A recent decision of the European Court of Human Rights on the right of an employer to monitor its employees’ personal communications on the company’s computer system has attracted a great deal of media coverage. It has been reported as a decision which gives employers the freedom to access their employees’ electronic communications without acting in breach of the law. However, this would be a dangerous message to take away from this case.
The employee involved was dismissed for his inappropriate use of the company’s IT systems, in breach of its internal policies. As part of its investigation the employer accessed private messages sent by the employee to friends and family relating to personal matters. The employer relied on these messages as part of its internal disciplinary procedures and when defending its decision to dismiss him in the courts. The ECtHR held that the company’s monitoring and use of the employee’s personal communications at work had not breached his right to ‘respect for private life’.
The case in fact serves to confirm that it is common for employees’ private lives to extend into the workplace and that employees have a valid expectation of privacy. However, this is subject to the employer being entitled to take steps to check (using its electronic systems) that its employees are working during office hours, so long as it:
- has in place clear guidance about the standards that must be met when using the company’s IT systems, the form of monitoring that may take place and the action that will be taken if employees breach those standards;
- has put its mind to whether monitoring in the given instance is justified (preferably with records to show that this has been done);
- informs the employee in advance of carrying out such monitoring; and
- complies with its duties under the Data Protection Act when carrying it out.
The starting point, as emphasised by the ECtHR, is for employers to have a clear and up to date policy on the use of their IT systems and social media.