• merari42@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    2 months ago

    Highly illegal in the EU. Also highly stupid everywhere else. The big question is “How secure is your user espionage system and can an outsider get acces?”. The data from something like this is a social engineering goldmine.

    • Jolteon@lemmy.zip
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      I mean, a lot of the places people say stuff like that our government-related jobs, where the emails and internal DMs are recorded as public record. This isn’t as much of an issue in that case.

      • merari42@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        Yeah but people are highly aware of it and there is even a disclaimer in Email Signatures that everything is tracked. If you are dealing with government ministries in European countries some of the (unofficial) information exchange is done without written record, either at in-person conferences or even through non-work phones.

    • SorteKanin@feddit.dk
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Highly illegal in the EU.

      Source? I’ve signed contracts before that includes clauses saying they can basically read my work email whenever they want.

      Screen and web history sounds pretty illegal though, but would love to hear what law that is.

      • merari42@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        Under the GDPR, employers in the EU can only monitor employees’ work emails if it is necessary, proportionate, and serves a legitimate purpose, such as ensuring compliance or security. Employees must be informed about the monitoring in advance, and clear policies should be in place to respect transparency and consent requirements. Any monitoring must also balance the employer’s business interests with the employees’ right to privacy, ensuring minimal intrusion. Some countries like Germany have really strict interpretations of how to apply the GDPR here.