Generally no. Activities in Example Case I (searching the employees’ emails for specific keywords and in particular the use of Surveillance Measures) may be seen as an (unlawful) review of the content of the employees’ emails, and, in turn, an (unlawful) interference with the right to privacy and the privacy of communication, safeguarded by the Constitution and the Criminal Code. According to case law, the said right extends to work correspondence as well as private emails.
Slovenian law does not clearly spell out the conditions for the lawful review of employees’ emails. According to (non-binding) guidelines of the Information Commissioner, the content of emails may only be lawfully retrieved:
(i) based on a court order;
(ii) in very rare, exceptional cases, where there is risk of immense damage being inflicted to the employer which cannot be prevented through any other (less-intrusive) measure, provided that the employee was acquainted in advance with the rare instances in which such actions may be taken by way of internal acts adopted by the employer;
(iii) in exceptional circumstances, based on an explicit voluntary consent (however, the voluntary nature of any consent given by employees to the employer is generally questioned by the data protection authority).
Q: Could a concrete suspicion against a Member concerning serious company related offences qualify as (ii) and thus lead to the admissibility of the search of Company Related Data without the prior written consent of this Member?
A: Generally, no – the concrete suspicion alone would not suffice; there would also have to be a serious risk of damage and the employee would have to be acquainted with the possibility of the review taking place (cf. (ii)). According to the opinions and guidelines of the Information Commissioner (NB: case law here is non-existent / extremely scarce), the review of employees’ emails is (almost) entirely limited to instances where it is conducted based on a court order. The existence of (exceptional) circumstances and fulfilment of other conditions for the lawful review of the employees’ emails should be carefully examined on a case-by-case basis. The suspicion of criminal activity alone does not automatically justify the review of the employees’ emails – the employer is generally deemed able to protect its interests by notifying its suspicions to competent authorities (who may adopt adequate measures – obtain a court order to examine email correspondence). Accordingly, there is a risk that Example Case I would constitute a breach of the constitutional right to privacy and privacy of communication.
Q: We understand that a suspicion of criminal activity alone does not justify the review of the employees’ company emails by the employer. The employer has rather to appeal to the authorities to review the employees’ mails with the involvement of the authorities. Could you please confirm/clarify our understanding? (Basically we would like to know, under what circumstances a company is permitted to review its Company Related Data.)
A: Correct – please also see above. The circumstances under which Example Case I would be permitted (according to the guidelines) are extremely limited. The unlawful interference with the employees’ emails may in some instances even trigger the criminal liability of the employer.
In addition to the above, various restrictions and requirements apply for the performance of video surveillance.