A stricter regime for profiling07 June 2016
The Spanish Constitutional Court Backs the Possibility of Accessing Private On-Line Conversations of Employees
In Spain, the privacy right prevents illegal access to individuals' personal information, as well as its use or exploitation without the subjects' authorization. The right to secrecy of communications prevents the illegal interception or knowledge of third parties' communications, including its contents, process and the identity of the interlocutors. Both rights are enforceable by employees in the workplace.
At issue in the Decision, two company employees installed an instant messaging program on one of the company's computers and engaged in various conversations. The program stored the messages exchanged on the company computer's hard drive. The employees did this despite a company policy that banned employee installation of programs on its computers. In addition, the computer was specifically meant for public use among the employees. Therefore, all employees were able to access its hard drive without the need of a username or password.
The instant messaging conversations included various critical, derogatory and insulting comments about co-workers, superiors and clients of the company. One of the company's other employees came across the messages and informed company supervisors. The supervisors accessed and reviewed the conversations to identify the employees and verify the installation of the program. Then, they met with the two employees, reviewed the messages with them and verbally reprimanded them.
One of the employees ultimately appealed before the Constitutional Court for violations of her privacy right and secrecy of communications. She claimed that a breach of the company's policy did not justify the company's review of the communications and reprimands.
With regard to the privacy right, the Court concluded that both employees waived their right to privacy by actively storing the messages in the hard drive of a publicly accessible computer, as this voluntary action expressly permitted others to see the messages. The Court also found that the right to secrecy of communications had not been breached because: (1) the computer was configured for common use and required no username or password; and (2) the installation of programs was expressly banned by company policy, so "a situation of tolerated personal use of the computer could not exist." Thus, "there could not have been any expectation of confidentiality." The Court also found it significant that the communications themselves were configured as open and not secret. The Decision has one dissenting opinion based on a belief that the company did not have to access the contents of the messages to confirm that the employee's had breached the company's policy. Many jurists in Spain support the dissent's reasoning.
The Decision is noteworthy since the Constitutional Court's past decisions have usually favoured employee rights and therefore this Decision has attracted some attention from the press. According to the words of the magistrate who issued the dissenting opinion "the Court, by issuing this Decision, takes a step back with regard to the accredited labour constitutional case law established in the last three decades."
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016
Grounds for processing03 June 2016