EIRP Proceedings, Vol 13 (2018)



Confidentiality of Employment Relationships



Radu Răzvan Popescu1



Abstract: Objectives Throughout the duration of the individual employment contract, both the employee and the employer, comes into possession of data and information that is private. Prior Work This kind of information that is confidential is practically divided from a legal nature perspective into three categories: confidential data under the loyalty obligation, data and information that are not disclosed due to the existence of a confidentiality clause and those data and information that, according to the special law, are classified as secret service or state secret. At the same time, the employer is under the obligation to keep the confidentiality of personal data and information that he she finds about his/her employees. Results the length of these periods in which parties have to maintain confidentiality is another issue that has given rise to disputes both in the literature and practice of the courts of justice. Value we think this article is an important step in the disclosure of the problem eraised by this two concepts.

Keywords: confidentiality clause; damages of interests; service secret; loyalty obligation



According to labour legislation in Romania, respectively the Labour Code - Law no.5 3/20032, the employee has a fidelity obligation towards his employer, regulated through art. 39 para. 2 letter d, and the obligation to observe the work secret (art.39 para.2 letter f), but the employer also undertakes to ensure the confidentiality of the personal data of its employees (art. 40 para. 2 letter i).

In addition, between the two parties a commitment/negotiated clause may occur, by means of which it is established that throughout the entire duration of the individual employment contract and after its termination no data or information known during the running of the contract will be transmitted, in the conditions set through internal regulations, applicable collective employment contracts or individual employment contracts.

Not last, according to the European Union regulations, starting with the date of 25th of May 2018, Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data3 enters into effect.

In art. 88 of this Regulation it is established that by law or by means of collective agreements, the member states may Member States may, by law or by collective agreements, provide for more specific rules to ensure the protection of the rights and freedoms in respect of the processing of employees' personal data in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organization of work, equality and diversity in the workplace, health and safety at work, protection of employer's or customer's property and for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship. Those rules shall include suitable and specific measures to safeguard the data subject's human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within a group of undertakings, or a group of enterprises engaged in a joint economic activity and monitoring systems at the work place.

A. The principle of good faith between the parties must be correlated with the employer’s fidelity obligation towards his employer. The fidelity obligation is an essential obligation of the employee, who must refrain, during the employment relationship, from committing any deed which might damage the interests of his employer. Thus, the fidelity obligation comprises, on the one hand, non-competition, respectively the employee’s obligation to not compete against his employer, during the employment relationship (particularly due to the conclusion of an individual employment contract) and, on the other hand, presupposes the employee’s confidentiality, respectively his obligation to not disclose certain secrets of the employer.

Hence, the fidelity obligation is a legal (contractual) obligation, created at the moment of signing the individual employment contract by the employee, without the employer being forced to pay the employee any amount of money, in addition (to the negotiated salary), for the observance of the data confidentiality and for forbidding the disloyal competition deeds throughout the contract execution. This obligation must not be confounded with the non-competition or the confidentiality clauses, distinctly regulated by the Labour Code in art. 21-24 and 26 (Ștefănescu, 2017), applying strictly throughout the existence of the individual employment contract.

As expresses in the specialty literature (Țiclea, 2016), the employee must be faithful, loyal, must refrain from any action which would be detrimental to the interests of his employer, in the contrary case, the employer having the possibility to disciplinarily sanction the employee. (Țop, 2015)

The existence of a fidelity obligation cannot prevent the employee from working in addition with another employer, according to his professional training. In this situation, basically, the employee must not compete, really and directly, with the first employer.

B. By means of the confidentiality clause established by art. 26 para. (1) of the Labour Code, it is stated that through the entire duration of the individual employment contract and after its termination, the parties agree to not transmit data or information they learned during the execution of the contract, in the conditions set through internal regulations, applicable collective employment contracts or individual employment contracts.

Firstly, it is noticed that the scope of the confidentiality clause is much wider than the sphere of the two legal obligations. Hence, the confidentiality clause does not superimpose on the employee’s fidelity obligation [art. 39 para. (2) letter d)] or on the employer’s obli­gation to ensure the confidentiality of the employees’ personal data [art. 40 para. (2) letter i)], not does it pertain to the classified information or to those secrets established through Law no. 182/2002 on the protection of classified information4, but its purpose is to establish for the employee additional information he is contractually bound to not disclose.

Both the employee and the employer are equally held to observe such a clause, which can be inserted in the content of the individual employment contract only with the parties’ consent.

The confidentiality clause may produce effects also after the termination of the individual employment contract, but, unlike the non-competition clause, it must pre-exist this moment, in order to produce effects.

It is seen that in case of this clause, the lawmaker did not establish the obligation of an equivalent contribution, in money or in kind, from the employer to the employee, from the moment of accep­ting in the content of the individual employment contract of the insertion of such a clause. Of course, nothing opposes such equivalent contribution from the employer, but, the sense of this regulation is to offer mutual protection, whose terms are set through the parties’ agreement, without the need, in principle, for the parties, to obtain other advantages.

The breaching of the confidentiality clause by either party brings forth the obligation of the defaulting party to pay damages [art. 26 para. (2) of the Labour Code] and if the legal conditions are met, the employee may also be disciplinarily sanctioned (the deed must have been committed during the running of the individual employment contract). Thus, the injured party will notify the competent court and will have to proof the existence of the clause, the infringement of his right and the occurrence of the damage (it is not possible to insert in the individual employment contract of a criminal clause consisting in the setting of a fixed amount, which is going to be paid by the employee in the case of his non-observance of the confidentiality clause; this criminal clause may exist only regarding the employer’s liability) (Popescu, 2008).

C. According to Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the controller is any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.5

Each employer has, according to the provisions of Government Decision no. 905/20176 on the general register for the recording of employees, the obligation to compile a personal/professional file for each of its employees, with the observance of thel egal provisions on the protection of personal data.

Therefore, the use of Revisal and the obligation to have these files of the employees, make the employer a personal data operator.

According to Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data by personal data is understood any information any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

At the same time, personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

In processing personal data, the employer must be guided by and must observe a series of principles, respectively:

  • the data must be processed lawfully7, fairly and in a transparent manner in relation to the data subject;

  • the data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

  • the data must be accurate and updated whenever necessary;

  • to be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

  • to be processed in a manner that ensures appropriate security of the personal data.

If the employer does not employ the person appearing for the interview/exam/competition, either due to the fact that the candidate does not fit the job requirements, or in the context of his refusal to sign the individual employment contract, the employer has the obligation to erase the candidates’ personal data, except for the case when their consent is obtained to keep the data and it justifies a legitimate interest. In this particular case, it is necessary that the employer specifies to the candidates the categories of data kept, the storage period, the person’s right to obtain at any time the deletion of this information, as well as any other rights due to him in his capacity as data subject.

Another exceptional situation is represented by the employer’s possibility to install a video monitoring system at the work place. In this case, the National Authority for the Supervision of Personal Data Processing (ANSPDCP) must be notified because the implementation of such systems may present hazard for the rights and liberties of the data subjects, as employees; the provisions of the Labour Code or any other normative acts regulating the statute, rights and obligations of the employees must be observed, the consultation of their representatives or of the trade union they are part of being necessary, as applicable.

According to art.40 para. 2 letter i of the Labour Code, the employer ensures the confidentiality of personal data for all its employees. Thus, the employee has the right to be informed regarding the manner in which his data was processed, but also an intervention rights, being able to request, in the conditions of the law, the deletion of certain data he considers sensitive. We consider that, in order to avoid any possible misunderstanding regarding the processing of personal data of the employee, the employer must request, in writing, his consent for future processing of his data.

Thus, comparable to the field of competition, the breaches against the provisions of the Regulation may be sanctioned with fines in value of up to 20,000,000 euro or, in case of an enterprise, up to 4% of the worldwide turnover of the group of companies the respective entity belongs to, corresponding to the previous financial exercise, taking into account the higher value, for the non-observance of the basic principles of data processing, the non-observance of the rights of the data subjects or the breach of the obligations regarding cross-border data transfers.



References

Ștefănescu, Ion Traian (2017). Theoretical and practical Treaty of Labour Law, 4ed/ Tratat teoretic și practic de dreptul muncii. Bucharest: Universul Juridic, pp. 369-370.

Țiclea, Alexandru (2016). Treaty of Labour Law/Tratat de dreptul muncii. Legislație. Doctrină. Jurisprudență 10 ed. Bucharest: Universul Juridic, pp. 473-480.

Popescu, Radu (2008). Penal Labour law/ Dreptul penal al muncii. Bucharest: Wolters Kluwer, pp. 203-208.

Țop, Dan (2015). Treaty of Labour Law/ Tratat de dreptul muncii. Târgoviște: Bibliotheca, pp. 295-314.



1 Associate Professor, PhD, National School of Political and Administrative Studies, Romania, Address: Bd. Expoziției 30A, sector 1, etaj 2-4, Bucharest, 010324, Tel.: 0725 888 938, Romania, E-mail: radupopescu77@yahoo.com.

2 Republished in the Official Gazette no. 345 of 18 May 2011, as subsequently modified and completed.

3 Published in JO L 119/1, through which Directive 95/46/EC was abrogated.

4 Published in the Official Gazette no. 248 of 12 April 2002.

5 It abrogates Law no.677/2001 for the protection of persons regarding the processing of personal data and the free movement of such data, published in the Official Gazette no. 790 of 12 December 2001, as subsequently modified and completed; the Regulation is applicable, directly, in all EU countries, without the need of being transposed.

6 Published in the Official Gazette no. 1005 of 19 December 2017.

7 Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Refbacks

  • There are currently no refbacks.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.