Legal Brain

The fourth article in the series dedicated to the practical aspects of labor law and data protection explores a question frequently asked by employers: is it permissible to use video footage captured by the surveillance system in disciplinary investigations involving employees, and subsequently, present it as evidence in legal proceedings?

Let's break down the topic into two easy-to-understand parts:

a) Examining procedural legal rules.

b) Understanding personal data processing laws.

Procedural legal rules

The provisions of the Labor Code that regulate labour disputes do not prohibit the use of video recordings in the disciplinary investigation. They rather contain general references to the concept of "evidence", without necessarily indicating the nature of admissible evidence in labour disputes.

However, art. 275 of the Labour Code[1], part of the chapter that regulates certain special rules of the procedure applicable to labour conflicts, expressly establishes that the rules of the Labor Code are complemented by the legal provisions established by the Civil Procedure Code.

The Civil Procedure Code allows the use of various forms of evidence, including what is termed "material evidence," such as photographs, films, discs, audio tapes, and other technological mediums, in civil conflicts such as labour disputes, on the condition that they were acquired lawfully and ethically.

Hence, since the special legislation in the field of labour relations does not prohibit, and according to the Civil Procedure Code, video recordings are material evidence, we may conclude that, from a procedural point of view, there is no obstacle in using video recordings as evidence in the course of a disciplinary investigation and/or labour dispute in order to prove a disciplinary offence[2].

However, the absence of a procedural ban in using video recordings as evidence, is not a sufficient condition for their practical use.

Hence, it is crucial to ascertain the legality of capturing captured images intended for use as evidence in disciplinary proceedings or labour disputes, by referencing the original purpose of their collection and its legitimacy.

Personal data processing

The legitimacy of video recordings usage, captured in the employer’s premises, to prove disciplinary offenses must be seen in close connection with the primary purpose of capturing that recording.

Video surveillance can serve several legitimate purposes, such as, for example, ensuring the protection of property and other assets, ensuring the protection of life and physical integrity of individuals[3].

Therefore, if the video monitoring took place for the purpose of protecting assets, persons, premises and the act of an employee is closely related to the violation of internal rules prohibiting stealing of assets, destruction of assets or acts of violence, then we may consider that the use of those recordings the purpose of which was of monitoring such events, could be used as evidence to prove a disciplinary offense consisting of: physically assaulting a colleague, stealing an asset from the employer's assets and leaving the workplace in the possession of such assets.

On the contrary, the use of the same records to prove disciplinary violations that are not closely related to the purpose of monitoring and that do not meet the level of reasonable expectation on the part of employees (e.g. to prove that an employee is late at work or to prove the work performance of employees) might be considered[4] a disproportionate measure in relation to the rights and freedoms of employees since those disciplinary offences can be proven by using less intrusive means, such as the use of information captured by the attendance card systems or, respectively performing employees’ appraisal according to the provisions of the employer’s Internal Regulation.

Caution!

In different circumstances, the same disciplinary offence may fall within the purpose pursued by the employer when collecting personal data by video surveillance system.

Ex. 1:

§  The purpose of video monitoring: ensuring the safety of workers at the workplace

§  Disciplinarily investigated act: smoking close to inflammable equipment.

or may exceed it

Ex. 2:

§  The purpose of video monitoring: ensuring the safety of workers at the workplace

§  Disciplinarily investigated act: taking too frequent smoking breaks.

By reference to Art. 22 of the GDPR which provides the right of data subjects not to be subject to decisions based solely on automated processing which significantly affects them, obtaining the employees’ point of view on the images used during the disciplinary investigations is necessary.

Also, the identification and use, if possible, of additional evidence is always welcome.

To conclude, in order to prevent issues related to the legitimacy of such records that could be used in a disciplinary investigation procedure, from the perspective of data privacy provisions, a careful analysis of each fact is recommendable since, as mentioned above, the same fact/offence may or may not, depending on the circumstances, fall under the legitimate interest pursued by the employer through video monitoring of the areas.

[1] Art. 275: "The provisions of this title are supplemented by the provisions of the Code of Civil Procedure".

[2] Art. 341 para. 2 of the Civil Procedure Code: "Photos, photocopies, films, discs, sound recording tapes, as well as other such technical means, are also material means of evidence, if they were not obtained by violating the law or good manners."

[3] Guide 3/2019 regarding the processing of personal data through video devices  issued by the EDPB.

[4] Opinion no. 4/2004 of the former Working Group art. 29: images collected solely to protect property and/or detect, prevent and control serious misconduct shall not be used to charge an employee with minor disciplinary misconduct.

In recent years, there has been European-level discussion about the (alleged) abuse of dominant position by technology giants in particular (for example, the Intel case[1]), but also in other industries (such as the most recent decision in the Mondelez case[2]). The concept of abuse of dominant position adopted by the European Commission for limiting and sanctioning it has undergone a notable evolution (although Regulation 1/2003[3] is still in force without substantive changes)[4]. The major reservation regarding the sanctioning of abuse of dominant position is probably that no one wants to discourage large competitors, capable of investment, innovation, and progress, from doing exactly these things for rather sterile reasons, such as the fact that at some point their conduct fits the textbook description of abuse of dominant position. Perhaps that is why the European Commission (the Commission) and the Court of Justice of the European Union (CJEU) have understood that they need to allow for flexibility and adaptation of this concept to the realities and needs of the present, so that consumer interest is prioritized.

This adaptation to market realities is known as the „economics-based approach”. This method focuses on the economic effects of a dominant company's behaviour on the market and consumers, using detailed economic analysis and econometric tools to substantiate decisions. The goal is to ensure that interventions are justified and proportionate, thereby promoting competition and economic efficiency. However, the concrete application of the economic approach has taken different forms, as evidenced by the comparison of two important cases in recent years, i.e., Intel and Mondelez, reflecting the complexity and peculiarities of each case.

Intel Case

The Intel case refers to the charges brought by the Commission against Intel regarding the alleged abuse of dominant position in the processor market through conditional discounts and direct payments to computer manufacturers and retailers to exclude its main rival, AMD. In 2009, Intel was fined by the Commission €1.06 billion (the largest fine at the time) for anticompetitive practices aimed at eliminating competition and limiting consumer choices. In a first instance, the EU General Court upheld the Commission's decision, stating that the discounts offered by Intel were capable of restricting competition. This decision was appealed by Intel, and in 2017 the ECJ upheld the appeal and referred the case back to the General Court for re-evaluation, emphasizing the need for a detailed economic analysis of Intel's behaviour. In 2022, the General Court annulled the fine imposed by the European Commission, concluding that it had not sufficiently demonstrated the anticompetitive effects of Intel's discount schemes. In other words, in this case, the final judgment showed that economic analysis was necessary to establish the anticompetitive effects of Intel's practices.

Mondelez Case

In May 2024, the Commission imposed a fine of €337.5 million on Mondelez International, a major global food company, finding that it engaged in anticompetitive practices by restricting the cross-border sales of its products in the European Union. The Commission found that Mondelez violated EU competition rules by (i) entering into anticompetitive agreements or concerted practices intended to restrict cross-border trade in various chocolate, biscuit, and coffee products, and (ii) abusing its dominant position in certain national markets for the sale of chocolate tablets. Mondelez's anticompetitive behaviour would have included: (i) limiting the areas or customers to which certain wholesalers could resell Mondelez products, imposing higher prices for exports than for domestic sales; (ii) preventing distributors from selling in other Member States without prior approval; (iii) refusing to supply certain intermediaries or ceasing supply in certain countries to maintain higher prices. The Commission's conclusion was that these practices hindered free trade between Member States and led to the artificial segmentation of the market, allowing Mondelez to maintain higher prices for its products at the expense of EU consumers. In the Mondelez case, the infringement identified was serious and obvious, having as its object the restriction of competition in the EU and making economic analysis redundant.

***

In both cases, the Commission used economic principles and methodologies to assess the effects of companies' behaviour on competition and consumer welfare. This approach involves analysing market dynamics, assessing market power, evaluating potential efficiencies, and considering the impact on consumers through the prism of product prices and variety of choice. However, the Intel doctrine (according to which - in certain cases - dominant players can demonstrate the lack of anti-competitive effects of their practices) did not apply in the Mondelez case, where the violations were serious and had as their obvious object the distortion of competition (Mondelez admitting otherwise the infringement, cooperating with the Commission and benefiting from a 15% reduction of the fine).[5] 

[1] Intel Corp v European Commission (Decision) [2017] C-413/14 P, EU:C:2017:632.

[2] European Commission Decision C(2022) 1234 final, Case AT.40012 – Mondelez

[3] Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty

[4] The idea that competition law has undergone significant changes in recent years, even though the provisions of Articles 101 and 102 of the TFEU (formerly Articles 81 and 82 of the Treaty of Rome (EEC)) have essentially remained the same, is extensively discussed in a very good recent work that I quote here, namely Pablo Ibáñez Colomo, The New EU Competition Law (Hart Publishing 2023).

[5] The idea of ​​the parallel between the two cases - Intel and Mondelez - can be found in the article Mondelez: abuses by object, consistency and the administrability of Article 102 TFEU, by Pablo Ibanez Colomo and published on May 30, 2024 on the website https:// chillingcompetition.com/.

The storage of personal data is an ongoing concern for those who manage information, as the circumstances requiring the processing of such data are never identical, not always predictable, and the terms for which processing is permitted are not always clear. Regulation 679/2016 on the protection of individuals with regard to the processing of personal data ("GDPR") establishes, among other principles, the principle of "data storage limitation" according to which personal data should be "kept for a period not exceeding the period necessary to fulfill the purposes for which they are processed."

What necessarily results from this principle of limiting data storage periods is nothing other than the right of data subjects to have their personal data erased as soon as they are no longer needed for processing for a specific purpose, without any action required on their part, without the need to address data controllers with a request to do so (a right we intend to discuss in a future article).

In other words, the removal of personal data from the records of the data controller will always occur upon expiration and in close correlation with the identified and established storage period for each category of data processing.

The answer to the question "how long should personal data or a document containing personal data be stored?" should always prompt the data controller to clearly and objectively identify  until when those data are needed.

A series of questions can help in this regard:

• What is the reason for processing this data?

• At what point has the objective I set been objectively and finally achieved?

• Beyond this point, are personal data still necessary for another purpose that requires a longer storage period, such as financial-accounting purposes, archival purposes in the public interest, historical research, or statistical purposes?

Thus, the GDPR considerations mention that "processing personal data for purposes other than those for which personal data were initially collected should be allowed only when processing is compatible with those respective purposes for which personal data were initially collected. In this case, a separate legal basis from that on which the collection of personal data was allowed is not necessary. Subsequent processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes should be considered as lawful processing operations. The legal basis provided in Union law or in national law for the processing of personal data may also constitute a legal basis for further processing. In any case, the application of the principles established by this Regulation and, in particular, informing the data subject about these other purposes and their rights, including the right to object, should be guaranteed."

Below, we propose a brief analysis of some situations involving the processing of personal data related to documents submitted by employees in support of certain requests made to employers and whose storage periods are not very clear to employers:

• Processing/storing copies of death certificates of a close relative or for the marriage of a child to grant paid leave for family events or to prove absence from work in unforeseen situations, caused by a family emergency due to illness or accident, which makes the immediate presence of the employee indispensable. Should these copies be included in the personnel files and archived for the period required by the legal provisions for them?

Considering:

• That the purpose of presenting these documents by the employee is to justify the existence of the event for which the employer grants leave, so that the employee is not considered absent to work;

• the non-impairment in any way of salary rights or contribution periods in the pension or health system;

• the legal provisions establishing the content of the employee's personnel file, namely: the documents necessary for hiring, the individual employment contract, the additional acts and other documents regarding the modification, suspension, and termination of individual employment contracts, study documents/qualification certificates, as well as any other documents certifying the legality and correctness of the completion in the register,

we consider that the inclusion of these documents in the personnel files and archiving them together is not justified.

Therefore, as soon as the information from these documents has been verified by the human resources staff of the employer and it is found that they coincide with the information provided by the employee in the request submitted to the employer regarding the granting of those days off, these documents, excluding the request itself, should be definitively deleted/destroyed from the internal records of the employer, there being, from our perspective, no other reason for the employer to proceed to keep these documents for longer periods.

However, the situation of processing personal data and documents collected by employers in the case of granting caregiver leave regulated by the Labor Code is different.

According to the provisions of the Labor Code, correlated with those of Order of the Ministry of Labor and Social Protection no. 2172/3829/2022 regarding the granting of caregiver leave (the Order), the requesting employee of this leave has the obligation to prove, both the existence of the kinship relationship with the person being cared for or cohabitation, and the existence of the serious medical problem that prompted the employee to request caregiver leave.

The documents through which these proofs are made are regulated by the Order and are, as the case may be: the identity card, the birth certificate, the marriage certificate, the document by which the person was taken into space, the certificate from the association of owners/tenants or the employee's own statement indicating that the person cared for by the employee lives in the same household with him/her for at least the period of caregiver leave, the hospital discharge ticket or, as the case may be, the medical certificate issued by the attending physician or the family doctor of the person with serious medical problems.

To establish the storage period of these documents, both the purpose for which this data was initially collected and a possible existence of a subsequent purpose that would require a longer processing of personal data, beyond the limit of the initial purpose for which they were collected, should be analyzed.

Thus, in the described situation, analyzing the legal provisions regulating these rights, we will identify both an initial purpose of processing, namely that of granting days off, but also a subsequent purpose to the first one, namely that of fulfilling the financial-accounting obligations. The latter results from the provisions of the Labor Code, which establish that employees who benefit from caregiver leave are insured, during this period, in the social health insurance system without paying contributions.

Therefore, as long as maintaining health insurance rights usually implies contributing to this system, mandatory when paying salary rights, any deviation from this provision must be proven. Therefore, in order to prove the non-payment of social security contributions of the employee for the period of caregiver leave, in the event of a possible inspection by the fiscal authorities, the processing of this personal data and implicitly of the documents containing it should be carried out for the period of prescription of the right to action in the fiscal field, namely 5 years from July 1 of the following year for which the fiscal obligation is due, a term also instituted by the provisions of Law no. 36/2023 amending the Accounting Law.