The Challenges of Data Protection in an Employment Context


Technological developments, globalization and the use of the Internet constantly raise new questions about how to act in situations with a potential impact on the protection of personal data. This is particularly relevant in an employment context, in which multiple situations arise in which it becomes necessary to analyze the impact of an employer’s decisions in relation to the protection of employees’ personal data.

In an employment context, questions about the possibility of recording telephone conversations and using these recordings as evidence of employment violations have been analyzed by the courts. Concretely, the Constitutional Court, in its judgment of October 4, 2021, ruled on an alleged violation of the right to the protection of personal data in the case of an employee (a salesperson) who was dismissed for serious and culpable breach due to deficient attention to customers evidenced in recordings of telephone conversations. The court concluded that the right to data protection had not been violated, since the employer had complied with the obligation of prior information concerning the possibility of recording telephone conversations and that said recordings were used for the purpose of providing quality services and training, as the employer did with respect to the legal representatives of its employees. In addition, the employee had been previously warned that his behavior was incompatible with the objectives of providing quality service and providing him with appropriate training. It is precisely the non-compliance with these warnings that led to the termination of the employment contract for gross negligence and fault. The court concluded by ruling that there had been no violation of the dismissed employee’s rights.

The use of surveillance cameras as evidence of breaches of labor law has also been analyzed by labor courts, among others, in judgments such as the one delivered on July 21, 2021 by the Labor Chamber of the Supreme Court, in which the chamber confirmed the lawfulness of their use, provided that such use meets the requirements of being appropriate, necessary and proportionate.

Another challenge has been created by the widespread telework due to the COVID-19 pandemic, namely the challenge of protecting personal data in situations of employee mobility, either because employees travel frequently or due to exceptional circumstances, or because telework has been adopted. by the employer as an alternative to work in the workplace.

The Spanish Data Protection Agency has issued a number of recommendations for these situations, including advising the employer to define a data protection policy for mobility situations. Among the recommended measures are that of informing employees of the mechanisms for monitoring digital devices, specifying the terms of use of company equipment (regulation of access to social networks or the use of e-mails personnel) or to set guidelines relating to the right to privacy and digital disconnection, as well as an employee’s duty of confidentiality.

Another aspect on which the protection of employees’ personal data can have an impact concerns the recording of hours worked. In Article 34.9, the Workers’ Statute imposes on employers the obligation to guarantee a daily record of hours worked, indicating that this record of hours worked must be organized and documented through collective bargaining or company agreement, or failing that, by decision of the employer following consultation with the statutory representatives of the employees. The legality of the option to formalize the recording of hours worked using systems such as digital fingerprints has been assessed by the Spanish Data Protection Agency, which has concluded that, in said categories of personal data ( e.g. biometric fingerprint data), the system should be justified and found to be necessary and proportionate, and consideration should be given to whether there are other, potentially less intrusive technical measures.

Finally, with regard to the protection of personal data in the context of the employer’s obligation to keep a wage register in accordance with Royal Decree 902/2020, of October 13, 2020, on equal pay for men and women and in Article 28.2 of the Workers’ Statute, the Spanish Data Protection Agency has clarified that, since it is a legal obligation, the employer does not need the consent of the employer. ’employee. It also stated that the file should not specify the salary of each employee, but rather the average salary values, salary supplements and non-salary amounts received, broken down by gender and broken down by job group, job category or jobs. of equal or equal value. , specifying that the file must contain anonymized data rather than personal data or information allowing the identification of a given person.

In short, the use of new technologies creates new challenges which, in the context of employment and in connection with data protection, invite employers to carry out an in-depth analysis of the interests at stake and to review their practices and internal policies with a view to bringing them into compliance with applicable legislation, where applicable.


About Author

Comments are closed.