The decision of the European Court of Human Rights last week appeared to answer a difficult question for employers, namely are they able to snoop on their employees' electronic communications to check they are complying with their email / electronic communications policies? In that case, the answer had been “yes”, because a fair balance had been struck between the employee's right to respect for his private life on the one hand, and his employer's interests, such as to check for potential damage to their IT systems, illicit activity in the company's name or the leaking of company secrets, on the other.
That is undoubtedly helpful, but is that the main problem for employers these days? And will it be the main issue in the future? The case in point concerned an engineer in charge of sales for a company in Romania. His employer had asked him to set up a Yahoo Messenger account for work purposes, so he could respond to client enquiries. In fact he also used it to communicate with his girlfriend and his brother, including in relation to issues involving his sexual health. He was caught because his employer monitored his account, and he was fired.
That all happened in 2007. The ECHR decision came out some eight years later in January 2016. But by now the real issue in many cases, concerns employees using or misusing, not anything set up via their employer’s own systems, but their Bring Your Own Devices (BYODs). What can employers do these days to ensure their employees remain focused on their work, given all the distractions that electronic and social media, ubiquitously available nowadays, can provide? For example, are they able to check personal devices used as BYODs, to see that electronic exchanges taking place in work time are genuinely of an emergency nature, and/or are not excessive in terms of time.
Given that technology is arguably moving as fast as it ever has, it is helpful to go back to first principles to see where the law is heading. And the advice given by the Information Commissioner’s Office is always helpful in this respect. The key is to be open with your employees and tell them you are going to monitor and why. As regards electronic communications on work devices, such monitoring is undoubtedly intrusive, and offends against employees’ (reasonable) expectations to keep their personal lives private. How much more so if the monitoring was to concern, not the Employer’s device, but the Employee’s. Such monitoring would need to be justified, and it would have to be proportionate. There would unquestionably be a high burden on any employer who wanted to "snoop" on one of their employees' BYODs.
But what if an employer says to an employee - we will allow you to make use of a BYOD, but only if you give us the opportunity to monitor it from time to time. Otherwise please only use your private electronic devices for personal purposes outside normal working hours, save for occasional emergencies should the need arise, and then please mark the heading in such a way that it is plain the communication is a personal one.
That should be clear. But it does underline the fact that employers really do need to keep their policies under constant review. Given that BYODs are a significant "game changer", the recent ECHR case, whilst helpful, is not going to answer all employers concerns in this area. But for now it is clear that in most cases, employers will be free to check on electronic communications in so far as they have been made via a work device, the policy can be justified, and, crucially, they have been very clear in their policies that this is what they are going to do.