Not everything goes when it comes to exercising business control of the company's media. This has been recalled by the Plenary of the Second Chamber of the Supreme Court in a recent sentence in which it confirms the penalty of one year in prison for a businessman who repeatedly accessed an employee's email, both corporate and personal who it was open on the company computer. The employer tried to justify his actions, because he was trying to gather evidence to prove the worker's disloyalty, with which to base his dismissal. The magistrates warn that this control in the face of a serious misconduct by the employee does not justify this intrusion into their privacy.
Strasbourg opens (a little) the door to hidden cameras to monitor workers
The ruling, for which the President of the Chamber, Manuel Marchena, has been the speaker, confirms the existence of a crime of discovery and disclosure of secrets, with the mitigation of undue delay, for which the businessman had already been convicted in lower instances. The penalty imposed is one year in prison and another accessory of special disqualification for the right to passive suffrage during the time of the sentence.
Due to the drop in his business figure and to certain customer complaints he received in relation to works in which his company did not participate, the employer suspected that the employee in question could be carrying out or participating in said works without his knowledge, " also using company materials, "so he accessed his company computer on several occasions. This computer had passwords known to the rest of the company, shared for situations in which it was necessary to access the terminals during vacations or other periods of absence of the employees.
Thus, he accessed the computer, the employee's corporate email, but also the staff, which the worker also had open. The businessmen printed some emails, according to the sentence. Some of the documents thus obtained were presented in the demand for the dismissal of the worker.
The defendant recalled that the applicable collective agreement classifies as a serious misconduct of the worker "... using the computers and the means of communication provided by the company for different uses for which they have been enabled, including e-mail, unless the entity of the breach would qualify the conduct as very serious ".
An undue intrusion into your privacy
The magistrates point out that the regulation of this serious offense in the collective agreement "is a disciplinary statement that, in no way, can be interpreted as an empowerment of the employer to violate the protection barriers inherent to the right to inviolability of communications" .
"What this precept authorizes is the sanction imposed on a worker who includes a personal e-mail account in the computer of his company. But the finding of this serious offense does not strip the owner of the account or force him to accept the interference of his employer in the circle that defines his own privacy ", adds the sentence. In other words, the worker does not lose his rights to privacy due to having acted badly.
The dilemma in question on which the judges are pronounced are "the limits of the rights that come into play when the interest of the employer in supervising the productive elements of his company collide with that of the worker, when he wants to exclude third parties from the content of your communications ".
The Supreme Court recalls, in line with the jurisprudence of the European Court of Human Rights and of the Social Chamber of the High Court itself, that employers can monitor certain communications from employees, but for this they must meet certain conditions.
"Entrepreneur and worker can set the terms of that control, agreeing to waive, not privacy, but the inviolability of communications itself," the judges recall. "But the exclusion of that expectation must be express and conscious" on the part of the employee.
The magistrates recall the jurisprudence of the ECHR whereby "the employer's interest in avoiding or discovering unfair or illicit conduct by the worker" prevails only if certain standards are adhered to, such as "weighting criteria related to the need and usefulness of the measure, the lack of other less invasive routes, the presence of well-founded suspicions ... ".
The Plenary of the Supreme Court concludes that "neither the shared use of corporate codes, nor the definition in the collective agreement as a serious disciplinary offense of the use of the productive means made available to the worker are sufficient to legitimize the serious interference of the employer in the private account ".
Faced with the businessman's version that access to these private accounts was "practically unavoidable", the judges disagree, since the businessman's conduct "was not limited to that casual contact with what was not wanted to be known, but they were printed "various messages and emails for months.
"The long chronological parenthesis - almost three months - during which XXX was stripped of his right to privacy, data protection and, finally, his right to the virtual environment, speaks for itself of the intensity and scope of interference ", added the magistrates.
Thus, the Supreme Court understands that the hypothetical commission by the worker of a serious disciplinary offense, derived from the improper use of the company's computer, "only allowed the company to associate its breach with a legal consequence. But it did not legitimize the irruption of the employer. in emails generated over three months in a private account. "