A spate of alarming headlines appeared in the media in January 2016 which suggested that employers can spy on their workers’ private emails and messages in the workplace. This follows a recent judgement of the European Court of Human Rights (ECHR). There has already been talk of a “Snoopers Charter” relating to our personal internet activities. Will this case result in a “Snoopers Charter” relating to the workplace?
The facts of the case
The case concerned a Romanian engineer, Bogdan Barbulescu who was fired by his employer for breaking its rules which banned the use of work systems for personal messages. The employer requested that he set up a Yahoo Messenger account for responding to customers. The employer monitored his use of the account and discovered he was using it for personal messages to his brother and fiancée, as well as for messages to professional contacts. Despite his denials, the employer fired him for breaking its rules. Barbulescu argued that the employer’s decision to fire him was unlawful. He lost his case in Romania’s domestic courts and then appealed to the ECHR, arguing his right a private life had been breached under Article 8 of the European Convention of Human Rights.
What did the court say?
In monitoring the use of the account, the court held it had been necessary for his employer to access his records. The employer conducted a limited and proportionate search because it did not access other information stored on his work computer. The employer had accessed the Yahoo Messenger account in the belief that it contained only work messages. The court also added that Barbulescu had had prior warning that the company could check his messages on the account. It was decided a fair balance between Barbulescu’s right to privacy under Article 8 and his employer’s rights had been struck. The decision of the employer was found to be lawful.
Should you be alarmed by this decision?
I would not worry too much about the decision of the ECHR. For starters the decision does not introduce any new rules. There is also current case law which clearly states that workers have a right to privacy in the workplace. The Data Protection Act 1998 also governs the employers use of our personal information and provides protections for “personal data”. This case raises a very important point when it comes to personal communications in the workplace. Employers should clearly explain any policies that would allow them to monitor their workers’ communications. The monitoring should also be proportionate and seek to identify only what is necessary.
What should we learn from this case?
This case serves as a useful reminder for everyone to check their company’s IT policy in relation to using private communications in the workplace. Employers also need to be clear about why they are monitoring communications so employees are aware and can take the relevant steps to mark their communications as either “private” or “public”. It would also dispel the notion that employers can spy on all communications made by its employees. Common sense should also be applied. If you know your employer’s policies allow work communications to be monitored, use your own phone or tablet, and use mobile data, if you have it, instead of the employer’s Wi-Fi. Applications that use encryption such as WhatsApp and others provide an added layer of security.
26 February 2016