With the imminent entry into force of the General Data Protection Regulation (AVG) on May 25, 2018, privacy law is regularly in the spotlight. The arrival of the AVG has not gone unnoticed in employment law either. This is not surprising; the employer pre-eminently has to deal with the processing of personal data and the additional right to privacy of employees. So sometimes things go wrong and privacy violations become part of employment law proceedings. In that case, how does privacy law work its way into employment law?
Under both the current Personal Data Protection Act (Wbp) and the future AVG, the data controller, in this case the employer, must have a basis for processing the data. These bases are listed exhaustively in Article 8 Wbp/6 AVG. As indicated in my blog "May an employer view an applicant's social media accounts?" the legal basis for the employer is almost always the legitimate interest within the meaning of Article 8 sub f Wbp/6 paragraph 1 sub f AVG. The infringement of the employee's interests by the processing of personal data must have a legitimate purpose, be proportionate to the purpose to be served by it and the purpose must not be achievable in another, less detrimental way. This is a strict framework.
If employees invoke their right to privacy, this is often done in the context of Article 8 ECHR and not by invoking the Wbp. It remains to be seen whether greater awareness of the AVG will change this in the future. In my opinion, application of the Wbp/AVG, rather than Article 8 ECHR, will not lead to a significantly different outcome. Thus, what is noted here in light of Article 8 ECHR will continue to be useful after May 25, 2018.
If a potential privacy breach is part of a legal proceeding, the judge must assess the breach. The judge looks at the privacy framework, namely legitimate interest, proportionality and subsidiarity. The judge also looks at a number of additional employment law factors. The most important factor is the knowability requirement. The knowability requirement looks at whether it was or could have been known to the employee that his privacy would be invaded. In this context, internal policies play a major role. Courts are more likely to assume cognizability if it is set forth in, for example, an internal policy that is accessible to all employees and can be understood. If there is no policy or the policy is too vague, there may still be justified processing, but then there will be higher requirements for the justification of the purpose and the proportionality requirement. In addition, a factor in the judicial review is whether the works council has agreed to the internal policy.
A look at the (mostly pre-Wwz) case law shows the split that judges find themselves in, with strict privacy law on the one hand and more pragmatic labor law on the other. For example, there are instances where the court finds that there has been an unlawful violation of the employee's privacy right, but it nevertheless upholds or grants the labor law measure. It also happens in such cases that the original measure, such as summary dismissal, is not upheld, but the employment contract is still dissolved on the grounds of disturbed employment relationship that arose between the parties as a result of the privacy breach.
One (part of the) explanation for this is the free evidence doctrine in Dutch civil law. The privacy breach usually leads to incriminating evidence, such as camera images or e-mails. This is then qualified as illegally obtained evidence. However, the Supreme Court ruled in 2014 that the public interest that the truth comes to light, as well as the interest of parties to be able to make their contentions plausible in court, outweighs the interest of excluding evidence (HR 11 July 2014, JAR 2014/194 and HR 18 April 2014, JAR 2014/65). In practice, this means that employers obtain evidence through a privacy breach, giving them a better evidentiary position in subsequent employment proceedings.
Another part of the explanation, in my opinion, is to be found in the practical side of labor law, which ultimately revolves around people who have to (be able to) work with each other. An example: if the employer found out about a gross violation of the non-competition clause by the employee through unlawful e-mail monitoring, I think it is understandable that that dismissal would stand. While there is then a violation and an employer acting unlawfully, there is also an employee acting unlawfully. Sustaining that employment is not workable in practice - and the courts see that as well.
The right to privacy is enjoying increasing attention with the advent of the AVG and the digitization of society. As a result, disputes sometimes arise in the workplace. The strict privacy law seems to be tested by employment law judges in a practical way, paying attention to all the circumstances of the case. As a result, a privacy breach may still be deemed justified, or illegally obtained evidence may still be allowed to form part of the proceedings to the detriment of the employee. This often results in employment law nasty consequences for the employee, such as forfeited fines under a violated non-compete clause or even termination of employment. If there is an unwarranted breach of privacy, however, the court may award the employee a higher severance payment. Whether this will change with the advent of the AVG and the still relatively new framework of the Wwz remains to be seen.
This article can also be found in the AVG file
More articles by Pels Rijcken
