In January 2002, the Danish Government IT Security Council issued guidelines on policymaking with regard to employees’ use of e-mail and the Internet at the workplace. The guidelines are directed at private corporations and public authorities and are intended as a source of inspiration when drafting policies. The guidelines are only issued in Danish, however Qvist · Stanbrook and other law firms in Denmark may provide an English version of a checklist based on the guidelines.

The guidelines bring into focus a variety of questions, f. ex. whether it should be allowed to use e-mail and the Internet for private use at the workplace; how should the use of e-mail and the Internet be controlled in general; should the workplace implement a security system; how should the procedures be in receiving and sending e-mails; and how should entering of legal binding agreement by using e-mail and the Internet be regulated.

In Denmark, as in many other countries, there is at the moment no complete law in the area of employees’ use of e-mail and the Internet at the workplace, providing for the variety of issues and problems arising in this area.

From a legal perspective the area is covered by f. ex. the Act on Personal Data covering the registration and use of personal information, i.e. name, date of birth, and private address, by the Criminal Code regulating the access to the contents of a private letter or electronic information intended for private use, and by the Consolidated Act on Work with VDU Screens covering an employer’s access to control the employees’ work.

The above-mentioned statutes deal with the employer’s access to control the employees’ e-mail and the employees’ use of the Internet. In their guidelines the Council concludes that in Denmark a control of the employees’ use of e-mail and the Internet is lawful, if the employees are informed prior to the control, and it may be established that the control has a reasonable purpose, and the company/organisation has a legitimate interest in the act of control. The Council recommends that the employees’ consent be obtained prior to the company’s control of private e-mails.

When drafting policies on employees’ use of e-mail and the Internet at the workplace a few guidelines from the Council’s paper should be mentioned:

  • description of situations where e-mails are not suitable as form of communication

  • a procedure regulating the use of "send to all"

  • description of which files may not be sent as attachments

  • procedures dealing with e-mails when an employee is not present

  • description of private use

The guidelines from the Danish Government IT Security Council may be recommended both to companies and organisations located in Denmark and to private corporations and public authorities outside Denmark.

Copenhagen, 13 February 2002

The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.