The latest case on the monitoring of personal messages on work related messaging accounts has been in the newspapers and on the radio. The coverage has given the impression that employees no longer have any right to privacy at work. Unfortunately for employers this European case does not give you the right to have a look at all those personal emails received by your employees. This case does not override existing UK legislation including the Data Protection Act 1998 nor previous European case law on the reasonable expectation of privacy and the need for any interference to be proportionate.
The actual case was limited in scope as it concerned whether the State (not the employer) had acted properly to protect the employee’s privacy, in the context of a claim to nullify his dismissal under domestic labour law.
The case - Barbulescu v Romania
The employee was dismissed for personal internet use at work, contrary to the employer’s internal rules which strictly prohibited any personal use whatsoever of the company’s computers, internet or telephones. He had used his work related Yahoo Messenger account to exchange messages with his brother and fiancée containing intimate personal information about his health and sex life during work time. Mr Barbulescu brought a claim against the Romanian government in the European Court of Human Rights arguing that by finding his dismissal was lawful that they had failed to protect his rights to privacy and correspondence. He argued that the monitoring of his internet usage and the use of Yahoo messages in disciplinary proceedings was an interference with his right to privacy.
It was found that the interference into his private right had been proportionate. It was not unreasonable for an employer to want to verify that employees are working during working hours. The monitoring was limited in scope (they had not looked at other data or documents) and was in the court’s view proportionate.
The employer in this case allowed the private message transcripts into the hands of Mr Barbulescu’s colleagues, who then openly discussed them at work which stands out as an unjustified breach of privacy and data protection principles but no comment was made on it.
So what do you need to consider when monitoring employees?
There is a duty of trust and confidence implied into every employee’s contract and monitoring activities could constitute a breach of this duty depending on the circumstances. If disciplinary action is taken against an employee, the concept of fairness and procedural requirements may also be relevant. Employees who believe they have been unfairly targeted could also claim discrimination. Employers also need to consider the Data Protection Act 1998, The Regulation of Investigatory Powers Act 2000 (RIPA 2000), The Telecommunication (Lawful Business Practice) (Interception of Communications) Regulations 2000 and the Human Rights Act 1998.
Some good practice recommendations:
- Provision of information to employees about monitoring
Employees should be informed that they are going to be monitored.
This could be part of an induction process, confirmation that they read the policy in full before they access email or internet. It could include reminder systems that pop up when workers access email or internet and training.
Employees should be left with a clear understanding of:
- When information about them is likely to be obtained
- How the information will be used
- Who, if anyone, the information will be disclosed to.
If it is necessary to check the email accounts of workers in their absence, ensure they are aware this will happen.
- Have a clear electronic communications policy that is well-publicised and applied consistently.
This article is aimed at private sector employers. Those in the public sector are expressly subject to more privacy rights.
This case is a reminder that if you are monitoring employees then you need to do it in a way that is lawful otherwise you could open yourself up to many claims. This will depend on what you are monitoring and how this is being done.