In a case that may have implications across the EU, Spain’s highest constitutional court unanimously held that a company was allowed to access and review communications on company IT resources, including emails and texts, as part of an employee misconduct investigation. Pérez González v. Alcaliber S.A., T.C., released Oct. 9, 2013. The Court held that the employee’s privacy rights were not violated because they are not absolute and had to be applied in light of the employee’s “reasonable expectations of privacy” under the circumstances, and the employer’s legitimate rights.
Like many employee privacy suits, the controversy in González followed the termination of an Alcaliber employee for misconduct. In this case, the employee was fired for disseminating trade secrets to a competitor. The employee sued his former employer, claiming wrongful termination and alleging that the monitoring of his emails and texts had been illegal. The Madrid Labor Court denied his claim. This ruling was affirmed by the High Court of Justice of Madrid before González appealed again to the Tribunal Constitucional.
While the Court acknowledged the constitutional right to secrecy in communications, the Court found that in this case, several relevant factual points affected González’ expectations of privacy in his workplace communications. One significantly relevant point was that the collective bargaining agreement for the company’s employees prohibited use of Alcaliber IT resources for non-work purposes, and noted that misuse could be subject to discipline. Additionally, the company accessed the communications—in the presence of a notary public— only after suspicions of wrong doing and it did so only in order to confirm and justify dismissal. Alcaliber did not access or use the emails for purposes other than this investigation, such as to pry into the employee’s personal or family life.
In affirming the dismissal, the Tribunal Constitucional recognized that employee privacy rights must be balanced against employers’ rights and obligations to investigate and discipline employee wrongdoing. The Court ultimately declared that in this instance, the monitoring was foreseeable and did not violate the employee’s rights. The Court also ruled that termination was not a disproportionate disciplinary measure given the employee’s grave breach of confidentiality.
This case is a significant clarification for employer monitoring programs, which are often fraught with the competing tensions of the employer’s compliance obligations and requirements to respect employer privacy. These tensions are particularly pronounced in the EU, where many Member States have strong presumptions for employee privacy and often turn a skeptical eye towards consent in an employment context. But the Court in Gonzálezrecognized that the right to privacy is “not absolute,” and that expectations must be determined by factual circumstances. Thus, beyond Spain this case may have implications across the EU as courts and administrative agencies deal with these issues.
Recognition that both employer disclosures may be reasonable also indicates some flexibility similar to what is possible under the U.S. legal regime. This “reasonable expectations” analysis could be another bridge towards greater harmony between U.S. and EU privacy approaches, particularly for global companies seeking greater uniformity in their compliance programs.