Malta: Use Of Technologies And Respect For Privacy At The Workplace

Last Updated: 24 August 2015
Article by Andrew J. Zammit and Angela Bruno

EU and International Background

In Europe, the use of new information and communication technologies ( ICT) at the workplace has spread rapidly in recent years. This raises numerous issues for employers, employees and their representatives and has been the subject of laborious discussions especially in terms of the link between workers' privacy and employers' need to control and monitor the use of ICT.

It is also pertinent to point out that there is no specific and uniform European Legislation on this topic. In fact, there are currently only two EU Directives. One of these Directives (Directive 95/46/EC) concerns the protection of individuals with regards to the processing of personal data and the free movement of such a data, while the other (Directive 2002/58/EC which amends Directive 97/66/EC), involves the processing of personal data and the protection of privacy in the electronic communications sector. However, as mentioned-above, these EU Directives do not contain any specific provision aimed at regulating the monitoring of workers' behaviour and correspondence.

Therefore, EU Member States which decide to regulate this area at this stage only have to comply with the general principles provided by the European Legislation, as well as with the ones provided by International Legislation, such as the International Labour Organization (ILO) Code of Practice according to which:

  • employees must be informed of use of technologies at workplace;
  • employers, who decide to use technologies in order to control and monitor employees' performance, must take into account any potential consequence on employees' privacy;
  • use of "secret" monitoring must be limited to cases where it is necessary for employees' health and safety and/or for the protection of property.

As a consequence, EU Member States regulate surveillance and monitoring of workers by employers through a number of principles and rules contained in various legal acts, including the Maltese Constitution, legislation on employment, Employment data protection Laws, telecommunication Laws and Regulations, Criminal Code, amongst other. As a further consequence, the interaction of the mentioned national provisions in so far as their application is concerned is often not clear and sometimes controversial.

In view of this, the EU Commission has undertaken the task to consult with the social partners in order to ascertain as to whether it is advisable to adopt a specific and full-detailed legislation on monitoring and surveillance at workplace. The debate is currently opened at European level.

What about the use of monitoring and surveillance in Malta?

In Malta, there is no specific regulation on monitoring and surveillance at workplace, such as CCTV surveillance, monitoring of e-mails and telephone calls, biometric-based time attendance systems through a palm reader, and monitoring and restriction of internet browsing.

Therefore, employers in Malta only have to apply data protection principles as they are set out under the Data Protection Act (Cap 440) and its Subsidiary Legislation, as well as guidelines provided by the Office of the Information and Data Protection Commissioner when it comes to methods of surveillance.

Over the last few years, many employers in Malta have started to use time and attendance (T&A) systems to record when their employees start and finish work. Such systems, in fact, enable employers to have full information on employees' working time and labour costs. Biometric T&A technologies - such as the hand-reader, fingerprint reader or face recognition device - provide additional benefits over traditional employees' tracking systems as they increase reliability and reduce costly errors.

However, prior to implementing a biometric system, employers should carry out a proper privacy impact assessment in order to ensure that the use of biometrics is essentially necessary.

When processing personal data which involves risks of improper interference with the rights and freedoms of data subjects, a prior checking request has to be submitted to the Commissioner to endorse such processing operation. Thus, prior to submitting a notification form, the data controller has to request a prior checking to implement a biometric system.

In addition, employers have to provide their employees with all the relevant information on biometric systems used at the workplace and if such employees are unionised, the employer should, as a matter of good practice, also consult the Trade Unions in order to provide them with the same information.

Where the introduction of biometric systems is deemed necessary, employers should opt for systems which provide a high level of comfort in terms of privacy requirements as it is possible in view of technological progress achieved in this field. These systems include those which do not physically record and process the actual image of the biometric feature, such as the fingerprint.

Where the employer engages the service of another organisation for the management of the biometric system, such a relationship has to be regulated by a written agreement. This agreement should bind the managing organisation to solely act upon the instructions of the employer and implement all the required security measures to protect the personal data against any unlawful forms of processing.

What about the use of GPS/Vehicle Tracking Systems by employers in Malta?

Generally, employers may use Global Positioning Systems (GPS) devices to track employees in employer-owned vehicles.

However, the use of GPS/Vehicle Tracking Systems is not specifically regulated in Malta. Therefore, employers are just due to act in line with the principles set out under the above-mentioned Data Protection Act and its Subsidiary Legislation. Employers have to assure that staff monitoring, including GPS systems, comply with the transparency requirements of Data Protection Legislation such as, amongst other, the duty of clearly informing employees of the existence of the surveillance and of all the purposes for which the personal data will be used.

Employers should also advise and make available to drivers, a policy on the use of tracking devices, including the use of company's vehicles for private use.

Finally, new employees should be informed of the operation of such devices.

In case of breach of such rules, general principles on Data Protection Regulations apply. In particular, the Data Protection Commissioner may impose an administrative fine which does not exceed € 23,000, without resorting to a court hearing.

However, any person aggrieved by a decision of the Data Protection Commissioner has the right to appeal to the Information and Data Protection Appeals Tribunal within thirty days from the date of notification to him/her of the said decision.

Such a decision may on question of law be appealed to the Court of Appeal in Malta within thirty days from the date on which that decision has been notified.

Balancing Employers' Right to know with Employees' Right to Privacy

Employers may wish to use surveillance at workplace for a variety of beneficial reasons, including employees' safety, prevention of theft and supervision of employees' performance.

Such benefits include also reduced payroll error through elimination of employee fraud, increased productivity and improved management reporting, resulting in an overall reduction in labours hours, running costs and an increase of efficiency.  

Moreover, employers have the interest to run their business efficiently and above all, to protect themselves from any liability which employees' actions may create. For instance:

  • employers may be victim of employees' criminal offence;
  • employees' use of social networking sites may cause damage to the employer's business reputation or releases confidential information;
  • employees' bullying may be carried out on the internet and mobile phones, through social networking sites, email and texts.

Therefore, there are positive arguments to have the appropriate measures to limit workers' right to privacy.

On the other hand, there are negative aspects linked with the use of surveillance as employees' personal data may be unfairly used and/or spread. Employers' "need to know" needs to be balanced with employees' "right to privacy".

Balancing different rights and interests requires taking into consideration several principles, including the principle of proportionality. It should be clear that monitoring activity or surveillance at workplace cannot justify any intrusion into employee's privacy.

Although there is no legal duty in this respect, employers should provide employees with a ready, accessible, clear and accurate statement of policy with regard to email and internet use, including the use of social media at workplace. This should also clearly describe the extent to which the employees can use communication facilities, either owned by the company or personal remote devices such as smartphones for personal or private communications.

This document should:

  • clearly set out the conditions under which private use of the internet is permitted as well as specifying material that cannot be viewed or copied;
  • provide information about systems implemented both to prevent access to certain websites and to detect misuse;
  • specify what use – if any – will be made of any data collected in relation to who visited websites;
  • inform employees about the involvement of their Trade Unions representatives, if  any, both in implementation of the policy and in the investigation of alleged breaches;
  • clearly explain enforcement procedures in case of breaches of internal electronic communication use;
  • make clear to employees, reasons and purposes for which surveillance and/or monitoring must be used.

Employees should also be advised as to what personal information will be collected, used, and disclosed, and for what purposes, such as discipline or safety.

In order to ensure that employees are aware of such a policy, specific confirmation that they have read the same policy should be requested. Such policy may be also made available by means of a newsletter.

The Impact of electronic surveillance at workplace

A recent study carried out by the University of Malta and published on the website of Eurofound has explored employees' reactions to the surveillance of employees using equipment such as CCTV, monitoring of e-mails, and restrictions on internet browsing.

Employees said monitoring had a negative impact on their wellbeing and a detrimental effect on the management-employee relationship. Monitoring systems introduced a number of negative feelings among the employees and this affected their well-being. Some expressed this in terms of a sense of discomfort, while others spoke about their frustration and how surveillance exposed their vulnerability. This left employees feeling like that they were being treated like children instead of responsible adults.

The findings also suggested that such systems could have a negative impact on the relationship between management and employees, especially if such measures were perceived to be excessive or there was a lack of communication about the systems.

According to such a research, before any monitoring system is introduced, management should be clear and honest with the employees about it if they want to avoid a loss the trust of their employees. Management should also be clear about the aims and scope of such surveillance systems to avoid a detrimental effect on employees and the employee-management relationship.

On the other hand, the use of electronic surveillance at the workplace is often necessary, especially within those companies and institutions which used to handle sensitive information (i.e.: such as EGaming Companies). Such companies and institution are required to protect this information in the interest of all the clients, customers, individuals involved. In this respect, surveillance and/or monitoring are aimed at preventing any unauthorised use of such an information by third parties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions