Employees are increasingly using their own devices in the workplace. The term “bring your own device” (BYOD) is used to describe the use of employees’ private devices for the benefit of an employer. But what are the legal risks?
Bring your own device
For financial reasons, many employers support the concept of employees using their own devices in the workplace. Through having a liberal BYOD policy, employers hope to gain from cost savings such as not having to invest in, run or service technical equipment.
BYOD and the risk to privacy
Berlin’s data protection commissioner, Alexander Dix, warned of the risks of BYOD policies in a report published in 2012.
Through the use of private devices in the workplace, there is an increased likelihood of viruses and Trojans spreading easily through employers’ networks. If this happens, it is generally the employer who is liable for any damage caused to a third party.
BYOD also carries privacy problems. As employees own their devices but employers own the data which is stored on them, conflicts could arise as to what data an employee should delete and when, and who is responsible for taking steps to solve technical defects when they occur. There is also the question of whether an employer is entitled to access and examine employee private devices.
To avoid the legal risks surrounding BYOD policies, and as there is currently no legal framework governing such activities, employers and employees should sign an agreement regulating the use of private devices in the workplace.
To avoid privacy problems, it is advisable for all parties to sign a declaration of consent, ensuring the staff committee is involved in the negotiations.
Such a declaration could regulate when certain data should be deleted, what rights an employer has to access and examine an employee’s device and who is responsible for the running costs of the private device when it is used for business purposes.