While not forbidding email mornitoring the European Court of Human Rights defined the scope of corporate email snooping and said that companies have to tell employees in advance if their work email accounts are being monitored without unduly infringing their privacy.
The issue has become even wider than the odd autocractic boss who wants to know everything his employees are doing. More people use corporate mobile phones and work addresses for personal correspondence and employers are demandingthe right to monitor email and computer usage to ensure staff use work email appropriately and to protect their systems.
Courts so far have sided with employers on the issue and this ruling makes things a lot clearer. – although an employer may restrict the employees’ privacy in the workplace, it may not reduce it to zero.
The ruling also showed that employees need to be made well aware of the possible consequences of using email for personal use against company policies. But they added that the restrictions on the extent to which employers could monitor people’s communications are not really new as they are reflected in existing privacy legislation and have been recognized as good practice by companies in countries like Britain.
The judgment was centred on the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu’s private correspondence because his employer had not given him prior notice it was monitoring his communications.
The company had presented Barbulescu with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use. Barbulescu had previously told his employer in writing that he had only used the service for professional purposes.
The European court in Strasbourg ruled by an 11-6 majority that Romanian judges, in backing the employer, had failed to protect Barbulescu’s right to private life and correspondence.
The court concluded that Barbulescu had not been informed in advance of the extent and nature of his employer’s monitoring or the possibility that it might gain access to the contents of his messages.
The court also said there had not been a sufficient assessment of whether there were legitimate reasons to monitor Barbulescu’s communications. There was no suggestion he had exposed the company to risks such as damage to its IT systems or liability in the case of illegal activities online.
Esther Lynch, confederal secretary of the European Trade Union Confederation said that this set of requirements will restrict to an important extent the employers’ possibilities to monitor the workers’ electronic communications.
“Although it does not generally prohibit such monitoring, it sets high thresholds for its justification. This is a very important step to better protect worker’s privacy.”
Courts will require employers to clearly demonstrate the steps they have taken to address the issue of privacy in workplace, both in terms of granting employees ‘space’ to have a private life whilst clearly delineating the boundaries.