The right of access to personal data provided for by the General Data Protection Regulations (GDPR) has existed in France since the Data Protection Act of 1978. But from the entry into force of the GDPR, in May 2018 , the number of people exercising their right of access has increased considerably.
This resurgence can be seen in particular in industrial tribunal disputes. Many employers, summoned before the industrial tribunal by their former employee, are thus asked, on the alleged basis of the right of access, to communicate numerous documents, sometimes even including internal emails in which appear, at a given moment , the name of the employee when he is neither the recipient nor the sender of said emails.
Faced with this massive abuse of the right of access, one of the limits of which is the secrecy of correspondence, employers are often cautious. It must be said that the position of the National Commission for Computing and Liberties (CNIL), was until then not of great support because of its lack of precision.
“hidden identity”
In its May 2019 sheet on “ Access to his professional file “, she indicated that “the employee can obtain access to and communication of all the data concerning him, whether they are kept on computer or paper. He thus has the right to access data relating to his recruitment, his career history, the evaluation of his professional skills (annual evaluation interviews, rating), his training requests and any evaluations thereof, his disciplinary file, the use of his access control badge to the premises, his data from a geolocation device, any element used to make a decision concerning him (a promotion, a raise, a change of assignment, etc). These may be the annual rank values, sometimes referred to as “ranking”, or career potential, etc. “.
If she recalled that the right of access is a “personal right which must not infringe the rights of third parties” and that it cannot be exercised with regard to data protected by business secrecy, intellectual property or the secrecy of correspondence, it mentioned that “in the case of a right of access relating to a detailed report drawn up following a malfunction, the identity of the persons mentioned in the document, other than the person exercising his right, must be concealed”.
You have 46.45% of this article left to read. The following is for subscribers only.