What now for workplace privacy?
Recently there has been a lot of press attention about the judgment of the European Court of Human Rights inBarbulescu v Romania. Some sensationalist commentators have been quick to decry the death of privacy for employees. Others have said that the judgment does little to change the current law. But what does this judgment actually mean?
Employers who have concerns about what their employees get up to whilst they are meant to be working, want to be able to investigate. Employees don’t want employers knowing their private affairs. Both positions are understandable, but the law is in tension. With this issue being so important, it is vital to dispel the myths and sensation so that employers and employees know where they stand.
Mr B was employed by a Romanian company as an engineer in charge of sales. At his employer’s request, Mr B set up a Yahoo Messenger account so that he could respond to enquiries from customers. Mr B’s employers had a typical workplace policy which banned the personal use of its internet access for private use.
Mr B’s employer grew concerned about the use of the Yahoo Messenger account and decided to monitor it over a period of 8 days. Mr B was then called to a meeting and presented with a 45 page transcript showing he had used the Yahoo Messenger account for his own private purposes. Mr B was dismissed.
Mr B challenged his employer’s decision in the Romanian courts. The basis of Mr B’s challenge was that his employer had illegally accessed his private correspondence, meaning that it should not be able to rely on his private use of the Yahoo Messenger as a valid reason for dismissal. The Romanian courts rejected this argument.
Mr B complained to the European Court of Human Rights (“ECHR”) that there had been a breach of the European Convention on Human Rights.
The European Convention on Human Rights (“the Convention”)
Most employers are not themselves bound by the Convention as it only applies to public bodies. However, as the courts are public bodies they are bound to interpret domestic laws in light of their country’s obligations under the Convention.
The Convention guarantees the right to respect for private and family life, but also recognises that there are some exceptions such as protecting the rights and freedoms of others. In this case, there is a balance to be struck between Mr B’s right to privacy, on the one hand, and his employer’s interests in making sure that Mr B is performing his duties, on the other.
This ECHR had to decide, therefore, whether or not the Romanian courts struck the right balance.
The ECHR held that although Mr B’s right to privacy was relevant, there had been no breach of the Convention. The ECHR specifically noted that an employer might reasonably want to verify that an employee was undertaking his duties during working hours.
In this case, as Mr B’s employer believed that the Yahoo Messenger account was being used by Mr B for work purposes, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to Mr B’s work activities. Therefore, such access was legitimate.
Further, the ECHR also noted that the employer had respected Mr B’s privacy by only examining the contents of the Yahoo Messenger account and not any other documents on Mr B’s computer.
As a result, the Romanian courts had struck a fair balance, and Mr B’s case was dismissed.
It is fair to say that this case does not change the law. Reasonable monitoring of employees’ electronic communications can be, and remains, lawful but only if it is done correctly. In the UK, employers are bound by strict rules under the Regulation of Investigatory Powers Act and the Data Protection Act.
In short, employers must be careful to show that they have a strong and compelling justification to monitor employee’s workplace communications and must do no more than strictly necessary to achieve this goal. Employers must also take steps to warn employees of the nature and extent of any possible monitoring. Guidance from the ICO is available here.
The key principle is simple: employers can monitor employees’ use of the internet to ensure compliance with reasonable workplace rules, but must intrude as little as possible on their employees’ privacy. In reality, this balance can be difficult to achieve, and the consequences for failing to do so are serious.
Employers who overstep the mark not only risk civil or criminal sanctions, but may find that employees resign and claim they have been constructively, and unfairly, dismissed. Further, a tribunal might reasonably decide to not permit any evidence gathered illegally. In cases where an employee alleges unfair dismissal, this may leave an employer unable to rely on evidence critical to their defence.
If employers are contemplating monitoring employees’ communications they inevitably walk a thin and dangerous line. Employers who have robust and clear policies and procedures in place will likely find their task much easier. However, no matter what the stage, employers considering workplace monitoring are urged to take legal advice to avoid the pitfalls.