Other Topics
    TechnologyNo, your boss cannot put you in a work WhatsApp group without your permission: the AEPD clarifies that its doctrine has not changed

    No, your boss cannot put you in a work WhatsApp group without your permission: the AEPD clarifies that its doctrine has not changed

    A few days ago the Spanish Agency for Data Protection (AEPD) published a brief resolution that opened up a host of questions. In it, the claim of a worker who had been added to two WhatsApp groups in which your parcel company organized the workdistributing routes or indicating where the parked vans were left.

    The General Data Protection Regulation (RGPD) stipulates that all data processing must have a legal basis that legitimizes it. In that resolution, the AEPD understood that this basis was the employment contract itself, and did not specify whether the worker was complaining because she had been added to those groups with the number of her personal device or with a company phone.

    Numerous data protection experts then shared their opinion on social networks, understanding that with this resolution the AEPD surprised with a change of criteria with respect to resolutions, sometimes immediately prior. Months ago, the AEPD resolved that a community of neighbors had violated the GDPR by adding the stair cleaner to a group.

    One of those experts Gonzalo Oliverlegal adviser specialized in privacy, data protection and cybersecurity for Ozonia Consultants, requested a legal report from the AEPD. The answer has already arrived and it is, for many of these professionals, reassuring.

    Read Also:   Arma 3 is a war video game and its images are being used as 'fake news', warn its developers

    One year in prison and a fine of 1,000 euros for the 3 young people who defrauded Amazon of 350,000 euros with false returns and boxes full of marbles

    Amazon warehouse worker.Amazon warehouse worker.

    In the document, the Agency highlights “as a preliminary matter” that “the resolution of a certain specific file” does not imply that the AEPD “assumes a general criterion valid for all situations that may occur in daily practice.” “Some specific facts are analyzed in specific situations, which are studied accordingly.”

    On the specific case itself, he does not give more details, so there are many unknowns around it. In the field of labor relations, andThe processing of personal data is legally based on the execution of the employment contractalthough certain data may also be processed to meet the requirements imposed by law or a collective agreement,” he says.

    In this sense, companies can use the personal data of an employee to send them payroll, shifts, and other types of communications. However, creating a WhatsApp group with the rest of the company’s colleagues may result in disproportionate data processing for the initial purposes.

    For this reason, the AEPD, although it does not give more details about this case -if the worker was actually using a company device, for example-, does understand that the WhatsApp groups processed “minimum data necessary for the organization of work” and the company had “informed the workers of the purpose of the treatment”.

    Read Also:   New Tomb Raider Game Launched on Android, iOS in February

    In general terms, it is recommended to give a company phone number or ask for voluntary consent

    Despite this, the report from the Data Protection Agency refers to previously published guides —on data processing that an employer can request from an employee or on data protection in labor relations— so, from a point of view For a “general” view, an employee’s email address and telephone number “can be ignored by the employer.”

    Consequently, its treatment “would exceed what was initially permitted by the data protection regulations” and it would not have that legitimizing basis: the employment contract would not be enough. But there is a way.

    “If the circumstances of the provision of services for the company entail a personal availability of the worker outside his center or working hours, a more moderate and equally effective measure to achieve communication between the company and the worker would be the provision of of the same of a work tool such as a company telephone”.

    Reporting corruption is expensive and Europe wanted to avoid it, but not like this: they alert Brussels that the Spanish law reaches the Senate with “serious deficiencies”

    Read Also:   Learn how to remove Wi-Fi passwords stored on your Windows computer

    In addition, the AEPD understands that “it would be possible for those affected to provide the data referring to their private email and telephone number”, but the collection of these data would have to be “voluntary, after obtaining the consent of the worker, who may subsequently oppose the their treatment by exercising the rights of opposition or deletion”.

    “It is necessary to distinguish between the use of tools provided by the company or if it is private media, which is where consent could come into play. Everything must be considered on a case-by-case basis. Hence, any resolution isolated from its context can lead to conclusions that do not conform to the established criteria”remarks the control body.

    For this reason, the Agency concludes that an employment contract “does not legitimize the company to request all this data from the workers.” “The need for treatment will have to be considered on a case-by-case basis,” he says, citing a 2015 Supreme Court ruling.

    The right to disconnect, in turn, “must not be forgotten either”regardless of whether the tool is “corporate or private”, ditch.


    Please enter your comment!
    Please enter your name here

    Latest Posts

    Read More