Article
The right to digital disconnection of workers in relation to the obligations of companies.
With the entry into force in Europe of the General Data Protection Regulation and the consequent approval of the Organic Law on Data Protection in Spain, the so-called Digital Rights are included in the national regulations in a novel way.
These Digital Rights include the right to Internet neutrality; universal access to the Internet; digital security; digital education; rectification on the Internet; updating of information in the digital media; privacy in the use of digital devices in the workplace; digital disconnection; to privacy in the use of video surveillance and sound recording devices in the workplace; to privacy in the use of cameras or geolocation systems, also in the workplace; to the protection of minors' data on the Internet; to the digital will; to oblivion and portability in Internet searches, social networking services and equivalent services; and to digital rights in collective bargaining.
The aforementioned rights are regulated and are closely connected with Article 18 of the Spanish Constitution, which refers to the right to honor, privacy and secrecy of communications. As a fundamental right, the measures that companies must establish for regulatory compliance in relation to digital rights must be structured giving them the importance they deserve and taking into account the consequences of non-compliance.
In relation to digital rights, these constitute, on the one hand, rights for workers and, on the other, obligations for companies. These regulatory changes have caused companies to adapt, both internally and externally, to the new regulatory requirements. In this way we can affirm that Spanish companies and enterprises need to update many of their internal policies.
In line with what was established in the previous paragraph, the new Organic Law on Data Protection and Guarantee of Digital Rights has been quite profuse in the labor sphere, as it includes up to five rights in this area, contained in articles 87 to 97, which in turn are complemented by the 13th and 14th final provisions that modify the Workers' Statute and the Basic Statute of the Public Employee. In this regard, the Spanish legislator has established a series of rights and guarantees that must be taken into account when exercising the control function by the employer. To this end, the aforementioned Organic Law has implemented the authorization contained in Recital 155 of the General Data Protection Regulation, which establishes the following:
"Member State law or collective agreements, including "company agreements", may lay down specific rules concerning the processing of workers' personal data in the employment context, in particular in relation to the conditions under which personal data in the employment context may be processed on the basis of the worker's consent, the purposes of the recruitment, the performance of the employment contract, including the fulfillment of obligations established by law or by collective agreement, the management, planning and organization of work, equality and safety in the workplace, health and safety at work, as well as for the purposes of the exercise and enjoyment, whether individual or collective, of employment-related rights and benefits and for the purposes of the termination of the employment relationship."
This means that the employer must establish the criteria for the use of digital devices through internal protocols and must have the collaboration of workers' representatives in the development of such criteria.
Focusing on the tourism sector, these are companies that handle and process a large volume of data and carry out, in most cases, data transfers to third countries or unrelated companies, and must offer greater guarantees, both to users and consumers, as well as to workers, in compliance with data protection regulations and guarantee of digital rights.
In addition, the right of workers to protect their privacy in the workplace is a great recognition of rights for the employee. However, for the company, given the difficulty of the regulation and the lack of precision, it involves a long list of measures, protocols, analyses and studies to be carried out in order to guarantee compliance with the control authorities, which we know as the new principle of proactive responsibility.
The above translates into the development of an internal code to regulate the use of the company's technological means by the employee, as well as to respect the employee outside working hours, guaranteeing the right to digital disconnection once the working day is over. It must also take security measures not to interfere in the privacy of workers, taking into account the importance of the data obtained and the most appropriate measure that least harms the employee's right. Finally, it is worth mentioning the possibility for companies to include in collective bargaining agreements reached between workers' representatives and employers on data protection.
For all these reasons, many of the companies in the tourism sector are using professional experts in the field, to know and adapt to the new legislation that applies to them. Compliance with the Personal Data Protection Law allows them to focus on the operation of their business, greatly reducing the risks of facing fines and administrative sanctions.
Rosario Saldarriga (Lawyer T&L)
Article published in the May edition of the monthly newspaper CEHAT