Using personal mobile devices for work could come at a price

This interview is based on research by Oriol Cremades

Many employees are using their personal phones or computers for work. The line between work and personal technologies is blurring.

Although it may seem a harmless habit, employees and employers should think twice before using personal mobile devices at work, warns Esade researcher Oriol Cremades.

Using personal mobile devices for work can offer many advantages. But the negative consequences for both employees and employers may outweigh these advantages.

Do Better: Is it a bad idea to use personal devices for work?

Oriol Cremades: Many people use their personal mobiles for work unaware of the potential consequences. Sharing business data in personal mobile phones can be risky for companies – it can lead to security breaches, viruses and loss of information. For employees, this practice can lead to a breach of their rights.

What type of breach?

In Spain, a clear example of this type of breach of employee rights can be found in a National High Court judgement regarding the use geolocation data about employees by a takeaway food company (the so-called Telepizza case). Specifically, the company obliged delivery employees to use their personal mobile phones so that they could be geolocalised when making deliveries.

Many people use their personal mobiles for work unaware of the potential consequences

Two labour unions (UGT and CCOO) took legal action against the company and won. The court was very clear in its judgement: the measure violated the fundamental right to privacy by employees, as well as data protection regulations, and was a clear abuse of rights by the employer, thus producing employer's unjust enrichment.

What does the law state about the use of personal electronic devices at work?

There is no specific and clear legislation concerning the effects of this practice – known as Bring Your Own Device (BYOD). Spanish legislation – even labour and data protection regulations – are based on the assumption that employers provide employees with the devices needed to do the job.

But this is no longer true...

BYOD practice is possible because of a widespread cultural trend that is blurring the line between work and private and family lives – and also because of the general vulnerability of employees in labour contracts. Additionally, mobile devices that used to be provided only by companies are now affordable by a large majority of employees. 

Sharing business data in personal mobile phones can be risky for companies

What are the risks of BYOD?

There are many risks. One is the lack of separation between work and private and family life (involving the right to digital disconnection). BYOD also could lead to technostress and uncompensated or unpaid overtime.

Other risks that are not strictly work-related include losing the mobile device or breaking it, which in turn, leads to a loss of information or, in some cases, a security breach. If you use your personal phone for work without your employer knowing about it, you could be endangering the company’s system security. This has happened to politicians. For example, Hilary Clinton used a personal email server that lacked security for work-related matters and her emails were subject to repeated attempts at intrusion.

BYOD could lead to technostress and uncompensated or unpaid overtime

What are other risks of BYOD?

Another risk is the violation of employees' fundamental rights. For instance, an employer could suspect that an employee is using his personal mobile device to transfer information to his competitors. If the employee is using a company device, the employer would have the right to access that device if there is a suspicion (and, in any case, in compliance with the regulations and case law applicable).

But in the case of personal devices this would not be an easy legal matter because the risk of violating fundamental employee rights rise expontentially, especially privacy rights, personal data rights and the right to confidential communications.

It sounds legally complicated...

There could be a way to tackle this. An employer could establish an internal policy that states whether personal devices can be used and under which circumstances. But this does not solve the problem. A better solution would also be to separate the working area from the personal area within the device through an app or similar and install strong security measures. This would allow the employer to access the working area only when there is suspicion of a privacy breach or when it is necessary to control or check the job performance of an employee. 

Employers cannot monitor employees’ emails indiscriminately

Can employers check employees' emails indiscriminately?

Definitely not. Regardless of whether an employee is using a company or personal mobile, employers cannot monitor employees' emails indiscriminately. Employers are obliged to comply with several rights (such as privacy rights, personal data rights and the right to confidential communications) and case law criteria. An employee must be well informed about potential checks in advance and employers can only inspect devices if there is a suspicion – and even then an employer must be very cautious when accessing the device and his inquiries must be delimited and proportionate. For instance, employers should search for very specific keywords (e.g., the name of competitors).

When is a breach of privacy rights most likely?

A breach of privacy rights may happen at any time throughout the life of a labour contract, but an employer may have incentives to breach employee rights when he knows that the labour contract is about to be terminated – because he may think that there is nothing to lose with that breach.

If an employee is suspicious that his or her rights might be violated, he or she should seek the support of employees' representatives, the Labour and Social Security Inspectorate or a lawyer.  

How would you solve the BYOD legal challenge?

I think we need to get to the root of the problem because case-by-case legal actions and solutions don't solve the challenge. In my research I suggest that all collective bargaining agreements should compulsorily include a clause about BYOD policies, including a general principle of specific and adequate compensation.

Labour contracts should also include a clause that states that when the employee uses his own personal mobile for work, the employer must pay an adequate percentage of the related costs to prevent employer's unjust enrichment. This contractual clause would be a materialisation of the mentioned general principle compulsorily included in all collective bargaining agreements. These measures would ensure that all employees are protected at a very basic level. It would be a first step towards a BYOD future that could guarantee employer and employee rights.