Control of workers in the workplace
Control of workers in the workplace. The telematic media.
In recent years, with technological advances and the opportunities offered by computer media, their use is almost essential in the world of work.
There are many workplaces that today have all the information and data collected on computers, in a database, which workers use to develop his professional activity.
In certain offices, offices, studios… each worker has a corporate email address associated with the company for which they carry out their duties.
But, as a consequence of all this, there is a problem. On the one hand, we could think that these means require control by the company towards its employees, since the use of these means must be exclusively in relation to the work activity that is carried out.
However, on the other hand, if this control is carried out, would it be violating a fundamental right?
In this article we will analyze this issue taking into account the existing legality and jurisprudence.
Control of workers in the workplace
When carrying out these controls by the company, a series of principles and requirements must be taken into account so as not to turn these controls into a violation of rights fundamentals of the workers.
Responding to the Right of workers to Data Protection, according to the Organic Law 15/1999 on Data Protection (hereinafter LOPD), must be taken into has a series of principles and rights before carrying out controls on the workers in the company.
- Principle of proportionality: Article 4 of this law regulates the nature of the data subject to processing, and establishes that such data may only be collected when they are adequate, pertinent and not excessive in relation to with the determined purposes. In other words, the collection of this data must be proportional and compatible with the purpose pursued, for example security. A very suitable example for this principle is the provision of a location device (GPS) to workers who use means of transport to carry out their work activity, in order to control that they carry out their journey correctly, without exceeding in expenses and time for deviating from your route.
- Purpose: from the foregoing, it can therefore be deduced that in order to carry out the controls to which we refer, there must therefore be a purpose, such as the security of the company, the control of expenses and benefits… Control cannot be carried out arbitrarily and without any justification.
- Principle of information: prior to data collection, the interested parties must be expressly informed in advance (art. 5 LOPD). In these situations, the most advisable thing to do is to establish some rules in writing in the control company (provided they are not already established in the Collective Agreement), for example, of computer media. Also, if there is a representative of the workers, he must be informed of said controls.
- Consent of Affected Workers: The consent of an affected worker is not required whenever the controls or data collection is done as a consequence of the employment relationship between the worker and the employer. As established in art. 6.2 of the LOPD, when it establishes: Consent will not be required when personal data is collected for the exercise of the functions of public administrations within the scope of their powers; when they refer to the parties to a contract or pre-contract of a business, labor or administrative relationship and are necessary for its maintenance or fulfillment.
Right to personal and family privacy
On the other hand, regarding the Right to personal and family privacy (art. 18.1 CE), as well as ideological freedom or religion…(art. 16 EC), we must take into account the following:
Art. 7 of the LOPD, regulates specially protected data:
- Data that reveal ideology, union affiliation, religion and beliefs: These data can only be collected provided there is the express written consent of the affected party. In addition, the interested party must always be warned of their right not to provide this data.
- Personal data that refers to racial origin, health and sexual life: may only be collected and transferred, for reasons of general interest, or when so provided by law. li>
- Personal data related to the commission of criminal or administrative offenses: they can only be collected by Public Administrations and in their own files.
On the other hand, article 11.1 of the Organic Law of the Judiciary establishes the following:
«In all types of proceedings the rules of good faith will be respected. Evidence obtained, directly or indirectly, violating fundamental rights or freedoms will not take effect.”
The Supreme Court has ruled on this issue, defending the previous article 11.1, based on Good Faith, and establishing the doctrine that before carrying out any type of control,< strong> the worker must be previously informed, and therefore the evidence obtained without this prior information and thus violating fundamental rights, will not be valid in a process.
Right to Communications Secrecy
Finally, considering the Right to Secrecy of Communications regulated in art. 18.3 of the Spanish Constitution, an exception is established that is regulated in art. 11 of the LOPD.
This article establishes that personal data that is subject to treatment and control, can only be communicated to a third party in a justified manner and when there is a purpose strong>, and always with the consent of the interested party.
However, there are cases in which this consent will not be required (art. 11.2 LOPD)
- When the assignment is authorized by law.
- In the case of data collected from sources accessible to the public.
- When the treatment responds to the free and legitimate acceptance of a legal relationship whose development, compliance and control necessarily imply the connection of said treatment with third-party files. In this case, the communication will only be legitimate as long as it is limited to the purpose that justifies it.
- When the communication to be made is addressed to the Ombudsman, the Public Prosecutor or the Judges or Courts or the Court of Accounts, in the exercise of the functions assigned to it. Nor will consent be required when the communication is addressed to regional institutions with functions similar to the Ombudsman or the Court of Accounts.
- When the assignment occurs between public administrations and its purpose is the subsequent processing of the data for historical, statistical or scientific purposes.
- When the transfer of personal data related to health is necessary to solve an emergency that requires access to a file or to carry out epidemiological studies in the terms established in the legislation on state or regional health.< /em>
Likewise, the STSJ of Madrid nº725/2015 of September 30 has established the following:
“…The answer seems clear: if there is no right to use the computer for personal use, there will be no right to do so under conditions that impose respect for the privacy or the secrecy of communications, because in the absence of a situation of tolerance of personal use, there is no longer a reasonable expectation of privacy and because, if the personal use is illegal, the employer cannot be required to support it and also to refrain from controlling it…”
“…And given the validity of such a strict prohibition, which implies the warning about the possible installation of computer use control systems, it is not possible to admit that a worker’s right arises to have his privacy respected in the use of the computerized means made available to him. Such an understanding would be equivalent to admitting that the worker could create, at his will and free will, a redoubt of privacy, using a means whose property does not belong to him and in whose use he is subject to the instructions of the employer in accordance with the provisions of the art. 20 of the Workers’ Statute…”
Therefore, in this analyzed case, the TSJ of Madrid establishes that, having established the employer some computer control measures for workers and their corporate mail, no the fundamental right to the secrecy of communications is being violated, since the workers have been previously informed of this control because the company has established control measures.
- It is possible for the employer to control the computer resources used in the workplace.
- It is necessary that workers are informed before the decision to carry out these controls and about the processing of their data.
- It is necessary that the information is clear, and the worker knows well if, for example, he can receive private messages, or deposit photographs… li>
- It is highly recommended to inform the workers’ representatives as these measures affect the company as a whole.
- The consent of the worker is not necessary, since there is an employment relationship.
- There must always be a purpose for carrying out these controls, such as for security reasons.