Anda di halaman 1dari 11

MEMORANDUM

EMPLOYEE MONITORING IN ARGENTINA

Client: Mark Clement


From: Ivan Kurchan – Corporate Attorney in Argentina
Subject: Employee monitoring in Argentina
Date: March 22nd, 2019

I. EXECUTIVE SUMMARY

The controversy between the employee’s right to privacy and the employer’s right to monitor the
activities of their employees has become increasingly complex in Argentina over the past years
since internet and the new ways of communication have appeared. Several theories, including
panoptic theory, were used to explain the behavioral effects of employer surveillance.
Additionally, the ethical issues with regards to electronic monitoring and the provisions
introduced by the Data Protection Act versus the legitimate right of the employer to track and
control the productivity of their employees were analyzed by many jurists and judges.

In this report, we will see that when employees use work tools provided by their employer for
work purposes, privacy laws are mostly inapplicable since the employees simply have no
expectation of privacy in their communications. This is the key element to determine the scope
of an effective monitoring program. Although there are limitations under law, a comprehensive
monitoring program can be implemented to protect the employer’s interests if it is backed by the
employee’s consent, a clear work tools usage policy and inclusion of necessary clause in
employment contracts.

This white paper provides an overview of the current legal landscape in Argentina and describes
the measures that need to be implemented to have an employee monitoring program in
compliance with local regulations.

II. EMPLOYEE’S ACTIONS AND THEIR IMPLICATIONS FOR THE COMPANY

The employer is liable for their employee’s actions as the company becomes the guarantor of the
employee’s actions, taking the position of being responsible for guaranteeing the reparation of
the damage caused by their subordinate. The company cannot escape its liability under most
circumstances as even if the employee may have acted independently of the company, it would
be liable under the provisions of Article 1753, Civil Rights Act1.

The majority of jurists and jurisprudence considers that for the employer to be the guarantor of
the employee, there must be a relationship of obedience, seen, understood or valued as "civil
dependence". This includes anyone who acts on behalf or in the interest of another, by virtue of
some legal bond of subordination. The idea of subordination, as being able to drive the activity of
the other or give them instructions is necessary because, otherwise, there is no dependence and
therefore no liability from the company2.

The company may be liable for the employees misusing their electronic devices when they
disclose the private information in their custody as an employee of the company. Employees may
knowingly or unknowingly disclose private information in their possession as a part of the
company. But instead of the employees, the company would be liable for leakage of the personal
data as it is the responsibility of the company to protect their client’s data in accordance with the
Data Protection Act. In this case and according to Article 31, from the Data Protection Act, the
Company shall be liable to pay a fine from 50.000 to 100.000 ARS (Approx. USD 3.000) to the
authorities plus third parties compensations. The Disposition 71 E-2016 from the Data Protection
Agency established a maximum fee of 5.000.000 ARS in the worst case scenarios (approx. 125.000
USD)3.

Liability for the company may also arise from the misuse of the company resources for illegal
activities such as hacking using the devices provided by the company and due to use of the
company servers for storing and sharing of stolen data or data covered under Data Protection
Laws.

1
A copy of the Civil Rights Act can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/0-4999/804/norma.htm
2
Bustamante Alsina, "Teoría General de la responsabilidad civil", p. 287, 1972
3
The Disposition 71 E-2016 can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/265000-269999/269971/norma.htm
a. Cases of employee actions affecting companies

The actions by employees have in numerous cases forced employers to approach the court.
Among the most widely discussed cases is the case: Sánchez Miguel Ángel c/Banco de Galicia y
Buenos Aires y otros s/daños y perjuicios’ – CNCIV – SALA B – 07/04/20094. This case refers to an
employee of the Galicia Bank who included a customer in the restricted access to credit list on
their data base and having shared this information with the Central Bank, causing economic and
moral damage to the customer. Regarding the bank liability for this act, the court said “An
incorrect data loaded into a database by a bank clerk, without verifying its accuracy when the
means are available, implies a failure in the duty of care in the handling of information”. In light
of the provisions of the Data Protection Act, the bank had to pay a compensation to its client.
A similar case was: "Labaké y otros c/Banco Ciudad de Buenos Aires" where the bank was ordered
to repair the damages suffered by the customers, who attended one of the institution's branches
and paid the fees for municipal taxes, but these payments were not processed because the
cashier incurred a scam through apocryphal seals.

b. Employee’s sanctions

The employees can be sanctioned by the employer for email or electronic devices misuse in the
following scenarios:
(i) Abuse of communications for personal purposes (prior warnings needed)
(ii) Communications with customers to arrange their own business, outside the company.
(iii) Leakage of confidential information from the company.
(iv) Theft of "intangibles" assets from the company (e.g. software, music, photos, etc.).
(v) Actions classified as illegal (such as, libel and theft of information, among others).

These actions will give the employer the right to terminate the employment contract with the
employee without paying compensations of any kind.

III. LEGISLATION ON EMPLOYEE MONITORING IN ARGENTINA

4
A full copy of the ruling can be accessed at
http://www.protectora.org.ar/base-de-datos-veraz-nosis-codeme/sanchez-miguel-angel-cbanco-de-
galicia-y-buenos-aires-y-otros-sdanos-y-perjuicios/1011/
Argentina does not have a specific Workplace Surveillance Act. Employee monitoring is currently
governed by:
 Constitution of Argentina (in Spanish, Constitution Argentina)5
Article 19- Protection of Privacy.
Article-75, section 22- Protection of Life, Privacy and Personal liberty
 Civil Rights Act (in Spanish, Código Civil)6
Article 1071 bis- Protection of Privacy
 Employment Act (in Spanish, Ley de Contrato de Trabajo)7
Article 64-68- Employer monitoring right.
 Criminal Code Act (in Spanish, Código Penal)8
Article 153 – Secrecy of electronic correspondence.
 Data Protection Act (in Spanish, Ley de Datos Personales)9
Article 14 – Secrecy of electronic correspondence.
Under this Act the Data Protection Agency issued the following relevant rules:
- Disposition 10/201510 (surveillance, corporate responsibility)
- Resolution 4/201911 (surveillance, employee’s consent, camera surveillance, biometric
data)

Based in these regulations as well as in the legal opinion of the local jurists and jurisprudence, the
next elements should be considered to be in compliant with local regulations:

(a) Obtaining Consent from the Employees to monitor their communications


It has been widely accepted that as long as the employees are aware that are being monitored
by the employer, there would be no privacy expectations in their communications. Therefore, the

5
A copy of the Constitution can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/0-4999/804/norma.htm
6
A copy of the Civil Rights Act can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/0-4999/804/norma.htm
7
A copy of the Employment Act can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/25000-29999/25552/texact.htm
8
A copy of the Criminal Code Act can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/15000-19999/16546/texact.htm
9
A copy of the Data Protection Act can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/60000-64999/64790/texact.htm
10
A copy of the Disposition 10/2015 can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/240000-244999/243335/norma.htm
11
A copy of the Resolution 4/2019 can be accessed at
http://servicios.infoleg.gob.ar/infolegInternet/anexos/315000-319999/318874/norma.htm
ultimate first step would be to inform the employees that their communications will be monitored
and their usage will be controlled.

(b) Monitoring is done for the work tools only


Monitoring is done only for the work tools provided by the employer and not for personal
electronic devices or personal email account. Other work tools such as laptops, mobile phones
and landline telephone number may be monitored as long as the these were provided by the
employer for work purposes only. The employee should be aware of the work tools that are being
monitored. Personal email account or social networks cannot be monitored as these are
prohibited by the Data Protection Act.

(c) Email and work tools usage policy


A clear email usage policy is framed whereby it is explicitly mentioned to the employee that work
email address is monitored and he/she should not use the work email address for personal
purposes. Guidelines of best practices, working hours and other relevant information should be
also included in this policy. The employer must provide training on this policy to their employees
on a regular basis. The case law: ‘Pereyra, Leonardo R. v. Servicios de Almacén Fiscal Zona Franca
y Mandatos S.A. (C.N.T, Sala VII)’ has established the following “the email address is another
working tool and as such it must be analyzed in accordance with the rights and duties of the parties
(art. 62 and sgt. of the Employment Contract Act) and in accordance with the principle of good
faith (art. 63) and art. 70 of the same act, which empowers the employer to carry out the faculties
of personal controls, aimed at the protection of the company's assets. However, if a company does
not have a clear policy on the use of this tool, failing to warn the employee that such use should
be made exclusively according to their work activity and making them aware of the company's
right to control the correct use of e-mails could create a false expectation of privacy”. 12

IV. EMPLOYEE MONITORING PROGRAM IMPLEMENTATION

In Argentina labour judges are reluctant to accept employee’s dismissal without paying any
compensation unless there is strong evidence of justification for this and as long as the employer

12
A copy of the ruling can be accessed at
https://ar.ijeditores.com/articulos.php?idarticulo=39635&print=1
can demonstrate that the dismissed employee acted with full knowledge of the consequences of
his/ her actions.

The first thing employers must prove is the existence of compliance policies known and accepted
by employees. These policies should determine the scope of usage of the work tools, internal
procedures, restrictions, and monitoring program that is applicable. Additionally, these policies
must be written in Spanish, in order to avoid the employee arguing that he/ she did not
understand the scope of the policy because it was not written in his/her mother tongue.

Policies must be signed in the employee's own handwriting to demonstrate knowledge and
acceptance. In addition, courses and trainings should be given to explain the scope and
consequences of the policy, clarifying any doubts that may exist. Employees attending such
courses must sign a confirmation of attendance.

In this way it will be possible for the employer to prove that the employee was aware of the
compliance policy, its guidelines and the risks that existed in case of non-compliance.

After obtaining consent and disclaimers of employees, noting that privacy is not guaranteed when
using electronic work tools, monitoring of employees in Argentina is generally undertaken
through the following measures:

a. Preventing editing/ downloading of corporate intellectual property


It is advisable to have a monitoring software that guarantees that the employee cannot edit or
download the documents/ information that belongs to the employer and that tracks the
employee’s activity when having access to these documents. This will serve as strong evidence
when needed.

b. Internet usage monitoring


This process generally involves the installation of specialized software to monitor the usage
behavior of the employees by preventing access to unwanted websites (such as webmail
providers, chatting services, social media services). In this method, the user is normally prevented
from visiting the website so that the intervention takes place before any access on the internet
has been made. As access is controlled before the request reaches the internet, these methods
are expected to be legal in most circumstances particularly if express consent is obtained.
c. Strong password protocol
It is important to have an internal protocol of frequently renewed passwords that are used by the
employee to work from their computer in order to deny arguments that the employee was not
the author of their actions or that their computer was hacked by a third party.
As long as this procedure is fulfilled, the employer will have strong arguments to prove that the
digital evidence, is authentic and was obtained using reliable means.

d. Usage of work tools


The monitored activity should be stored in computers, cell phones and digital tools (including
work email address) belonging to the employer, so that they are clearly "work tools" provided to
the employee for the performance of work activities and that are then within the reach of the
monitoring and surveillance powers that the employer holds over its assets.

e. Employee monitoring on electronic and audio communications

 SMS, Voice Fixed Line and Mobile Communication

Monitoring of SMS and Voice calls through Fixed Lines or Mobile phones is permitted as long as
the electronic devices were provided by the Employer for working purposes and the
communication is held during working hours at the workplace. The employee must be notified
that the communication on these devices should be for work purposes only and be aware that
the communications are being monitored. The employee must provide their written consent.
Monitoring of communications on personal devices is prohibited by law under the Data
Protection Act, Civil Rights Act and the Constitution of Argentina.

 Email and Online Messenger Monitoring

Email monitoring is a very sensitive issue and there is a lot of emphasis on ensuring the balance
of privacy and control in this regard.
The jurists have come to a common ground during the past years where monitoring of emails is
permitted under the following circumstances:

(i) Monitoring is done only for the email address provided by the employer and not for
personal email address. The employee should also be informed if copies or backup of
such mail is maintained. In regards of online messenger apps such as WhatsApp, Slack,
Facebook Messenger, Google Hangouts, etc., these can be monitored as long as the user
or private group was formerly created for work purposes only and the employee is fully
aware of this.
(ii) A clear email usage policy is framed whereby it is explicitly mentioned to the employee
that work email address is monitored and he/she should not use the work email address
for personal purposes. The employer must provide training on this policy to their
employees on a regular basis.
(iii) The employee should provide a written consent to have their online and audio
communications monitored and these may be used as evidence against them.

These measures intend to avoid “real privacy expectations” from the employee, which is
determinant to be in compliance with local regulations. The expression “real privacy
expectations” was introduced by the European Court of Human Rights in the case law:
Bărbulescu v. Romania, judgment of 5 September 2017, application no. 61496/0813. This
judgment has been largely accepted by the local jurists.

It is also recommended that access to other web based mail services be restricted on the office
internet network if their usage is sought to be regulated, as intercepting messages sent using
those services may be illegal after they are accessed in the first place.

 General Internet and Network Usage

Access to the internet and control on the websites visited is normally permitted with consent, if
the request for the site is blocked before it is transmitted on the internet. In case of employers
who have taken clear consent for monitoring of internet usage by employees, such an act would
generally not be illegal. The employer must provide clear guidelines related to internet usage so
that the employee is fully aware that is being monitored and there is no real privacy expectation.

 CCTV Monitoring

Monitoring through CCTV Cameras is largely permitted. However, keeping in view privacy
concerns, large signs should be placed at prominent places where CCTV recording takes place. A

13
A copy of the case law can be accessed at
https://rm.coe.int/t-pd-2018-15-case-law-on-data-protection-may2018-en/16808b2d36
specific consent clause may also be placed on the employee handbook if additional safeguard is
desired. Cameras should not be placed at private areas where there is a reasonable expectation
of privacy such as personal cabins or locker rooms.

 Collection and usage of Biometric Data

Biometric data may be collected, used and stored with explicit consent of the employee. Mostly
such measures are used for access control and attendance verification. Large scale usage of such
measures is being also implemented by Government bodies and leading companies mostly
related to the financial industry. Storage and usage of collected biometric data must be in
compliance with general provisions of the Data Protection Act.14

f. Boilerplate Clause

A boiler plate clause which signifies express consent of the employee for monitoring to the
maximum extent permissible by law has to be inserted in contracts before commencement of the
monitoring activities. It must also be ensured that other documents such as the non-disclosure
agreement15 and internet usage policy are in place. A sample of this clause in Spanish would be
as follows:

Cláusula de consentimiento sobre monitoreo de actividad laboral

El EMPLEADO mediante el presente acto presta consentimiento expreso para que el EMPLEADOR,
en uso de las facultades y derechos que le otorga la Ley de Contrato de Trabajo, ejerza el control
y monitoreo de la actividad laboral del EMPLEADO.

Se entiende como “actividad laboral” toda actividad que sea desarrollada por el EMPLEADO, en el
desarrollo de la relación laboral, al igual que el uso de todos los datos de índole financiero y/o
comercial, know –how, conceptos, técnicas, principios, software y hardware y demás aplicaciones
informáticas a los que pudiera tener acceso como consecuencia del desarrollo de sus funciones,

14
A template of Privacy Policy implemented by Government bodies can be accessed at
https://www.argentina.gob.ar/sites/default/files/5554233a01.pdf
15
A template of Non-Disclosure Agreement can be accessed at
https://www.argentina.gob.ar/sites/default/files/cofemod_comisionciberseguridad_normativa_modelo_
de_convenio_de_confidencialidad.pdf
así como otros datos e información, análisis, estudios, notas, recopilaciones, resúmenes, informes
o cualquier otro documento elaborado por el EMPLEADOR.

En ejercicio de dichas funciones, el EMPLEADO presta su consentimiento además para que el


EMPLEADOR monitoree el uso de las herramientas de trabajo proporcionadas al EMPLEADO, a
través de dispositivos electrónicos, de audio y/o video de ser necesario. A continuación, las
herramientas de trabajo proporcionadas, incluyen, pero no se limitan a:
1. Correo electrónico
2. PC/ Laptop
3. Celular/ Smartphone de trabajo
4. Línea de teléfono fijo

El EMPLEADO declara en este acto conocer y aceptar las políticas de monitoreo del EMPLEADOR,
su alcance, restricciones, usos apropiados, política de privacidad, acuerdo de confidencialidad y
sanciones por incumplimiento.

Firma:
Nombre completo:
DNI/Pasaporte:
Fecha:

ENGLISH TRANSLATION:
Consent clause on monitoring of work activity
The EMPLOYEE hereby gives express consent for the EMPLOYER, in use of the faculties and rights
granted by the Labor Contract Act, to enforce control and monitoring of the EMPLOYEE's work
activity.

"Work activity" should be understood as any activity that is performed by the EMPLOYEE, in the
development of the employment relationship, as well as the use of all financial and/or commercial
data, know-how, concepts, techniques, principles, software and hardware and other computer
applications to which they may have access as a result of the performance of their activities, as
well as other data and information, analysis, studies, notes, compilations, summaries, reports or
any other document that belongs to the EMPLOYER.
The EMPLOYEE also gives its consent for the EMPLOYER to monitor the use of the work tools
provided to the EMPLOYEE, through electronic devices, audio and/or video if necessary. Below, the
work tools provided include, but are not limited to:
1. E-mail address
2. PC/ Laptop
3. Mobile/ Smartphone
4. Landline telephone number

The EMPLOYEE declares to be aware of and accept the EMPLOYER's monitoring policies, their
scope, restrictions, best practices, privacy policy, non-disclosure agreement and applicable
sanctions for non-compliance.

Signature:
Full name
DNI (Argentinian ID Card)/ Passport number:
Date: