A very controversial topic in the modern workplace pertains to the issue of monitoring workplace internet and telephone use by the employer. On the European level this issue has been put before the European Court of Human Right (“ECtHR”) in a number of occasions, most recently in the 2016 Barbulescu case in which ECtHR found that the employer rightfully dismissed an employee who breached the employer’s internal computer usage policy. This landmark decision which spurred much controversy, however, has recently been overturned by the Grand Chamber. New developments bring attention to Serbia’s lack of explicit solutions regarding this issue.
In the 2016 Barbulescu case the ECtHR ruled that the employer rightfully dismissed an employee who breached the employer’s internal policy on computer use. This decision spurred hot debates and raised headlines such as: “The Death of Workplace Privacy” and “Green Light for Employee Monitoring”. However, on 5 September 2017 Grand Chamber of the ECtHR ruled that the in the Case of Barbulescu v. Romania, the Romanian state authorities failed to ensure the respect of the right to privacy in the context of employment relationships of an employee who was dismissed on disciplinary grounds for having used the Internet for personal purposes during his working hours, based on evidence obtained by the employer by monitoring the employee’s electronic communications. Moreover, the judgment foretells that it is pertinent to inform employees in advance of potential monitoring – ideally, the internal documents of the employer should from the very beginning contain a description of the possible scenarios in which monitoring could be carried out.
Serbian laws, however, do not set out clear guidelines for employers regarding what they can monitor.
Although this issue is not explicitly regulated in Serbian law, its legal regime is derived by observing the provisions of the Serbian Labor Act and Personal Data Protection Act. The competent regulatory authority in this area, the Serbian Data Protection Commissioner, has not provided any official opinions on this matter.
In line with the Serbian Personal Data Protection Act the monitoring and accessing data on Employee’s computer activity constitutes processing of personal data, which is, under Articles 8 and 10 of the Personal Data Protection Act allowed in the case that the processor is authorized by law to carry out such processing, or in the case that the person to which the data pertains has been notified of the processing and its scope, and has provided its written consent to the processing.
Further, it should also be noted that in line with Article 15 of the Serbian Labor Act, the employees are bound to respect the organization of work at the employer as well the rules and conditions of the employer related to fulfilling its contractual obligations, and in line with Article 179 of the Labor Act, the employer can dismiss an employee in the case that the employee is using the equipment of the employer for non-work related uses.
The Data Protection Commissioner has, regarding this issue expressed its opinion that the employer can request access to employee’s emails which pertain to business correspondence, but any further monitoring can only be carried out if it proportionate and carried out with a legitimate aim. The Commissioner underlined that certainty in this regard is the most important issue – i.e. employees must be notified in advance of the possibility and the extent of the monitoring, and it is pertinent that employers establish transparent guidelines to that extent.
The Commissioner’s attitude, therefore, falls in place with the attitude of Grand Chamber from its September decision. What this practically means for employers in Serbia is that – in order to be able to invoke the rules on computer monitoring, the rules must firstly be implemented, and be as detailed as possible.
Achieving a balance between legitimate expectation of the employer that the employees should use working equipment for work purposes, and the right of employees to workplace privacy is a delicate issue. Although decisions of ECtHR on this matter can serve as a useful guideline for authorities in any jurisdiction, the sensitivity of the issue, as well as possible ramifications of wrong application dictate the need for more precise and detailed provisions in Serbian law.