Posted on August 28, 2015 at 7:40 p.m.Updated Sep 30, 2015, 10:45 a.m.
A “reasonable” use
In fact, the vast majority of companies practice tolerance on the use of the Internet at work. The National Commission for Informatics and Liberties (CNIL) sums it up as follows: “the use of these tools (…) must remain reasonable and must not affect network security or the productivity of the company”. And if the connection time exceeds this “reasonable”, the employee concerned risks dismissal for misconduct. This duration is not clearly established in the labor code, therefore, only case law serves as a legal basis. Justice considered that one hour of non-professional connection over a 30-hour week does not constitute grounds for dismissal; 41 hours over 1 month, yes.
Differentiate the professional from the staff
In addition to the question of time spent on social networks, personal messaging or various sites when you are at your workstation, there is also the question of the content consulted. It should be known that consulting illegal sites (pedophilia, incitement to terrorism, etc.) engages the criminal liability of the employee but also that of the employer.
Without reaching that point, the latter has every right to take cognizance of the connection data in his company, except those which are personal. The employees are then protected by the Penal Code (articles L226-15 and L432-9) which stipulates that “the employer must respect the secrecy of private correspondence”, including therefore with regard to electronic messaging. That said, it is up to the employee to identify what is personal, for example by mentioning it in the subject of his messages or by creating a “personal” file on his professional computer station.
The employer can put conditions
Because yes, the employer has every right to ask for the password of a computer and to consult the professional data, if only to ensure the continuity of the activity of the company. He has just as much the right to restrict access to the Internet and to set up tools such as control software, archiving of connection data or even systematic analysis of email attachments, under certain conditions. however.
He must first consult the works council (or staff representatives), make a declaration to this effect to the CNIL and inform his employees on various points: the objective of the system put in place, the retention period of the data … A written document must, moreover, specify that the consultation of these data could be used for a possible disciplinary procedure.
Between “residual privacy” to which every employee is entitled at his place of work and the employer's obligations to protect his company as well as to ensure its productivity, good practices can perfectly be concretized by a charter which clearly establishes the conditions of employment. the use of the internet in the company.