European court finds no breach of fundamental right to privacy when:
- Employer monitored employee’s Yahoo Messenger account.
- Employer’s internal policy clearly prohibited personal use.
- Employer limited scope of monitoring.
Employers with European operations have become accustomed to workplace privacy rules that prohibit information management practices in the EU that are generally accepted in the United States. In the wake of a recent ruling, however, the picture may not be so dark. The European Court of Human Rights on January 12 ruled that a Romanian employer did not breach its employee’s privacy rights when it monitored his Yahoo Messenger account and subsequently fired him for breach of the company’s computer use policy. The court, which addresses cases involving alleged violations of civil and political rights, issues decisions that are binding on the countries concerned (in this case, Romania) and that often are persuasive precedent for other European member state governments.
Following is a summary of the events that resulted in the case going before the court:
- Bogdan Mihai Bărbulescu, a Romanian national, was employed by a private company located in Romania. At his employer’s request, Bărbulescu created a Yahoo Messenger account for the purpose of responding to client inquiries.
- Three years later, the employer notified Bărbulescu that his Yahoo Messenger communications had been monitored and that 45 pages of transcripts showed he used the internet for personal reasons in violation of the employer’s internal computer use policies, which explicitly prohibited the use of the company Yahoo Messenger account for personal communications.
- The employer subsequently fired Bărbulescu for breach of its internal computer use policies.
- Bărbulescu sued the employer and lost both his initial case and a subsequent appeal.
In affirming the decision in the employer’s favor, the court noted a number of sources of relevant Romanian and international law, but it ultimately restricted its analysis to the application of the Convention for the Protection of Human Rights and Fundamental Freedoms (Convention). In particular, the court considered Article 8 of the Convention, which provides that a person “has the right to respect for his private and family life, his home and his correspondence” and with some exceptions, prohibits interference with that right.
The court ultimately held that the employer did not breach Bărbulescu’s rights under Article 8 and that a fair balance was struck between Bărbulescu’s right to privacy and his employer’s interests. The court based that holding primarily on its findings that:
- Because of the existence of the employer’s internal policy, Bărbulescu did not have a reasonable expectation that his communications would be free from monitoring.
- The employer accessed Bărbulescu’s Yahoo Messenger account in the belief that it contained professional messages and acted within its disciplinary powers when it found that its internal policies had been violated.
- The employer only accessed communications on Bărbulescu’s Yahoo Messenger account. The employer did not access other data stored on his computer.
The court’s ruling, which represents somewhat of a departure from Europe’s general tendency to favor individual privacy rights, reiterates for employers the importance of adopting comprehensive internal policies that are clearly communicated to employees.