Systems that measure performance are essential for companies, as the individual productivity of their staff directly affects their competitiveness. The implementation and/or modification of these systems, as well as the appraisal of performance, may have legal implications that are not only limited to labor law but also impact other areas such as data protection.
In a strictly labor and employment environment, certain changes in the performance appraisal system that affect an employee’s remuneration may require doing so through the material change in working conditions mechanism provided for in article 41 of the Workers’ Statute.
There is also a duty to report to and consult the workers’ legal representatives in the event of implementation and review of employment organization and control systems, working hour studies, establishment of bonus and incentive systems and job appraisal, according to article 64.5.f) of the Statute.
Worker performance is such important data that its negative growth may even justify the maximum disciplinary penalty the event of an ongoing and voluntary decrease in normal or agreed performance, as it is specifically contemplated as one of the contractual breaches that constitutes grounds for dismissal pursuant to article 54.2 of the Workers’ Statute.
However, the measure of an employee’s performance transcends even labor law and must also be analyzed from other perspectives.
Since the General Data Protection Regulations (GDPR) became fully applicable to all companies as from May 25, 2018, there have been major amendments to data protection legislation. Whereas in the past, everything was governed by the “principle of consent” with respect to the processing of personal data, new conditions have now been added that may support lawful processing, which are contained in article 6.1 of the GDPR (when the data subject has given his/her consent for specific purposes, it is necessary to perform a contract or comply with a legal obligation or to satisfy legitimate interests, for example).
Bearing in mind the above mentioned legislative change, the Spanish Data Protection Agency (AEPD), in Inquiry 2018-0183, dealt with an interesting case in which a meat producer company consulted the lawfulness of publishing a weekly list on its notice board showing the individual performance of each employee.
As stated by the Company in its inquiry, the objective pursued by the publication of the data was, in addition to transparency, to generate an environment of healthy competition between the employees to improve productivity in general.
The AEPD decided that the publication of the productivity data was in accordance with article 6.1.f) of the GDPR, as there is a legitimate interest of the employer -to generate healthy competitiveness between its employees and therefore improve productivity in general- and of the employees -to be aware of their own productivity when it affects their remuneration-.
In conclusion, the AEPD considered it transcendental that the workers appearing on the notice board were identified by their registration number, data that was only known by the employee and the human resources department, thus sufficiently guaranteeing the secrecy of the data. In addition, it was considered positive that the publication appeared on the notice board in the actual room the workers affected provided their services and not on the intranet or a website, thus avoiding public knowledge of the data by third parties.
In short, according to the criteria of the AEPD, in addition to preventing general publication, the lawful publication of the workers’ productivity should not contain data that enabled their identification if the same objective can be reached with less invasive methods, such as in the case at hand, as it must be guaranteed that the productivity data cannot be used in future processing for any purpose that is incompatible with the reason why it was gathered.