In the context of the exceptional measures approved by the Portuguese Government regarding the COVID-19 pandemic, the Portuguese Data Protection Authority (CNPD) has recently issued guidelines on the rules regarding remote control of employees on telework, and on the possibility of employers directly monitoring health data and risk-related behavior of employees.
Regarding telework, CNPD clarified that although employers keep their powers of direction and supervision over employees, it is not lawful to use means of remote surveillance (notably software) to monitor and record aspects such as performance, working hours, inactivity time, visited web pages, real-time location of a terminal, or the use of peripheral devices such as a mouse and keyboard.
Alternatively, employers may monitor employee activity by setting specific objectives, creating report obligations, and holding teleconference meetings.
However, recording working time must continue to be done by the employer in a telework scenario, either by using specific technology that registers the beginning and end of work (including breaks), or by requiring employees to inform the company by email, SMS, or phone of their working hours, within applicable legal limits.
Regarding the collection and recording of employee health data such as body temperature, or monitoring behaviors that may indicate a coronavirus infection, CNPD clarified that it cannot be done directly by the employer.
Such verification and recording may only be done by health authorities (such as occupational health professionals), or by the employees themselves through self-monitoring.