Spain's constitutional court, the Tribunal Constitucional,
made a landmark ruling in the case of Pérez González v. Alcaliber S.A.
in early October, finding that companies are permitted to access
and monitor employee communications via company IT resources,
including emails and texts, as part of investigations into employee
Pérez González was dismissed by Alcaliber for
disseminating trade secrets to competitors. Alcaliber
accessed Pérez González' company emails and
laptop hard drive in the presence of the notary public following
suspicions of wrongdoing to confirm grounds for dismissal. Emails
in both 2007 and 2008 were found to confirm suspicions that
Pérez González had disclosed information about the
year's poppy crops from his company account to a competitor of
Pérez González challenged the dismissal with a
claim for wrongful termination. He refuted the validity of the
emails as evidence for his dismissal on the basis of his
fundamental right to secrecy in communications under Article 18 of the Spanish Constitution.
However, the constitutional court held that Pérez
González did not have a reasonable well-founded expectation
of confidentiality when using a company email account or other
workplace communications where monitoring is foreseeable.
Furthermore, the company collective bargaining agreement clearly
prohibited the use of company-owned communications networks for
non-work reasons. On this basis, the constitutional court upheld
the decisions of the Madrid Labour Court and the High Court of
Justice to affirm the dismissal.
The Tribunal Constitucional held that dismissal was not
disproportionate in light of the severity of sharing confidential
company information. Furthermore, the court ruled that a company
must be permitted to monitor employee communications to verify
well-founded suspicions of transgression where such monitoring is
necessary to provide evidence to justify dismissal.
This ruling recognises that employee privacy rights must be
balanced against employers' rights to investigate employee
wrongdoing, and further acknowledges that employees' rights to
privacy in the EU are not absolute.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On December 31, 2014, Russian President Vladimir Putin signed into law a change in the effective date of a Russian personal data law that includes a data localization requirement (the "Personal Data Law").
In July 2014 the Lower Chamber of the Russian Parliament ("Duma") passed Federal Law No. 242-FZ of 21 July 2014, sub-titled: "On introduction of amendments into certain legislative acts of the Russian Federation relative to clarification of procedure of processing of personal data in information and communication networks".
Following adoption by the EU Council of the draft General Data Protection Regulation in June, the Article 29 Working Party has published an opinion based on draft proposals set out by the various EU institutions.
The UK's Information Commissioner (ICO) is investigating a cyberattack that reportedly netted the names, addresses, bank details and credit card numbers of up to 2.4 million customers of mobile retailer Carphone Warehouse.