This article was originally published by Karine Clolus-Dupont, Marion Seranne, cabinet EBL Lexington Avocats.
At the very time when extracts from a private Facebook account can be produced to justify a dismissal, it is recalled that the right to evidence can justify an invasion of privacy. Indeed, this is not a blank check given to companies to collect evidence.
At first glance, the decision handed down by the French Supreme Court on September 30, 2020, recognizing the possibility for an employer to provide extracts from a private Facebook account to justify the dismissal of an employee for serious misconduct, may be baffling.
Distinct treatment of private and public accounts
Until now, an employee's postings on a Facebook account, access to which was restricted to his or her friends on the social network, were considered to be part of his or her private sphere, with the result that the employer could not use them as evidence and use them for disciplinary purposes. Conversely, material published on a public Facebook account, and therefore accessible to the employer, could be considered a fair and admissible evidence.
The distinction was therefore clear: if the publications were freely accessible, their extraction was possible and lawful, in particular for the purpose of disciplinary action by a company against one of its employees. On the other hand, if access to the publications was restricted to a private group of " virtual friends ", such retrieval was prohibited.
The key criterion: fairness in the collection of evidence
The annotated decision of September 30, 2020, seems to erode the distinction between the public and private spheres. However, the Court's line of reasoning actually stems from the implementation of long-standing and consistent principles.
On the one hand, in matters of proof, loyalty is required. Evidence must not be gathered without the knowledge of the person who holds it: in practice, the courts sanction and deem irreceivable evidence obtained by means of a stratagem.
In the case before the Court of Cassation, an employee of a ready-to-wear brand had published photographs of a clothing collection on a private Facebook group. This information had been transmitted to the employer by another employee of the company who had had access to this group. It was by finding the breach of the first employee's confidentiality obligation that the company proceeded to dismiss her for serious misconduct.
Moreover, it is also the practice, when it comes to evidence, to balance the need for the right to evidence against respect for the privacy of employees. In other words, the interference in the private life of an employee in order to collect useful evidence, which cannot otherwise be obtained, is conceivable as long as the means used are proportionate. This is in essence the decision rendered in this case: the presentation of this employee's Facebook account statements was essential to the exercise, by the company, of its right to evidence. The infringement of privacy was thus deemed to be proportionate to the legitimate interest of the employer, namely the respect of confidentiality.
The enforcement of this principle explains why the Court of Cassation sanctions companies that use private detectives to monitor the activity of their employees. However, the private life of an employee may justify a disciplinary dismissal if it constitutes a breach by the person concerned of a contractual obligation.
An untapped angle: the impact of the DPGR regulations
The decision issued by the Court of Cassation is therefore not a revolution. On the other hand, it is worth questioning the thinking that the High Court could have held if it had been argued that the protection of personal data had not been complied with. In this respect, it is interesting to compare this decision with the position adopted by the CNIL, on September 12, 2019, on an article of the 2020 finance bill allowing the tax and customs administration, on an experimental basis, to collect personal data published on the Internet by users of online platforms. The CNIL noted that, under the law of personal data, "the freely accessible nature of information published on the Web does not give the State the right to use it as it sees fit. The CNIL was indeed afraid that such a measure would reduce the freedom of expression of Internet users and, as a result, urged the government to include safeguards in this measure.
Thus, by placing herself in the realm of data protection, the employee could have had a different angle of contradiction: indeed, she could have argued that by disclosing, in a private space, information to a restricted public, she had not granted her virtual friends the right to use it as they wished, and that, consequently, any extraction carried out was illegal.
While it cannot be concluded that such an argument would ultimately have totally modified the decision handed down by the Court of Cassation, there is no doubt, however, that the deployment of arguments relating to non-compliance with the RGPD in labor law proceedings will give rise to interesting decisions of principle in the coming years.
In an era where teleworking is becoming increasingly widespread and where sometimes digital communication on social networks or collaborative tools makes it difficult to define the boundary between private and professional life, companies and their HR departments will have to be particularly vigilant in deploying DPP measures tailored to their tools and practices.