The court found the employer's actions seriously culpable and awarded fair compensation of €60,000. In this article, Sander Poelman illustrates the importance of protecting personal data, especially health data, under the General Data Protection Regulation (AVG).
Date: April 18, 2023
Modified November 21, 2023
Written by: Sander Poelman
Reading time: +/- 2 minutes
In this case, the Amsterdam Court of Appeal r uled that an employer had seriously violated an employee's privacy by sharing confidential information about his health with his father via LinkedIn, despite an explicit request not to contact him. The employment relationship had already been disrupted and the subdistrict court had dissolved the employment contract with an award of transitional compensation.
The court found the employer's actions seriously culpable and awarded fair compensation of €60,000. In this article, Sander Poelman illustrates the importance of protecting personal data, especially health data, under the General Data Protection Regulation (AVG).
A CFO of a company breaks off contact with his parents. He tells this to the founder and sole director of the company and his partner. This partner also holds a management position at the parent company. The CFO shares this information in part because he fears that his parents will contact the director and his partner. Accordingly, the CFO asks them to promise to ignore any attempts at contact. The CFO is excused from work for a period of time to settle his affairs, but subsequently ends up on sick leave due to mental health issues. After two months, the company calls the CFO to the company doctor because of the absence.
The CFO hears that the director and his partner have been in contact with his father. He asks them for more information. The director and partner assure him that no such contact took place. The CFO's father sent the partner a message on LinkedIn a few months before, but they did not respond and deleted all postings. The director and his partner continue to deny having had any contact with the parents, even when the CFO formally requests access to his personal information.
The working relationship then further disrupts and mediation also fails to succeed. Moreover, the CFO remains (partially) disabled. The CFO received sickness benefit. The company went to the subdistrict court and requested that the employment contract with the CFO be dissolved because of a disrupted working relationship. The subdistrict court granted the dissolution and awarded the transitional compensation. He did not award equitable compensation to the CFO, because in his view there was no serious culpable action on the part of the company.
The CFO appeals, challenging the district judge's ruling that the firm's actions were not seriously culpable. On appeal, the CFO also brings in a translated transcript of the LinkedIn conversation between the partner and his father. This conversation had indeed taken place - contrary to what the partner had stated about it.
It shows that the initiative of this conversation came from the partner. Although the father sent the first message, the partner decided to respond to it two months later. He had no reason to do so, all the more so given the explicit request not to respond to such messages.
The conversation includes the CFO's health situation. The partner writes that the CFO is not at work and is seeing a psychiatrist. The partner additionally asks the father if the company should know about anything, if the CFO has a history of mental illness and if he has been hospitalized before. The partner adds that an admission would possibly be better for the CFO.
The court stated that there was a "flagrant" violation of the CFO's privacy. The director and his partner were aware of the broken contact, had been asked not to respond to contact requests, and then shared highly confidential data with his father. Not only health data, but also the CFO's residence.
The court of appeal concluded that there was serious culpability on the part of the employer, which led to a breakdown in the employment relationship. The court dissolves the employment contract, but awards a fair compensation of €60,000.00 in addition to the transitional compensation.
Under the General Data Protection Regulation (GDPR), employers are prohibited from processing special data, such as health data. The employer may only process this data if there is a statutory exception. That exception did not exist in this situation.
Incidentally, neither the Subdistrict Court nor the Court of Appeal addressed this violation of the AVG. However, if an employer violates the AVG, this may also be an independent ground for claiming damages. In addition, an employer can also be fined by the Personal Data Authority (AP).
Wondering if your organization complies with applicable privacy laws? Or do you have questions about how to handle employee health data? Please contact us, we will be happy to help you!
As attorneys for business owners , we understand the importance of staying ahead. Together with us, you will have all the opportunities and risks in sight. Feel free to contact us and get personalized information about our services.