24/05/2019

Employees must know that companies are monitoring their devices as part of internal investigations, according to experts

Judges, lawyers and professors hold a debate at UIC Barcelona about access to and searches of electronic devices and internal investigations in companies 

Workers should be aware that their employers can monitor their devices and the communication channels that form part of their working environment.  This is one of the main conclusions drawn from the talk entitled “Acceso y registro de dispositivos electrónicos e investigaciones internas en la empresa” [Access and registration of electronic devices and internal investigations in companies] held at UIC Barcelona with participation from magistrates, lawyers and professors who are experts in this area.  

The aim of this talk was to analyse the impact of sentence 489/2018 of the Criminal Court of the Supreme Court, and the main speaker was magistrate Antonio del Moral. In relation to the sentence, the lawyer and coordinator of the UIC Barcelona-specific Postgraduate Degree in Compliance and Cybercrime, Alejandra Vargas, said that "as long as the obligation to provide prior information to the employee is complied with, as well as proportionality and correct justification, the employer has the right to access the devices or communication channels the company places at the disposal of staff. This is where a compliance officer can play a fundamental role in informing and raising awareness among both employees and employers”. 

A labour lawyer at Rödl & Partner, Mariona Valls, believes that, when faced with these situations, it is necessary to weigh up two rights: employee freedom, which is fundamental, and the power of the company’s management team as set out in the worker’s statute.  “In order to ensure rights are balanced, it is necessary to let employees know that their right to privacy is being undermined”.                              

Another labour lawyer from the same firm, Carlota Aguirre, added that there is a conflict of interest between the power to monitor employees and the fundamental rights of employees.  Also, she said that “emails and access to them is the tool we have most control over” and at the same time, the tool that generates the most controversy.  Valls pointed out that “you cannot justify an intrusion into someone’s email account based on the fact there is an annual revision of the content of emails.  This is not a good enough reason to access their email and infringe a fundamental right”. 

Magistrate from the Spanish High Court, Eloy Velasco, attended this event, which took place as part of the University Master’s Degree in Cybercrime and the UIC Barcelona-specific Postgraduate Degree in Compliance and Cybercrime. He stressed that “internal corporate investigations have started to worry us now” and defended the role of compliance officers.  

He reminded students that “the rules say that you are not obliged to report what you have not witnessed” but that they must “act to stop it when you see a crime in a company”.  In any case, he stressed that in an internal corporate investigation, the investigated party can choose to not declare themselves guilty.  “You can refuse to provide documents because it is part of their strategy”. 

Senior Corporate Risk Manager at Novartis, Juan-Jorge Gili, pointed out that, if the person being investigated in a company would like to observe professional secrecy “this must be respected” and added that “it is fundamental that the investigation is carried out with the utmost discretion”.  Finally, the CEO and CTO of Incide, Abraham Pasamar, described the technical process to achieve access and undertake research that companies should carry out to acquire information in a fair and safe manner.