Can the employer monitor, access, review the employee’s electronic communications?
According to the Portuguese Data Protection Authority, the employer may define the rules on the admitted private use of IT and communication means made available at the workplace and rules should form part of internal company regulations. In the workplace, surveillance cameras may be used to protect the safety of persons and goods or when the nature of the activity so requires. As with any other data processing activities, the employer, whilst acting as Controller in the processing of data regarding its employees, must fulfil the information duties set by the General Data Protection Regulation, as well as all other principles and duties resulting for the GDPR. Generally, the transfer of personal employee data outside the EEA can only happen when the country of destination ensures the same level of protection for the rights and freedoms of the individuals, in relation to the processing of their data, as the Member States of the EEA or if there is an adequacy decision from the Commission regarding the State which will receive the data.
Employee’s Use of Social Media to Disparage the Employer or Divulge Confidential Information
As a general rule, employees are entitled to privacy in personal and family life, including in the workplace. The use by the employees of social media communication means, cannot be used or monitored, when evaluating the employee. However, if the employee disparages or divulges confidential information of or relating to the employer, its business, its customers, or its employees, sanctions could be pursued for such behaviour.