The personal selection by the company’s human resources department entails the collection of different kinds of dates: identifying dates, academic and professional dates… so the automatic technologies of data processing may disclose the personal, psychological or socioeconomic applicant’s profile. Thus, in the human resources scope, there are important databases with a huge quantity of applicant’s information, which are included in the juridical concept of data processing: any operation or technical process, automatic or non-automatic, which makes possibly its collection, recording, conservation, modification, consult, utilization, cancellation, block or suppression, and the data’s communication. The processing requires the fulfilment of the data protection’s principles. Therefore it is essential, and especially when the applicant’s dates are collected, the fulfilment of the information and consent principles, because the processing requires the unequivocal data subject’s consent, except in special cases. In this regard, when the applicant gives his application in person the consent may be assumed. Nevertheless, it does not avoid the information principle’s fulfilment of the data’s processing. We remember that if the data are going to be used to another aim, it is necessary obtain the data subject’s unequivocal consent to its processing; for instance, if the dates are going to be communicated (even if the dates are communicated to another company of the firm). In the case of psychological tests, these dates are contemplated as health dates. So the data processing requires the applicant’s express consent in writing. This consent may be revoked. When the dates are collected or transferred, the data subject must be also informed about the processing’s purpose and the recipient activity. If the data subject is not informed properly, his consent becomes null and void. In case of non-fulfilment of the former requirements, it may be fined who has communicated the personal dates and the recipient. Therefore, we advise the obtaining of the data subject’s previous consent before its communication. In the case of the employer contracts a third to select the applicants, this situation constitutes a rendering services contract on the employer’s behalf, and therefore the requirements of the article 12 of the Spanish Data Protection Law (1720/99) must be fulfilled. The company’s web forms must also fulfil the requirements of the paper forms. Thus, the information of the article 5 of the Spanish Data Protection Law must be clearly visible, and the data processing information must be presented in a way that its reading would be unavoidable and the applicant accepts to enter into the selection process. As a conclusion, the fulfilment of the principles of the data protection regulation is essential to an adequate applicant’s selection.
The European Commission has published a recommendation to use the IT applications supported by radio-frequency identification. The Commission was worried because of the data protection’s problems originated by this kind of identifying technology, whose use is more and more common. These problems may be increased if the necessary measures in order to control the way of the access of this technology’s users and developers are not adopted on time.
RFID is the abbreviation of Radio Frequency Identification, which denominates the radio waves system which makes an object or person identifying possible (by means of a unique serial number). A common case of using this kind of technology is the identifying cards utilized to control the access and the employer’s entrance.
The Commission considers that the main problem consists on the existence of personal dates in the information which the device transmits, and these dates may be collected by thirds without data subject’s knowledge, because of being in the area where the dates are received by a device.
In order to avoid these consequences, the Commission has published these recommendations to make developers and manufacturers consider this danger and adapt the devises to active the identifying possibility. It is also expected that the user would be informed about the product’s characteristics and that he would have the possibility of using that function when he purchase the device, the recommendation’s aim is that the data subject could decide if he wants to transfer his dates, according to the European Directive of Data Protection.
Besides this recommendation, the Commission has published several common questions, to resolve the public’s doubts about this subject.
The Supreme Court of Spain has condemned to two Medias because of the realization of audiovisual recordings which constituted the subject of a report of researching and its subsequent broadcasting. This report was deemed as privacy’s right infringement. The Tribunal must ponder the prevalence of the honour’s right or the freedom of information right; both of them constitutional rights.
The facts were as follows: A journalist pretended to be a patient of the claimant, a beautician, and she was seen in the claimant’s office, recording the conversation and her image by means of a hidden camera.
The Provincial Court of Valencia in appeal deemed that there was not an honour’s right infringement by means of the following arguments:
Nevertheless, the Supreme Court Sentence exposes that claimant’s authorization cannot be deemed as a recording’s consent, and above all, as authorization to its broadcasting, since the person who must give her acceptance does not know what he should consent.
Therefore, despite of the report’s veracity and its social interest, the Court considered that the privacy’s right must prevail because of these reasons:
The Supreme Court’s Sentence considered that the privacy’s right was infringed. The claimant was deprived of deciding about her image’s reproduction. Therefore, it has been produced another infringement, fully compatible with the privacy’s infringement.
The Data Protection Spanish Agency (AEPD), and the employment tribunals have give legal certainty to the use of video surveillance systems, and particularly to check the fulfillment of the labor duties. In this article we are going to present the current video surveillance’s legal framework.
The AEPD has carried out 365 proceedings during the 2.008 related to the video surveillance, what makes an increase of the 196 % in respect of the former year.
During the last months, the sanctions have affected particularly to the sectors of commerce, catering trade and private security services. Capturing images in the public sphere is one of the main causes of these sanctions.
The criterion of the AEPD and the employment tribunals to grant its permit to the location of video surveillance system is the proportionality. This principle suppose that these systems are utilizable when other precaution, protection or security measures, which would not require capturing images would be clearly useless or inefficient to the surveillance’s purposes (for instance: the installation of security devices or automatic doors, alarm systems, improvement of the public sphere’s lighting…)
The utilization of video surveillance systems in the labor environment:
The use of video cameras has generated controversy in the labor environment, because there are two opposed rights: the privacy right, stipulated in the article 18 of the Spanish Constitution and developed in the Law 1/1982 and the Worker Statute whose article 20.3 establishes that the employer may adopt the surveillance and control’s measures to check the worker’s fulfillment of its labor duties.
The courts in an outstanding Sentence established that a dismissal based on recordings captured by a non-declared video camera was granted. In this Sentence, the court clarified the case-law criterions of the Spanish Courts to use the video cameras in the labor environment.
In this case the employer contracted a private investigators agency because he suspected of the misconduct of his employees. The agency installed three cameras, which subsequently captured the recordings which constituted the dismissal’s proof. One employee impugned the recording proof because the employee’s knowledge or the judicial authorization of the video cameras using wasn’t executed in writing.
The tribunal based the dismissal’s approval in the following legal arguments:
a) There are no proofs of intrusion in the worker’s privacy because the cameras were installed in areas of the facilities which were not protected by the privacy right and with the only purpose of proving facts indemonstrable by other ways (Therefore, the intimacy and privacy rights are not infringed).
b) The Tribunal exposes that the privacy right is not an absolute right and the Worker’s Statute attributes to the employer the faculty of adopting the pertinent measures to check the worker’s fulfillment of its labor duties. It is also exposed that the constitutionality of any fundamental right’s restrictive measure depends on the proportionality’s judgment, whose requirements are fitness, necessity and proportionality in a strict sense.
c) The Tribunal argues in respect of the worker’s allegation of the infringement of the 1/2006 AEPD Instruction and the Data Processing law, because “the camera`s installation could not serve to its purpose if it is announced in the entry or a visible location of the facilities”.
Therefore, according to this Sentence the 1/2006 Instruction doesn’t suppose an impediment to the employer’s faculty of installing video surveillance devises to check the employee’s fulfillment of his duties, providing that this installation would not infringe the personnel’s privacy and its utilization would be proportional. Nevertheless, the employer may be fined by the AEPD because of not announcing the video camera’s installation and putting the pertinent signs.
According to the Spanish Data Protection Agency, the number of video surveillance systems registered in the General Register of Data Protection has been increased in 10.000 registries, from 5.000 to 15.000, during the last year. The huge increase in the camera’s number, the lack of regulation of this subject, and the technical difficulties to apply the Data Protection Spanish Law to these security systems, has given rise to the publication of a guide by the Spanish Data Protection Agency. In this guide these kinds of files are deeply analyzed and it also established the guidelines to manage this data processing.
The Guide makes an important effort to define the Data Protection Law’s application to image’s processing and establishes that the current principles in data protection’s subject must be applied to camera’s using, and to any technical means which captures, registers, conserves or stores images of natural persons identified or identifiable, whether it is used with surveillance aims, controlling the personnel or any other purpose.
Although we recommend the Guide’s reading, we bring forward the Agency’s proposals to process and capture the images: