2 October 2024 · Lucas Charnet
Can I keep an ex-employee’s email account active?
Can I keep an ex-employee’s email account active?
2 October, 2024
–
Privacitat, Data Protection
–
Lucas Charnet
In the workplace, the use of an ex-employee’s corporate email can create legal issues if not managed properly. Many companies find themselves needing to keep an employee’s email active after their departure, mainly to ensure continuity with clients or suppliers. However, accessing an ex-employee’s email involves several risks regarding privacy and personal data protection. In today’s article, we review the different options available to a company and what legal requirements must be met.
Conflict of rights
The conflict between the employee’s rights and the company’s needs when managing an ex-employee’s email lies in the delicate balance between the right to privacy and data protection, and the company’s operational continuity.
1. Employee’s rights:
The employee, even after their employment ends, retains the right to privacy, the confidentiality of communications, and the protection of their personal data. This includes that any information stored in their corporate email, unless previously stated as professional, may be considered private. According to the Reglamento General de Protección de Datos (RGPD) and the Ley Orgánica de Protección de Datos Personales y Garantía de los Derechos Digitales (LOPDGDD), the processing of personal data, even during the monitoring of an employee’s email, must strictly respect these rights.
2. Company’s needs:
On the other hand, the company may need to access the ex-employee’s email to ensure operational continuity, particularly in sectors where communication with clients and suppliers is key. If an employee leaves without transferring these communications, it could severely affect the company’s operations. Here, the company seeks to ensure access to manage contacts, pending projects, or critical information necessary for the company’s operations.
3. Solution to the conflict:
The key to managing this conflict lies in transparency and a clear policy on the use of corporate email from the start of the employment relationship. If the employee was informed that the email is a professional resource subject to monitoring and that it should not be used for personal purposes, the company has a stronger legal basis to justify access in situations following the employee’s departure. Moreover, the access must be proportionate and temporary, ensuring that personal communications are not explored and limiting use to ensuring operability for a specific period (usually no more than three months).
4. Legal consequences of improper access:
In the event that a company accesses an email without meeting these requirements, it could face severe sanctions imposed by the Spanish Data Protection Agency (Agencia Española de Protección de Datos (AEPD)), including fines that can be significant. Additionally, any evidence obtained from such access may be nullified in legal proceedings, or even criminal liability may be imposed if it is proven that there has been a violation of fundamental rights such as the confidentiality of communications.
Requirements for accessing the email
To ensure that access to an employee’s email is lawful, the company must meet the following requirements:
1. Exclude the employee’s expectation of privacy
To ensure lawful access to the employee’s email, it is essential that the employee does not have an expectation of privacy over that account. From the beginning of the employment relationship, the company must inform the employee that the email is exclusively a professional tool. To achieve this:
1. - It must be included in the employment contract or an internal policy stating that the corporate email is company property and may be subject to monitoring or auditing.
- Additionally, the company can implement a digital conduct code detailing the conditions and limitations of using the email for personal purposes.
The absence of this communication could lead to violations of the employee’s right to privacy and nullify the company’s right to access the email after the employee’s departure.
2. Supervision of the Workers’ Legal Representation (RLT)
The company must have the approval or supervision of the RLT, if it exists, before implementing policies on the use of digital tools, including access to emails. Negotiating with the RLT ensures that any policy related to the use of corporate emails is transparent and agreed upon with the employees’ representatives.
3. Retention period of the email after the employee’s departure
Once the employee leaves, the company must block or delete their email account. However, to ensure operational continuity, the company may temporarily redirect the email for a maximum period of three months to another employee or manager. After this period, access must cease, and emails must be deleted or archived according to the company’s policies.
4. Practical advice
To avoid sanctions or legal conflicts:
1. - Include clear clauses in the employment contract informing the employee about email monitoring.
- Have a corporate email usage policy detailing how accounts will be managed after an employee’s departure.
- Involve the RLT to ensure that the policies are legitimate and aligned with employee rights.
Conclusion
Managing an ex-employee’s email account involves a delicate balance between the employee’s right to privacy and the company’s operational needs. To avoid conflicts and legal sanctions, companies must act transparently from the start of the employment relationship, establishing clear policies regarding email use. Furthermore, any access after the employee’s departure must be justified, temporary, and respectful of the employee’s fundamental rights, following the principles of GDPR and LOPDGDD.
At MES Advocats, we provide comprehensive advice for the correct implementation of digital tool usage policies in the workplace. We offer personalized solutions to comply with data protection regulations and avoid conflicts with employees and authorities. If you need more information or advice on managing ex-employees’ emails, do not hesitate to contact us for an efficient and tailored service using this link.
###
...
---