International Journal of Management Science and Business Administration
Volume 6, Issue 5, July 2020, Pages 25-30
From the Right to be Let Alone to the Control of Personal Data (in the Labour Context)
I2J – Instituto de Investigação Jurídica da Universidade Lusófona do Porto,
University Institute of Maia – ISMAI, Polytechnic Institute of Maia – IPMAIA, Portugal
Abstract: The theme of this paper is the paradigm shift in the outlook of workers’ privacy protection. The focus of this work is the successive and recent evolution of this theme, defending an active approach to privacy, per which the workers have sufficient control over their data. The theoretical framework of the worker’s right to privacy and its adaptation to the current technological world is the base of the adopted methodology. It includes the study of the legislation, doctrinal and jurisprudential positions, and guidelines from various bodies and entities. The conclusions summarise the current challenges faced by the labour jurist, in an era when NICT (new information and communication technologies) are part of the corporate environment to find ways to raise awareness about the reaffirmation of limits and control of technology, as the only way to guarantee the safeguarding of the workers’ fundamental rights, which are undoubtedly essential for defending the worker in a potentially absorbing context outside his domain, being subject to corporate power. The conciliation between the defence of workers’ privacy, on the one hand, and business interests and rights, on the other hand, is the reference for balance.
Keywords: Corporate powers, Data protection, NICT, Workers’ privacy
1. Introduction. the Peculiarity of Workers’ Privacy
The protection of privacy as a fundamental right is a transversal theme to the human experience. It is grounded in the underlying dignity of the human person and, involves the human person in any of their facets. That is why we see the protection of privacy by law, as the main bastion of the defence of the human person. We observe the protection of privacy, for example, in constitutional law, criminal law, family law and, obviously, labour law.
In truth, when rendering their work, the involvement of the person of the worker is intense and profound. This involvement from various aspects in which the complex labour relation unfolds. The employment contract, being intrinsically intuitive personae, supposes the concrete person of that worker. But it also presupposes the involvement of the worker in rendering their work. And, being the worker subject to the power of control by the employer, there is a high potentiality of permeability to possible violations of the worker’s rights by the employer or someone in their representation, affecting, potentially or concretely, the worker’s right to privacy. Well, the worker is still a human person; they are still citizens; they are, in short, still themselves when they transpose the company’s gates . In 2002, the Article 29 Working Party Already stated that “[W]orkers do not abandon their right to privacy and data protection every morning at the doors of the workplace. They do have a legitimate expectation of a certain degree of privacy in the workplace as they develop a significant part of their relationships with other human beings within the workplace”.
At the workplace, as an employee, they are particularly exposed and vulnerable to aggressions to their privacy. The worker spends the vast majority of the working hours of their day at the workplace, and there they develop working relationships, but also social relations, of friendship, of sharing information and aspects of their personal lives. That is normal, it is healthy, and it is inevitable. But that permeability on the worker’s personal life which we ineluctably witness in a work relationship is, or can be, detrimental to the worker’s privacy if, in addition to the aforementioned, account is taken of the relevant aspect of the worker being subject, legally, to the power of control by the employer. “A inseparabilidade da actividade de trabalho da pessoa do trabalhador evidencia-se nos seguintes traços do vínculo laboral: na relevante e permanente indeterminação da prestação de trabalho; no conteúdo amplíssimo dos poderes laborais; e no envolvimento integral da pessoa do trabalhador no vínculo” (Ramalho, 2009: 449).
This power of control, being legal and even desirable for business success, comprises, however, the potential ingredients for a serious and profound injury to the worker’s intimacy. Hence, the worker can (and should) invoke their rights and their privacy, duelling against an employer power that shows to be intrusive , while the law must impose especially protective measures in this segment of manifestation of the human personality: the worker. These are rights that “embora de todos os homens, para os trabalhadores assumem mais interesse … porque a experiência do constitucionalismo consiste, toda, na aquisição progressiva dos direitos daqueles que careçam de proteção” ) (Miranda, 2017: 143).
2. Allusion to the Transnational Roots in Protecting Privacy
The protection of privacy, in general, has already been widely proclaimed in international bodies for over a century. The emblematic Universal Declaration of Human Rights (1948) Can be quoted, in Article 12, stating that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”. Likewise, the International Covenant on Civil and Political Rights (1966) Also provides that “1. No one shall be subjected to arbitrary or unlawful interference with privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. 2. Everyone has the right to the protection of the law against such interference or attacks” (Article 17).
At the European level, under the aegis of the Conseil of Europe, the Convention for the Protection of Human Rights and Fundamental Freedoms (1950) enshrines the right to respect for private and family life, asserting that “1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary for a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or the protection of the rights and freedoms of others” (Article 8).
This legal standard has been frequently used by the European Court of Human Rights And its decisions have been a valuable auxiliary to the densification of privacy, particularly in the scope of labour. Also, within the scope of the Conseil of Europe, the Convention 108 for the protection of individuals concerning about the processing of personal data Throughout its regulations, reinforces the purpose of protecting the rights, freedoms and guarantees of individuals with an emphasis on the right to private life, and therefore, in Article 1, object and purpose, states that “The purpose of this Convention is to protect every individual, whatever his or her nationality or residence, about the processing of their data, thereby contributing to respect for his or her human rights and fundamental freedoms, and in particular the right to privacy”.
In the Charter of Fundamental Rights of the European Union (2016) The European Union member countries proclaim “the right to respect for his or her private and family life, home and communications” and already pave the way for the right to the protection of personal data (Articles 7 and 8). According to Teece (2007) sensing capability constitutes an organization’s propensity to notice the changes in the environment based on its current capability. That is, sensing capability has to do with the ability to promptly recognize opportunities in the environment when it presents itself, while also, having the means to monitor threats from the environment (Teece, 2007; BarretoEisenhardtRavasi, 2003). Lastly, the third dimension reconfiguration capability is the organization’s potential to generate capabilities to integrate current capabilities (Lavie, 2006; Capron and Mitchell, 2009).
In Portugal, this right to protect the privacy of one’s personal and family life protecting under the Constitution (Article 26). The right to the privacy of one’s personal life materializes in two derived rights (both negative): the right to prevent others from having access to information about the person’s private and family life; the freedom that no one should disclose information they may have regarding the individual’s private or family life. The notion of protection of the privacy one’s personal life is coming to be defined by the Portuguese Constitutional Court throughout its jurisprudential work. As the Court explains, it is the “director de of each one to see the interior or family space of the person or their home protected from other intrusions. It is the privacy of Anglo-Saxon law” . It’s the “direito a uma esfera própria inviolável, onde ninguém deve poder penetrar sem autorização do respectivo titular” , which comprises the autonomy and the “direito a não ver difundido o que é próprio dessa esfera de intimidade, a não ser mediante autorização do interessado”. The protection and tutelage of privacy are closely linked to the dignity and freedom of the individual. It means being able to choose between exposing oneself or reserving a space of your existence without the intrusion of other people. It is the right to be alone or “o interesse do indivíduo na sua privacidade, isto é, em subtrair-se à atenção dos outros, em impedir o acesso a si próprio ou em obstar à tomada de conhecimento ou à divulgação de informação pessoal” (Pinto, 1993: 508-509). This notion of privacy has very recently been reaffirmed Regarding the analysis of access to telecommunications and Internet data by officials of public entities.
3. The Worker Core of Protection
The right to dignity and privacy directed towards labour law serves as a foundation and support for the most recent rights to informational identity and the right to data protection, seen by some as a “direito de personalidade” (Pinheiro, 2015: 803)
However, the original, traditional perspective that supports the right to privacy, per Anglo-Saxon law, the right to be left alone (even if adding “a liberdade de actuação, mas igualmente a liberdade de não actuar .. a passividade” As a right to the development of personality) (Pinto, 1999: 203), today, seems insufficient, particularly in the labour scope and in areas where technological advances are particularly felt (such as the paradigmatic case of an employer’s biometric control).
The development of information and communication technologies has brought about profound changes in the paradigm of the employment relationship, affecting worker privacy in a, particularly significant way. Indeed, “um dos direitos que mais tem sido afetado por estas tecnologias é o direito à privacidade” (Moreira, Julho/Dezembro 2017: 15), since the NICT assume an ambivalent character, operating “simultaneamente, como instrumento para desempenhar a actividade produtiva e como mecanismo de controlo da prestação de trabalho executada pelo trabalhador” (Moreira, 2010: 421), resulting in “o aumento, quer da quantidade, quer da qualidade da informação pessoal de que o empregador passa a dispor acerca do seu trabalhador, associadas ao seu tratamento cada vez mais veloz e mais acessível” (Castro, 2018: 273).
The responsibility lies with the courts, if it comes to that, to assess the employer’s use of technology and how they apply that power of control. And this is undoubtedly the case . But it does not seem that an a posteriori jurisdictional control, that is, after an injury to the worker’s privacy has already been inflicted (impossible to repair in nature) could calm the world of jurists. The purpose must, therefore, be to preventively and efficiently halt the unjustified and unlawful injury to the worker’s privacy. The worker must be assured that the law protects that intimate sphere of theirs from injury, making it unreachable to the employer.
This applies without prejudice to the full awareness that the aforementioned protection of the worker’s right to private life does not constitute an absolute right and “pode ser limitado, por exemplo, se estiver em causa a protecção da saúde pública ou a segurança do próprio ou de terceiros” (Abrantes, 2018: 168), so sometimes it may be necessary to restrict it, as long as the constitutional assumptions inherent are upheld, or other relevant rights or interests are harmonized, namely the right of business organization by the employer. . However, “também aqui, por imposição constitucional, a reserva da intimidade da vida privada deve ser a regra, não a excepção, apenas se justificando a sua limitação quando interesses superiores o exijam” (Abrantes, 2018: 143).
Aware of this need for harmonization, it is stated that the “infra-estrutura teleológica do problema da tutela da privacy é caracterizada por uma fundamental contraposição: de um lado, o interesse do indivíduo na sua privacidade, isto é, em subtrair-se à atenção dos outros, em impedir o acesso a si próprio ou em obstar à tomada de conhecimento ou à divulgação de informação pessoal (interesses estes que, resumindo, poderia dizer-se serem os interesses em evitar a intromissão dos outros na esfera privada e em impedir a revelação da informação pertencente a essa esfera); de outro lado, fundamentalmente o interesse em conhecer e em divulgar a informação conhecida, além do mais raro em ter acesso ou controlar os movimentos do indivíduo” (Pinto, 1993: 508-509).
The fulfilment of the right to the privacy of one’s personal life in the legal framework of infra constitutional labour law is justified and imposed by the special characteristics that the employment relationship brings to the life of the worker since the dependency (legal, economic and/or social) of the worker in relation w the employer is an inherent and practically general reality in the employment relationship. However, this legal subordination cannot be unlimited and has to adhere to what directly concerns the organization of work, because otherwise, under the pretext of the existence of an employment contract, there is an unjustified intrusion and submission of the worker, perfectly unacceptable because they retain a stronghold of autonomy and protection of their private life. Currently, this perspective is mostly undisputed. Due to all these factors, it was becoming pressing to attend to the safeguarding of the right to protect one’s private life in an area as specific and enabling as the employment relationship. That is why it is understood that the worker’s right to privacy, in a digital and potentially total world, cannot be limited to being viewed in the traditional negative perspective, of exclusion, of keeping others away from the sphere of the worker.
It is imperative that privacy is added a positive, dynamic, interventional dimension, so that workers (and, indeed, individuals in general) have the right to control the information that concerns them and, therefore, it is inalienably theirs and cannot be appropriated by the employer who may use it, however, whenever and until whenever they please. More so when “la condición de responsable a efectos de tratamiento de datos personales puede ser compartida por varos sujetos… que dos o más empresas colaboren, de uno u outro modo, en la correspondiente actividad productiva” (Murcia and Cardo, July / December 2017:65). To that extent, the concept of traditional privacy has to be completed and fulfilled with the right to informational self-determination. This right, as far back as 2008, was defined as the “direito de subtrair ao conhecimento do público factos e comportamentos reveladores do modo de ser do sujeito na condução da sua vida privada”. However, currently its content must also assume a dynamic perspective that is granted by the right to data protection. “A autodeterminação informacional só pode considerar-se efectuada se o titular dos dados tiver a possibilidade de decidir sobre a sua utilização, nomeadamente a capacidade de se opor a uma armazenagem ilimitada ou o seu cruzamento arbitrário, de modo a obter respostas mais completas sobre o referido titular” (Pinheiro, 2015: 515). This right implies that the worker gives the possibility to act, to have the freedom to intervene (yet without losing the original defensive facet, of preventing intrusion into the private area of the worker’s life).
This new dynamic facet implies that companies conform to the binding indications of the General Data Protection Regulation and, in the Portuguese labour context, it also implies its implementation at the internal legislative level, carried out maxime by the Labour Code (Arts. 14 to 22) and Law no. 58/2019, of 2019.08.08 (Art. 28). And the employer, as the responsible for data processing “ao disponibilizar meios tecnológicos para o desempenho da atividade profissional…tem de assegurar que não tratará, por qualquer forma, dados pessoais que revelem aspetos da vida privada ou da vida não profissional dos seus trabalhadores” (Calvão, 2018: 6).
Nowadays, when it comes to the protection of their privacy in the workplace context, the worker is no longer satisfied by keeping their private life (or parts of it) away from the intrusion of the employer, all the more so since today it is “ao alcance dos privados meios que podem atentar contra a esfera privada dos outros sujeitos” (Barbosa, 2017: 13). Therefore, in addition to this exclusionary power, the worker demands and intervenes to control their personal data in the employer’s possession for processing. This effective control of their personal data is a new and interventional facet that must be recognized and protected so that the employee’s privacy is not affected.
5. Conclusion. the Paradigm Shift: Active Protection
Technological development carries increased risks to the labour world with regard to workers’ privacy. Subject to the employer’s power of control, they may be affected by covert forms of intrusive control, exceeding what the business interest of control (which is serious, relevant and protected) as a legitimate power of the employer is. Thus, limits to this power must be established and implemented, as it currently grows exponentially on the back of the NICT. It is no longer enough to assert privacy as a space of exclusion on a negative side. It is imperative to apply the principles of personal data protection, increasingly present and alert, nowadays. These principles undoubtedly fill the new positive aspect of the employee’s privacy, granting them instruments of defence against a possibly abusive control of the employer, doing so, predominantly, in a preventive manner.
- Abrantes, J. J. (2018). Direitos fundamentais da pessoa humana no trabalho – em especial, a reserva da intimidade da vida privada (algumas questões). In: AAFDL (ed.) Estudos de Direito do Trabalho. Lisboa, 51-170.
- Assis, R. (2005). O Poder de Direcção do Empregador. Coimbra Editora.
- Barbosa, M. M. (2017). Proteção de dados e direitos de personalidade: uma relação de interioridade constitutiva. AB Instantia, Ano V, 13-47.
- Calvão, F. U. (2018). A proteção de dados pessoais no contexto laboral: análise da jurisprudência. Cadernos de Justiça Administrativa. Centro de Estudos Jurídicos do Minho, 3-10
- Castro, C. S. E. (2018). Novas tecnologias e relação laboral -alguns problemas: tratamento de dados pessoais, novo regulamento de proteção de dados e direito à desconexão. Revista do CEJ, 271-299.
- Cordeiro, A. B. M. (2020). Direito da Proteção de Dados, Coimbra: Edições Almedina, S.A..
- Mestre, B. (2018). O RGPD, o TEDH e as relações laborais: um equilíbrio complexo. Prontuário de Direito do Trabalho. Centro de Estudos Judiciários, 157-193.
- Miranda, J. (2017). Direitos Fundamentais, Coimbra: Edições Almedina, S.A..
- Moreira, T. A. C. (2010). A privacidade dos trabalhadores e as novas tecnologias de informação e comunicação: contributo para um estudo dos limites do poder de controlo electrónico do empregador, Coimbra: Livraria Almedina.
- Moreira, T. C. Julho/Dezembro (2017). Algumas Implicações Laborais do Regulamento Geral de Proteção de Dados Pessoais no Trabalho 4.0. Questões Laborais. Edições Almedina, S. A., 9-34.
- Murcia, J. G. and Cardo, I. A. R. Julho/Dezembro (2017). Implicaciones laborales del Reglamento 2016/679 de la Unión Europea sobre Protección de datos personales. Questões Laborais. Edições Almedina, S.A., 35-67.
- Pinheiro, A. S. (2015). Privacy e Protecção de Dados Pessoais: A Construção Dogmática do Direito à Identidade Informacional, Lisboa: AAFDL.
- Pinheiro, A. S. (2018). Apresentação do Regulamento (UE) 2016/679 do Parlamento Europeu e do Conselho, de 27 de Abril de 2016 – Regulamento Geral de Proteção de Dados (RGPD). Revista do CEJ, 303-327. Crossref.
- Pinheiro, A. S., Coelho, C. P., Duarte, T., Gonçakves, C. J. and Gonçalves, C. P. (2018). Comentário ao Regulamento Geral de Proteção de Dados, Coimbra: Edições Almedina, S.A.
- Pinto, P. C. C. D. M. (1993). O direito à reserva sobre a intimidade da vida privada. Boletim da Faculdade de Direito da Universidade de Coimbra, 479-586.
- Pinto, P. C. C. D. M. (2000). A Protecção da Vida Privada e a Constituição. Boletim da Faculdade de Direito da Universidade de Coimbra, 153-203.
- Pinto, P. M. (1999). O Direito ao Livre Desenvolvimento da Personalidade. Studia Juridica – Boletim da Faculdade de Direito. Universidade de Coimbra: Portugal-Brasil ano 2000, 149-261.
- Ramalho, M. D. R. P. (2009). Direito do Trabalho, Parte I – Dogmática Geral, Coimbra: Edições Almedina, S.A.