This post is also available in: Español

The Spanish Central Criminal and Administrative Court (the “CCAC”) recently issued an important judgment on the limits on geolocating employees (judgment 13/2019 of February 6). The judgment examined the case of a well-known pizza delivery company that implemented a geolocation system using an application installed on employees’ cellphones, so that customers can live-track their orders (which is possible with many platforms for food delivery to homes).

The CCAC found in favor of the complaints filed by the Spanish trade unions UGT and CCOO, referring to the new Spanish Act on Data Protection and Guarantee of Digital Rights (“the Act”) (although the Act was not in force when the events occurred), namely articles 12 and 13 on reporting obligations and article 90 on employee geolocation systems.

The CCAC’s labor division ruled that the company’s actions were inadmissible based on the following:

  1. Insufficient advanced information to the employees’ legal representatives. The information that the company provided to the Joint Workers Committee was considered insufficient to allow the committee to issue a report under article 64 of the Spanish Workers Statute. According to the proven facts, during the meeting with the committee, the company “informed only that it intended to implement an order geolocation system that would require employees to carry a cellphone with an app downloaded for that purpose, on request by the company, and that compensation would be paid for doing so. The employee’s refusal or inability to carry such a device would be grounds to terminate their employment under article 49.1.b) Spanish Workers Statute.”
  2. Insufficient advanced information to employees. When the company implemented the geolocation system, it did not provide its employees with the information stated in articles 12 and 13 General Data Protection Regulation (“GDPR”). The judgment analyzed the clause of the employment contract that does not (i) mention the possibility of employees being geolocated; and (ii) provide any of the other information that has become mandatory since the GDPR came into force, such as the legal basis of the processing, the duration of data storage or the possibility of exercising rights of access, correction and erasure.
  3. In this case, geolocation does not meet the proportionality requirement. The CCAC confirmed that the employee’s location is personal data protected under article 18.4 Spanish Constitution (a fact neither of the parties denied) and found that the company’s intent­—for customers to know the location of their orders at all times—could be determined using other means that would not encroach so much on employees’ fundamental rights, such as: “Installation of geolocation systems on the motorbikes that transport the orders or wristbands featuring such devices, meaning that the employees do not have to use their own resources or, above all, provide personal data such as a telephone number or email address to be sent an app download code to activate the system.”
  4. Annulment of termination clause in contract under article 49.1 b) Spanish Workers Statute. In addition to considering that the requirement for employees to provide a cellphone with a data connection to do their work is a “clear abuse of business law” (even if the company pays some of the maintenance and internet connection cost), the labor division concurred with the labor inspectorate that the “termination clause” included in employment contracts was a de facto disciplinary scheme implemented in an individual employment contract and breached article 58 Spanish Workers Statute.

This judgment is important because (i) it applies new employment provisions brought in by the Act; and (ii) it not only shows the Spanish courts’ propensity to greater protection of this fundamental right in labor relations, but places a demand on employers to scrupulously comply with the new regulatory paradigm, particularly the proportionality principle restricting the processing of employees’ data.



This post is also available in: Español



42 artículos

Abogada del Área de Conocimiento e Innovación de Cuatrecasas. Profesora colaboradora en ESADE


6 artículos

Asociado del Área de Propiedad Intelectual y Protección de Datos. Especialista en protección de datos y tecnologías disruptivas. Participa en el asesoramiento recurrente en materia de protección de datos y contratación tecnológica de compañías nacionales e internacionales, especialmente en la configuración jurídica de evaluaciones de impacto, transferencias internacionales de datos personales, contratos de encargo de tratamiento y en el asesoramiento durante violaciones de seguridad. Además de prestar asesoramiento continuado a clientes en los ámbitos mencionados, tiene experiencia en asesorar a empresas de diferentes sectores en la configuración legal de proyectos que implementan tecnologías disruptivas, tales como el Big Data, Internet of Things, artificial intelligence y smart robots.