This actually came up with multiple companies I worked at in Sweden. Apparently the law here is quite strict that you _can_ use your computer for personal matters and that your employer is not allowed to spy on you on those matters.
replySo they can monitor your email and slack server-side, but not your client-side stuff that doesn't touch their servers. However if you use a VPN then they can also monitor your DNS requests and every website you visit. Any kind of client-side telemetry is limited to a few things, however those things can involve what applications you have installed (like spotify) for security reasons or USB sticks plugged in.
This may be legally challenging if you’re not allowed to communicate company internal information and especially files outside of company hardware.
reply> Yes they could have accessed logs before but there’s a difference between directed checking after incidents and active surveillance at scale.
replyNot really from the perspective of my own risk/reward calculation. I don't know in advance what's going to be considered an "incident" that will make corporate IT suddenly want to search my work computer. Better to simply have a policy of never using a computer my work controls for personal data, especially when I already have my own computers for that that I use regardless of what job I happen to be working at.
replyKeep in mind this isn't just about personal data on work hardware. It also leads to things like "we noticed you didn't move your mouse or type anything for 45 minutes, what were you doing?" type of micromanagement.
reply