Privacy in the workplace

11 October 2021 – Yvette Kouwenberg

Returning to work: a diabolical dilemma

With the relaxation of corona measures, most employers would like to see their staff (partly) return to the work floor. However, employers are faced with quite a dilemma as a result thereof. After all, they have a legal obligation to create a safe working environment for their employees and therefore must limit as much as possible the risk of possible COVID contamination on the work floor. At the same time, they must respect the privacy of their employees. Therefore, an employer may e.g. not oblige employees to undergo a corona access test in front of the company premises or to use the corona check app to determine whether an employee would pose a risk in the workplace. After all, this would involve the processing of medical data, which is principally not permitted under the General Data Protection Regulation (AVG). Employees may therefore not be required to comply with such requests, nor may a reluctance to cooperate be sanctioned within the employment relation.

The current practice therefore calls for an amendment to the legislation and regulations which, on the one hand, creates a better balance in the split in which employers currently find themselves and, while on the other hand, pays sufficient attention to the (privacy) rights of their staff members. A first cautious step seem to have been taken, now that the government allows employers, under certain circumstances, to inquire of employees about their vaccination status (without registering it). However, the employer must have a good reason for doing so. In addition, the employer is required to have a plan in place that provides for the situation in which an employee turns out not to have been vaccinated and/or does not want to disclose his status. Such as by adjusting the workplace or working schedule.

Secrecy clause under the microscope

It sometimes happens: an employee forwards per email certain business documents to his or her partner or other third parties with a request to ‘hit the print button’ because the employee in question does not have access to a printer at that time, for example because he or she works at home or because the employee is often on the road for work. The latter was the case in a recent case at the Arnhem Court of Appeal. The employee in question had emailed documents from her work containing sensitive (client) data to her boyfriend with the request to print these documents for her. The employer felt that the employee had breached the confidentiality clause in her employment contract.

However, the court did not agree, despite the fact that the information in question was highly sensitive (client) information. The court attached importance to the fact that the employee was frequently on the road for her work and was expected to update her work administration at home. However, the employer had not provided the employee with adequate (printing) equipment so that the employee did not have to ask her boyfriend to print out business documents on her behalf. Nor had the employer prohibited this practice. As – according to the court – the employer had not done enough to protect privacy-sensitive company information, the employee could not be accused of breaching the confidentiality clause. This ruling may perhaps give rise to (re)examining the home work stations of your employees and for ensuring that they are adequately equipped to prevent the potential external sharing of confidential company information and data leaks.


Yvette Kouwenberg