GDPR information obligation hit by a knife

Date : Publié par

By a judgment handed down on February 14, 2024 (Social Chamber, No. 22-23.073), the Court of Cassation undermined the supposedly absolute nature of the right of individuals to be informed of the processing of personal data concerning them.

In this case, video surveillance installed in a store allowed the employer to highlight thefts from the cash registers carried out by an employee.

The surveillance process was clearly unlawful: no prior information of employees in accordance with the Labor Code, no declaration to the prefecture, and insufficiently detailed information of employees with regard to the legislation protecting personal data (in force at the time of the events but substantially identical to what the GDPR now provides).

The Court of Cassation points out that just because evidence has been obtained unlawfully does not necessarily mean that it must be excluded from the proceedings in a civil case, provided that the production in question is essential to the exercise of the right of evidence and that the infringement of the rights of the person is strictly proportionate to the aim pursued. In this case, the High Court considers that these conditions were met, balancing the legitimate aim of the company (ensuring the production of its assets) and the employee's right to respect for her private life (which in this case suffered a modest and circumstantial infringement).

The scope of this ruling is significant. In the sphere of labor law, the means of employee surveillance are now varied and powerful: cybersurveillance, geolocation, etc. An employer could therefore, if the conditions are met, rely on the traces thus collected to justify a dismissal even if the employee was not fully and completely informed of said surveillance in accordance with the GDPR.

But this weapon will have to be handled with caution by the employer, because just because the evidence in question can be produced to the industrial tribunal does not mean that he will escape the fines provided for by the GDPR for failure to inform the persons concerned...

To go further, see our article in EXPERTISES, MAY 2024 p.32 "Illicit evidence and private life: the confrontation"

Also read

Scanned signature is a dubious practice

Date : Publié par
On March 13, 2024 (Commercial Chamber, 22-16.487), the Court of Cassation issued a very interesting ruling on the limits of using scanned signatures to attest to the identity and consent of their author.
Read more

Electronic signature: impact on litigation of the certification of the solution implemented

Date : Publié par
The rulings handed down in early September 2020 by the Toulouse (CA Toulouse, 3rd Ch., 4 September 2020, RG n°19/01990) and Lyon (CA Lyon, 6th Ch., 3 September 2020, RG n°19/06466) Courts of Appeal place a significant emphasis on the certification of the signature solutions implemented. However, it is still necessary to understand the scope of these certifications and their real impact on the reliability of the electronic signature.
Read more

Electronic signature does not constitute consent

Date : Publié par
On June 8, 2023, the Orléans Court of Appeal issued an original and very well-argued ruling on electronic signatures (RG No. 22/00539), concerning a personal credit contract between Carrefour Banque and a borrower.
Read more