We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
16 January 2019
Employment & Immigration Spain
Existing legal framework
Data Protection Act
Comment
The new Data Protection Act entered into force on 6 December 2018, introducing a number of so-called 'digital rights' (for further details please see "New Data Protection Act introduces digital rights for employees and "New digital rights: employees' right to disconnect").
Notably, the Spanish legal system already provided a framework regarding the use of digital devices at work and how employers can exercise control over them in view of employees' right to privacy.
Although there were no legal provisions on this issue, the Supreme Court had ruled on the matter by adapting the provisions referenced in the notable European Court of Human Rights judgment in Barbulescu v Romania (5 September 2017).
In its judgment of 8 February 2018, the Supreme Court provided a general overview of the use of digital devices at work (eg, email or mobile phones) and how employers can exercise control over them while also guaranteeing their employees' right to privacy.
Thus, in order to monitor employees without violating their privacy, employers must consider the following questions:
The Data Protection Act provides a new legal framework in relation to employees' right to privacy in the use of digital devices at work, although no great changes have been made to the existing legal framework.
The act recognises the right of employees and public servants to privacy in the use of digital devices provided by their employer.
Further, it limits employers' control of such monitoring to:
As regards information to be provided to employees, the act states that employers must establish criteria for the use of digital devices which comply with the minimum standards of privacy protection in accordance with social customs and legal and constitutional rights. Employee representatives should be involved in establishing such criteria.
In addition to providing criteria for the use of digital devices, every time that employers authorise the private use of devices, they must specifically determine the authorised use and guarantees in order to preserve their employees' privacy (eg, the periods in which the devices can be used for private purposes). Employees must be informed of all such criteria for the use of devices.
Although the new Data Protection Act has introduced no significant changes regarding the use of digital devices at work, employees' right to privacy regarding such use has now been set out in law.
For further information on this topic please contact César Navarro at CMS Albiñana & Suarez de Lezo by telephone (+34 91 451 9300) or email (cesar.navarro@cms-asl.com). The CMS Albiñana & Suarez de Lezo website can be accessed at www.cms-asl.com.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.
Author