> It is allowed, contrary to eg the EU, where this is not allowed.
Its allows in most of the EU apart from germany where there are strict limits.
however you can still record what your users are doing for purposes of detecting fraud. This is where it differs from the USA, where they can do anything because they have no data protection laws.
Please read the current legislation for Germany. Allowing you private use of company internet access classifies your employer as a telecom provider which then require additional safeguards etc. No employer wants this which is why personal internet use is generally not allowed and misuse is grounds for termination without notice. So is the use of private equipment. Restriced monitoring is allowed, very detailled or systematic monitoring is not.
WOuld it be too much to ask for you to dig a little deeper in to what the law allows?
An employer am allowed to record all your actions for the purposes of detecting fraud and or illegal activity. The method or recording and the way the employer stores and allows access to that recording must be "reasonable"
For example if you are using slack, gchat or teams, all your conversations are logged in the compliance system. Every action you make in m365 is also logged. AWS actions are also logged if you have cloud trail enabled
All you emails are also recorded and stored for n years.
If you have zscaler or some other threat detection system every site that you visit will be recorded. The anti phishing plugin you have will also log what sites you are looking at. Theses are not automatically illegal, its how the data is stored and processed that determines the illegality.
Now, lets get to meta. As part of their leaking detection system, in about 2024 they started routinely taking screenshots of all users every n minutes. One could argue that it wasn't proportionate. However for holland, france and germany, the workers councils should have been informed.
The thing that was illegal was the covert nature, or at least not explicitly telling employees that they were taking screenshots. not the screenshots themselves.
For the AAI bullshit that meta are pushing, again depending on how its done its not necessarily against the various EU/UK data protection laws to record the data. Where it gets interesting is how and where the data is processed later on.
To blindly say that "EU says it can't happen" is far too simplistic and not accurate to say the least.
so long as you do a DPIA, and in germany, holland and france you talk to the workers council its fair game[1].
The reason why I assert this is that we have been forced to re-make a bunch of policies around products that have AI components. Claude was a pain because everything is recorded and stored in the compliance API. WE needed to get outside legal advice specifically for that part.
[1] with caveats. Germany you need to make sure that you are not "spying" on private usage. Which is a massive pain to define.
Its allows in most of the EU apart from germany where there are strict limits.
however you can still record what your users are doing for purposes of detecting fraud. This is where it differs from the USA, where they can do anything because they have no data protection laws.