Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

The Greek Supreme Court opens the way for employers to review electronic communications of employees

25.03.2017

The access to and review of corporate emails, other electronic communications and electronic files stored on the business computers of employees by the employers has always been a serious practical concern for Greek employers. It often arises especially in the context of internal audits or in cases of serious suspicions for breach of the employment obligations by the employees when the only available evidence is to be found in the electronic communications.

To date, there have been no specific guidelines either by the Greek Courts or the Hellenic Data Protection Authority to set the limits between the managerial prerogative of the employers and the right of privacy and secrecy of communications of the employees. On an EU level, however, several judgments have been issued by the Court of Justice of the European Union and important guidance has been provided by the Article 29 Working Party.

What is new is that, very few days ago, the Plenary of the Greek Supreme Court issued its Judgment 1/2017, by which it attempts for the first time to strike a fair balance between the lawful interests of the employers and the privacy rights of the employees in the context of the review of the electronic communications of the latter.

The court rules that employers have the right to review documents stored in the hard disk of employees, including emails exchanged from corporate accounts, without the consent of the employees when, on the one hand, there is a prevailing legal interest of the employer to conduct this review (such as to ensure its goodwill in the market) and when, on the other hand, the fundamental rights of the employees are not adversely affected (such as when the review involves processing of sensitive data). Consequently, copies of the retrieved data included in the emails and the corporate files of the employees constitute evidence that has been lawfully collected and can be lawfully used before the Greek Courts in relevant court proceedings.

The factors taken into consideration by the Court for reaching this judgment were mainly the following: (a) email communications were sent and received from the corporate accounts of the employees by use of their business computers; (b) the review by the employer was conducted as a result of the initial refusal of the employees to provide data to the employer, while at the same time no preventive monitoring of the emails was conducted by the employer as a matter of practice, and (c) no sensitive data of the employees were included in the communications (e.g. health data).

Without prejudice to the guidance offered by the judgment, and so stresses the judgment itself, the permissibility of such actions of employers should always be assessed on an ad hoc basis taking into account all the crucial facts of the case at hand each time.

For further information on practical issues related to matters affected by the judgment, please contact:

Takis Kakouris, Partner
Zepos & Yannopoulos
T (+30) 210 69 67 097
E t.kakouris@zeya.com

Mary Deligianni, Senior Associate
Zepos & Yannopoulos
T (+30) 210 69 67 106
E m.deligianni@zeya.com

 

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarth, tobias.hoellwarth@eurocloud.at

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.