In this blog we are going to see the consequences for the company that uses the information obtained by monitoring email violating the privacy of the worker, and for this it is very important to understand whether or not you can use the evidence obtained by any computer surveillance technique.
Regulations on data protection in the workplace:
In the Spanish legislative set there are several laws that are referred to in order to deal with this aspect:
-
Article 18 of the Spanish Constitution: privacy is guaranteed as a fundamental right.
-
Article 4 of the Workers' Statute: The right to privacy is included as a workers' right.
-
Article 18 of the Workers' Statute: The inviolability of the worker is recognized and it is specified that the lockers and personal effects of the workers may only be searched when necessary for the protection of the company's assets and always respecting the dignity and privacy of the worker as much as possible.
-
Article 20 of the Workers' Statute: The right of workers to privacy in the use of digital devices made available by the employer is recognized.
-
Article 87 of the Organic Law 3/2018 of December 5, 2018 on Personal Data Protection and Guarantee of Digital Rights: this is perhaps the article that regulates more specifically the matter and comes to recognize the protection of the privacy of workers in the use of digital devices made available to them by the employer, exposes a clear limit to this protection which is that employers may access the contents derived from the use of digital media provided to workers only to monitor compliance with labor or statutory obligations and that guarantee the integrity of such devices.
To carry out this monitoring, employers must in any case use criteria that minimally affect the privacy of workers and, in addition, workers' representatives must be involved in the whole process. In addition, there is another limit for this monitoring to be legal, which is that the employer must specify the percentage of time in which the devices may be used for private purposes and inform them of the way in which this monitoring is to be carried out.
As we have seen, in the Spanish legal system we find numerous and broad protections for the privacy of workers, but how does this affect the jurisprudential sphere?
Jurisprudence on data protection in the workplace:
The Doctrine of the fruit of the poisoned tree in labor evidence.
This doctrinal and jurisprudential theory establishes that something that has been obtained by violating the fundamental rights of the persons involved cannot be used as evidence in court. The case of entering to see an email of an employee, who uses it for private purposes, can be interpreted as a violation of his right to privacy, recognized in Article 18 of the constitution and therefore under this doctrine that has been enshrined in judgments such as The Spanish Constitutional Court enshrined it in 1984, sentence 4735/2012, of June 21, STS 116/2017, of February 23 it would be evidence that is poisoned since it has been obtained in an illicit manner (from a poisoned tree) and could not be used.
Doctrine of Illegally Obtained Evidence in the Labor Sphere
Since the aforementioned doctrine of the fruit of the poisoned tree exists, the most important thing will be to know whether or not there is a violation of privacy in the evidence in order to be able to use the information obtained with the monitoring:
violation of privacy rights in data protection.
The impossibility of using the information obtained through the monitoring of the work equipment when the right to privacy is violated.
In the Judgment of the First Chamber of the TC 61/2021 dated April 23, 2021, the court evaluates a case in which a worker has been dismissed because they have monitored her computer and they have seen that she spends 70% of her time on her personal life and only 30% on her work, and they have also had access to her emails.
As this monitoring is based on spying on the worker's privacy, it is a violation of her right to privacy and freedom of communications, the TC considers that her rights have been violated and that the actions should be taken back to the appeal (which had considered the opposite).
Judgments that resolve in the same sense (nullity of the test violating a fundamental right): SSTC 125/2018 of 26 November, 92/2008, of 21 July.
Possibility of using the information to dismiss a worker as long as he is informed that the company can monitor his equipment.
-
Supreme Court, Fourth Chamber, Social, Judgment of 6 Oct. 2011, Rec. 4053/2010: In this judgment we can see the case of a worker who was dismissed after her computer was monitored and it could be proved that she spent a lot of time performing tasks that had nothing to do with her work. After appealing this dismissal, the court issued a ruling considering the dismissal as justified, and after reaching the ruling we are referring to, 4053/2010 of the Supreme Court, it considers that her right to privacy has not been violated and that what was obtained from the monitoring can be used as evidence, since the worker had signed a paper stating that it was strictly forbidden to use corporate equipment for any use other than work-related. In the sentence itself, there is a dissenting opinion that states the opposite, that her right to privacy has been violated and that therefore the dismissal should not have been declared fair.
-
Judgment of the Supreme Court of February 6, 2024 (Rec. 263/2022): In this judgment we find the case of a company that warned workers that their use of the equipment provided by the company would always be monitored and told them textually that, "You should not have any expectation of privacy in relation to such communications."
The legal representation challenged this communication and the regulatory change it presented and the various courts agreed with them and declared the corporate regulatory change as unconstitutional for incurring in breach of the Right to Privacy of Article 18 of the constitution as well as illegal for incurring in breach of Article 20.3 of the Workers' Statute and Article 87.3 of the LOPD, the same interprets the Supreme Court with special emphasis on the fact that the workers' representatives did not participate in the elaboration of these business measures aimed at the information control of their workers and also the fact that it was not clear what monitoring system would be used, thus breaching the second paragraph of Article 87 of the LOPD.
This interesting and novel sentence allows us to elucidate that the Supreme Court also puts limits to the monitoring of computers even when the workers have been warned and is very protective for the worker by interpreting in a very restrictive way article 87.3 of the LOPD in which it is established that the workers' representatives have to be present at the moment of elaboration of this type of techniques to protect the right to privacy of the employees.
protection of the right to privacy at work according to the european court.
Judgment Case Bărbulescu v. Romania (Strasbourg Judgment of 5 September 2017, Application Number 61496/08).
Worker providing services for a Romanian private company, from August 1, 2004 to August 6, 2007. The company distributes among all the workers a communication warning that the company would supervise and control the employees' computers, and would sanction them if it found any irregularity, this is the translation of this part of the communication:
"1. ... Time spent in the company should be quality time for everyone! Come to work to take care of company and professional matters, not your own personal problems! Do not waste your time using the Internet, telephone or fax for matters unrelated to work or your duties. This is what [elementary education], common sense and the law dictate! It is the employer's duty to supervise and control the work of employees and take disciplinary action against anyone responsible for misconduct!
Their misconduct will be carefully watched and punished!
2. Due to repeated [disciplinary] infractions towards her superior, [as well as] her private use of the Internet, telephone and photocopier, her negligence and failure to perform her duties, Mrs. B.A. was dismissed on disciplinary grounds! Learn the lesson from her bad example! Don't make the same mistakes!
3. Carefully read the collective agreement, the company's internal regulations, your job description and the employment contract you have signed. They are the basis of our collaboration between employer and employee! ... "
After this notification, on July 13, 2007, Mr. BĂRBULESCU is made aware that, after monitoring his computer and e-mail, it had been detected that he was using the company's computer equipment to send messages to family and friends that had nothing to do with work, he is also given a series of documents giving proof of these messages, within which, there were intimate conversations with the woman. On the same day, the employee was asked for explanations and he told them that he had not made any personal communications and that he believed that this was illegal and against the secrecy of correspondence.
On August 1, 2007, the employee's contract was terminated.
After litigating in his own country and failing to obtain a judgment recognizing his rights, the employee had to go to Strasbourg, to the European Court of Human Rights.
This court issued a judgment establishing the limits to the employee's privacy and the secrecy of correspondence, and by a vote of 11 to 6 established that the company had violated the employee's right to private and family life, thereby violating Article 8 of the European Convention on Human Rights.
The main reason why the European Court considers that the right to privacy is violated is because, although the company can control, it is not necessary to control everything but, no matter how much the employer warns, the limit is where the worker's privacy begins (more information in this link).
Definition of private life:
According to the court, private life is a very broad concept that is very difficult to define, giving as an example the cases Sidabras and Džiautas v. Lithuania, no. 55480/00 however, it dares to define it as follows: "private life to an "inner circle" in which the individual can live his own personal life as he wishes, thus completely excluding the outside world not included in that circle".
Definition of correspondence:
The court comes to say that the term correspondence likewise is a broad term within which all types of communications fit, including calls so the email and instant messaging messages at issue in the case, can be construed as correspondence.
Analysis of the specific case:
The court considers that the communication to the employee was simply to warn him that it was forbidden to use the messages for his private life, within working hours and using the company's equipment, but that it was not enough to understand that the company was warning that it would monitor these emails.
Therefore, the court considers that Article 8 of the European Convention on Human Rights comes into operation since what is affected in the case is correspondence affecting the private life of the worker.
CONCLUSIONS:
In our internal order and in the decisions taken by the courts we can observe a strong protectionism to the right to privacy of individuals that is applied in the monitoring of computer equipment, and therefore, only in those cases in which the test is well practiced, without violating the right to privacy, the courts allow employer can use the information obtained.
Thus, in the BĂRBULESCU judgment, the Court of the European Union interprets that even when the worker has been warned that there is a protocol for monitoring equipment and software, it is not necessary or possible for the employer to monitor everything, everything, and must also respect the private sphere of the worker.
Article written by Albert Perez Mas:
