Monitoring in the workplace: employers’ rights in Switzerland

The recent clarification from the French data protection authority (CNIL) on CCTV, time-and-attendance systems and geolocation highlights a reality that also applies to Swiss companies: an employer may organise, monitor and ensure the safety of the workplace, but they cannot turn the workplace into a space under constant surveillance. For an SME, this distinction is crucial. A camera installed to protect a till, a time clock designed to record working hours or a GPS fitted to a company vehicle do not raise the same issues as software that tracks an employee’s every move.

In Switzerland, the issue lies at the intersection of employment law, the protection of personal rights and data protection. The legal framework is less a general ban than a test of legitimacy: why monitor, using what tools, what data, for how long and with what impact on employees? Against a backdrop of remote working, connected vehicles, business software and increasingly discreet sensors, these questions are becoming very real for management, HR departments and payroll service providers supporting employers.

Monitoring is possible, but policing behaviour remains a red line

The starting point is simple: an employer must be able to manage their company’s operations. They set working hours, assign tasks, secure their premises, monitor certain processes and ensure that work is carried out. This logic is also reflected in the CNIL’s guidance, which emphasises that time clocks, cameras or geolocation may be lawful when they serve a specific and proportionate purpose.

But Switzerland sets a clear limit. According to the framework outlined by the Federal Data Protection Authority, Article 328 of the Swiss Code of Obligations requires employers to respect and protect employees’ personal rights. Article 26 of Ordinance 3 relating to the Labour Act, for its part, prohibits surveillance or monitoring systems designed to monitor employees’ behaviour whilst at work. Where such systems are necessary for other reasons, they must be designed and installed in such a way as not to infringe upon the health or freedom of movement of the individuals concerned.

This distinction is crucial. An SME may have a legitimate interest in preventing theft, securing a warehouse, controlling access to a workshop or recording working hours. However, a system designed to continuously observe how an employee stands, moves, speaks, types or spends every minute of their day falls into a high-risk category. SECO points out that unauthorised technical surveillance constitutes an infringement of personal integrity and that the Labour Act imposes measures to protect this integrity.

In practice, the best approach is to start with the need, not the tool. Before purchasing a video surveillance, GPS tracking or IT monitoring solution, the company should define the objective precisely: to protect property, organise rounds, document working hours, check service quality or train staff. The vaguer the objective, the greater the risk of abuse.

Cameras in the workplace: securing a premises does not give the right to monitor staff

CCTV is the most telling example. The research report notes that it is widespread in Swiss businesses, particularly in the catering and retail sectors, often to prevent theft or vandalism. These are understandable objectives, particularly for businesses handling cash, holding valuable stock or operating in premises accessible to the public. But a camera never films just goods: it can also capture work activities, breaks, interactions with customers or moments of tension.

The Federal Data Protection Authority emphasises that video surveillance in the workplace can create unease and affect employees’ well-being, or even their mental health. This is precisely why the principle of proportionality is required. A camera pointed at an entrance, a till or a storage area does not have the same scope as a device that constantly monitors every workstation. The question is therefore not merely whether the company has the right to install a camera, but where it is positioned, what it records, who accesses the footage and how staff are informed.

For an SME, the danger often lies in an installation that is too extensive. A camera is added for security reasons, but the footage is then used to monitor breaks, comment on a waiter’s speed or analyse a sales assistant’s behaviour. This change in use can make the system problematic. A system designed for a specific purpose should not be repurposed behind the scenes for another aim, particularly when that new aim directly affects employees’ behaviour.

Transparency acts as a stabilising factor here. Those affected must understand that a system exists, why it exists and within what limits it is used. Clear information reduces misunderstandings, but is not enough to make an excessive system lawful. In other words, displaying a notice or mentioning a camera in internal regulations is no substitute for an assessment of necessity and proportionality.

Time clocks and working hours: an obligation to document, not a licence to monitor every minute

Time clocks occupy a special position, as Swiss employers do not merely have an interest in knowing working hours: they also have documentation obligations. The Swiss Confederation’s SME portal states that employers must document working hours, including daily and weekly working time, compensatory and overtime work, as well as breaks of half an hour or more. These records must be kept for five years.

This obligation explains why many companies implement electronic time recording. A time clock, an app or a system integrated into HR software may therefore be justified. But, here too, the tool must remain focused on its purpose: recording hours, managing balances, tracking absences and providing a reliable basis in the event of an audit or internal discussion.

The risk arises when time recording becomes a tool for behavioural surveillance. A company may need to know when an employee starts and finishes work. However, it must exercise caution if it uses the data to reconstruct minute-by-minute attendance, systematically compare short absences or draw disciplinary conclusions from raw indicators without context. Working hours are recorded; managerial trust cannot be replaced by an intrusive dashboard.

For self-employed individuals who employ a few staff, as well as for more structured SMEs, the issue warrants a straightforward approach: define the data collected, restrict access to those who need it, separate administrative monitoring from disciplinary oversight as far as possible, and explain the rules in a clear and understandable document. This is not an unnecessary administrative burden. It provides protection for both the employer and the employees, particularly when a dispute arises over overtime, breaks or disputed attendance.

GPS, mobile phones, software: legitimate tools can become excessive depending on how they are used

GPS tracking perfectly illustrates the Swiss ‘case-by-case’ approach. The report notes that in 2005, the Federal Supreme Court permitted the use of GPS systems to monitor employees’ movements, provided that monitoring was only possible retrospectively and was not continuous. This clarification is important for companies in the transport, maintenance, delivery or field service sectors. A GPS device can help organise a route, locate a vehicle, improve planning or document a service call. It becomes a far more sensitive issue if it allows a person’s every movement to be tracked in real time without a clear necessity.

An employer must also distinguish between the vehicle and the employee driving it. Tracking a company vehicle for operational reasons does not automatically imply the right to monitor an employee’s private life, breaks or travel habits. Even greater caution is required if the vehicle can be used outside working hours. In such cases, technical settings and internal guidelines must ensure that geolocation does not encroach upon an employee’s private life.

Telephone monitoring requires the same degree of restraint. According to the Federal Data Protection Authority, an employer may not listen in on or record private conversations, as this would infringe on personal rights. Monitoring of work-related conversations may be considered for quality, performance or training purposes, but only in accordance with legal requirements. For a customer service department or helpline, this means that the purpose must be clearly stated, limited in scope and organised in such a way as not to indiscriminately record everything that is said.

Activity monitoring software, particularly in the context of remote working, is probably the most sensitive area. The French data protection authority (CNIL) cites the example of a keylogger, which records every keystroke, as a disproportionate measure, as it indiscriminately captures both work-related and personal information and subjects the individual to virtually constant surveillance. Although this example relates to the French context, the reasoning resonates strongly with Swiss principles: a tool that monitors everything, all the time, rarely passes the necessity test.

An SME approach: state the purpose, limit the data, inform users before installation

Compliance is not simply a matter of choosing a reputable supplier. It begins before the system is put into service. An SME should be able to explain, in simple terms, why a system is necessary and why a less intrusive solution is not sufficient. This reasoning should be documented, as it demonstrates that the company did not act blindly.

A prudent approach can be summarised in a few questions: what specific problem are we trying to solve? What data is essential? Who will have access to it? For how long? Have employees been clearly informed? Is there a risk that the system could affect their health, privacy or freedom of movement? Could it be misused for purposes other than its original intent? These questions are no substitute for a legal analysis, but they do help to avoid many costly mistakes.

Training for managers is just as important as the technology itself. A camera or a time-and-attendance system may be set up correctly, only to be misused by a manager who accesses data without valid grounds or who uses it to exert daily pressure. In a small organisation, where HR, management and operational roles often overlap, this internal discipline is essential. The rules must be known, applied consistently and reviewed whenever the tool or the organisation changes.

Monitoring in the workplace is therefore not an area where one can think in terms of an absolute ‘yes’ or ‘no’. Swiss law permits monitoring that is useful to the business, but it firmly protects employees’ personal rights and health. The clarification from France has the merit of bringing the subject back to the table: in the age of connected devices and artificial intelligence, the real question for Swiss employers is not what technology allows them to see, but what it is legitimate, necessary and proportionate to monitor.