During this summer, the Hungarian Supreme Court (Curia) made a judgement in a case, where the central question was whether the monitoring of the employee's own cell phone used for job-related purposes by the employer was lawful. Although the legal framework was slightly modified lately because of the entering into force of the GDPR, the case can offer important lessons. Read our short article if you would like to know whether you can monitor your employee's cell phone which he uses for job related purposes.
The claimant of the case the employee worked as an on-trade regional manager at the defendant company. The defendant, the employer provided the employee with a notebook and a SIM-card in order for him to be able to perform his job-related tasks. The Employee put the SIM-card in a cell phone owned by him and used the mobile phone for job-related purposes.
During an internal investigation the Employer requested the handover of the IT devices used by some of his employees for work, among other he requested the handover of the Employee's notebook and cell phone. The Employee has handed over the notebook and the phone and the Employer checked them.
Later, the parties terminated the employment relationship by mutual agreement, but the Employee attacked the agreement and requested the court to reinstate his employment and claimed non-material damages. Among others, the Employee claimed in the case that the investigation of the Employer during which he checked the Employee's own cell-phone was unlawful.
2) The decision of the Curia and its justification
While the first and second instance courts dismissed the Employee's action, the Curia has formed a completely different standpoint. Although he has not ordered the reinstitution of the employment, the Curia established that the monitoring carried out by the Employer was unlawful because of the below reasons.
Even the labour code in force at the time of the case declared that employers may only monitor the employment related behaviour of their employees and the monitoring cannot undermined the employee's human dignity.
The Curia however established in relation with the monitoring carried out by the Employer that is was not clarified whether the Employer could have used other less invasive monitoring methods and whether the monitoring procedure was carried out with suitable safeguards.
That is why the Curia came to the conclusion that during the investigation the Employer has unlawfully monitored the Employee's private life and unlawfully processed his private messages reading their content that is why the Employee shall be entitled to non-material damages.
3) Lesson learnt
As mentioned, the labour code has been modified in the meantime because of the entry onto force of the GDPR. For example, nowadays the employee may only use the company notebook for not work-related purposes if he made an agreement with the employer.
Further, the labour code specifically declares that during the monitoring of the IT devices (e.g. laptop, mobile phone) used by the employee for job-related purposes, regardless of them being owned by the employee or by the employee, the employer may only inspect information which is related to the employment. Thus, the employer may not investigate the employee's private messages, even if stored at the company notebook.
Moreover, the employer shall set forth the rules of the monitoring and he shall choose the method of the monitoring so that it will be less as invasive as possible.
Last but not least the inspection may only be carried out with appropriate safeguards. Based on the practice for example the employee shall be provided with the possibility to be present at the inspection and indicate for instance that the folder 'Rhodos 2019' contains the family photos taken at the family holiday.
4) What can be inspected exactly, again?
To sum up, the employer is allowed to inspect both the IT devices provided by him to the employee in order to perform job-related tasks and the IT device owned by the employee and used for work based on the agreement of the parties.
Be it the device provided by the employer or owned by the employee during the inspection the employer may only inspect information related to the employment. Further, the employer is allowed to monitor whether the employee complies with the rule of not using the company IT devices for private purposes if the parties have not agreed otherwise.
This means that in case it becomes clear for the employer that a folder contains family photos after that the content of the folder is a taboo for him and he cannot examine the photos one by one. Similarly, if it appears from the addressee of a message that it is a private one, the employer may not inspect the content of the e-mail.
To summarize the above, it is worth to think over carefully whether you allow your employees to use the company IT devices for private purposes or to use their own devices for job related purposes.
However practical aspect could justify the 'leniency' from data protection point of view it creates a clearer situation of the company device can only be used for job related purposes while own devices cannot be used for job related purposes.
In any event, the investigation may only be carried out based on clear procedural rules providing safeguards to the employee and respecting the private sphere of the employees.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.