Spain's constitutional court, the Tribunal Constitucional,
made a landmark ruling in the case of Pérez González v. Alcaliber S.A.
in early October, finding that companies are permitted to access
and monitor employee communications via company IT resources,
including emails and texts, as part of investigations into employee
Pérez González was dismissed by Alcaliber for
disseminating trade secrets to competitors. Alcaliber
accessed Pérez González' company emails and
laptop hard drive in the presence of the notary public following
suspicions of wrongdoing to confirm grounds for dismissal. Emails
in both 2007 and 2008 were found to confirm suspicions that
Pérez González had disclosed information about the
year's poppy crops from his company account to a competitor of
Pérez González challenged the dismissal with a
claim for wrongful termination. He refuted the validity of the
emails as evidence for his dismissal on the basis of his
fundamental right to secrecy in communications under Article 18 of the Spanish Constitution.
However, the constitutional court held that Pérez
González did not have a reasonable well-founded expectation
of confidentiality when using a company email account or other
workplace communications where monitoring is foreseeable.
Furthermore, the company collective bargaining agreement clearly
prohibited the use of company-owned communications networks for
non-work reasons. On this basis, the constitutional court upheld
the decisions of the Madrid Labour Court and the High Court of
Justice to affirm the dismissal.
The Tribunal Constitucional held that dismissal was not
disproportionate in light of the severity of sharing confidential
company information. Furthermore, the court ruled that a company
must be permitted to monitor employee communications to verify
well-founded suspicions of transgression where such monitoring is
necessary to provide evidence to justify dismissal.
This ruling recognises that employee privacy rights must be
balanced against employers' rights to investigate employee
wrongdoing, and further acknowledges that employees' rights to
privacy in the EU are not absolute.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
With new notification requirements and a risk of increased fines, the GDPR will require organisations based in or with operations inside the EU, to adhere to a new regulatory framework in the event of a data breach.
Compromised data compromises goodwill. As the public wakes up to how much of its data is in circulation, how long it can be stored and how much value it has, they are rightly demanding that it be properly secured.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).