April 2012

It is well know that smart phones (Android, Iphone) have applications that were unthinkable before now. Smart phones given to employees such as salespeople enable the company to monitor their movements and track their location at all times.

As with private use of the telephone, there are evident dangers to privacy and the potential for data protection violations. This has been demonstrated on multiple occasions and highlighted by the media, especially as regards the monitoring and tracking that application service providers, such as Google, can undertake and the patterns of conduct and exhaustive user profiles that they can create with the compiled data.

For the challenges that these applications pose to privacy (and to compliance with the EU Data Protection Directive), European Data Protection Authorities issued an opinion on privacy incidents and risks involved with “Geolocation services on smart mobile devices” which contains a series of guidelines.

The risks to employee privacy lie in the fact that the system allows for constant monitoring of tracking data on devices that are intimately linked to a specific individual. The basic requirement and the fundamental principle for a legitimate handling of tracking data is prior, specific and informed consent from the user. Deviation from the intended, specific, and concrete use must also be avoided when using tracking data.

It is recommended that companies seek and document employee consent – advising by legal experts is fundamental – and, if possible, limit the scope of the consent by time and remind the user of same at least once a year. It is also of utmost importance that the device continuously advises that the geolocation function is activated, for example, by a permanently visible icon.

The opinion stresses that companies can only adopt this technology when they can demonstrate that it is needed for a legitimate purpose. In those cases where use is duly justified, companies should also opt for the least intrusive means, avoid constant monitoring, and inform employees on how to deactivate the monitoring device after work hours.

For further information, please contact Belén Arribas: