High Court of Andalucía decision of 28 March 2019

An employee was dismissed for breach of good faith, on the basis that, further to an investigation, the company reviewed the employees’ browser history and found out that the employee had been devoting his time and company equipment to personal use, visiting pay-per-view channels, sexual web pages, travel web pages, Amazon and others for the acquisition of Chinese products. In addition, on the hard disk of the computer, files on wine tastings and software to download games illegally or to hack web pages were found.  It was concluded he was only working around 10% of the time, while devoting the rest to these distractions.

The employee challenged the dismissal, which in the first instance was declared fair.  He then lodged an appeal against the judgment, and the High Court now ruled in favour of the employee, on the basis that the evidence was illegally obtained, breaching the right to privacy set out in the Spanish Constitution.

Was the company entitled to access the computer as a working tool of the employee?

The High Court sets out the following principles:  (i) the employee has a reasonable expectation of privacy, according to which he could make a moderate use for private purposes of the digital devices provided by the company; (ii) it is possible to neutralise this expectation by the company by banning any private use of the devices provided; (iii) employees should be duly informed of this measure – such obligation will be met if the prohibition is set out either in the CBA, in the individual employment contract, or in company protocols or policies regarding the use of information technology and devices.

In this case, there was no such prohibition in place nor was the employee informed about it – accordingly, the right to privacy of the employee was breached and the evidence obtained was null and void (and so are the proceedings, which are remitted to the court of first instance to decide without taking this evidence into account).  It is interesting to note that the computer was not specifically assigned to this employee, although he was the one that used it for the most part.

This case shows, once more, how important it is for companies to include the right clauses in the employment agreements, as well as have the right policies and protocols in place, that will entitle them to monitor employees’ activity and performance.

The new Spanish legislation on data privacy (Organic Law 3/2018 of 5 December 2018, on data protection and guarantee of digital rights – which was not applicable to the case at stake – please read our post on this new legislation) provides for the possibility to monitor the use of digital devices provided to the employees with the obligation, on the company, to set out the criteria applicable to use those devices, namely regarding the possibility (or not) to use these for private purposes and under which limits or circumstances.

The judgment refers as well to the Barbulescu II decision of the European Court of Human Rights which also made it clear that having the right policies in place and informing the employees beforehand of the possibility to do so will be the only way for employers to be able to monitor compliance through access to digital devices.

Raquel Flórez Escobar