The Greek Supreme Court opens the way for employers to review electronic communications of employees

25.03.2017

The access to and review of corporate emails, other electronic communications and electronic files stored on the business computers of employees by the employers has always been a serious practical concern for Greek employers. It often arises especially in the context of internal audits or in cases of serious suspicions for breach of the employment obligations by the employees when the only available evidence is to be found in the electronic communications.

To date, there have been no specific guidelines either by the Greek Courts or the Hellenic Data Protection Authority to set the limits between the managerial prerogative of the employers and the right of privacy and secrecy of communications of the employees. On an EU level, however, several judgments have been issued by the Court of Justice of the European Union and important guidance has been provided by the Article 29 Working Party.

What is new is that, very few days ago, the Plenary of the Greek Supreme Court issued its Judgment 1/2017, by which it attempts for the first time to strike a fair balance between the lawful interests of the employers and the privacy rights of the employees in the context of the review of the electronic communications of the latter.

The court rules that employers have the right to review documents stored in the hard disk of employees, including emails exchanged from corporate accounts, without the consent of the employees when, on the one hand, there is a prevailing legal interest of the employer to conduct this review (such as to ensure its goodwill in the market) and when, on the other hand, the fundamental rights of the employees are not adversely affected (such as when the review involves processing of sensitive data). Consequently, copies of the retrieved data included in the emails and the corporate files of the employees constitute evidence that has been lawfully collected and can be lawfully used before the Greek Courts in relevant court proceedings.

The factors taken into consideration by the Court for reaching this judgment were mainly the following: (a) email communications were sent and received from the corporate accounts of the employees by use of their business computers; (b) the review by the employer was conducted as a result of the initial refusal of the employees to provide data to the employer, while at the same time no preventive monitoring of the emails was conducted by the employer as a matter of practice, and (c) no sensitive data of the employees were included in the communications (e.g. health data).

Without prejudice to the guidance offered by the judgment, and so stresses the judgment itself, the permissibility of such actions of employers should always be assessed on an ad hoc basis taking into account all the crucial facts of the case at hand each time.

For further information on practical issues related to matters affected by the judgment, please contact:

Takis Kakouris, Partner
Zepos & Yannopoulos
T (+30) 210 69 67 097
E t.kakouris@zeya.com

Mary Deligianni, Senior Associate
Zepos & Yannopoulos
T (+30) 210 69 67 106
E m.deligianni@zeya.com

 

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarth, tobias.hoellwarth@eurocloud.at

VIEW PROJECT

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.