Alarming headlines have appeared in the media recently, suggesting that bosses can now spy on their workers’ private emails with impunity. This worrying news follows a judgment of the European Court of Human Rights (ECHR). But is it really a “snooper’s charter” for employers?
What’s it all about?
The case before the ECHR concerned a Romanian engineer, Bogdan Barbulescu, who was fired by his employer for breaking its rule banning use of work systems for personal messages. The case raised the important issue of the right to privacy at work.
At his employer’s request, Barbulescu set up a Yahoo Messenger account for responding to customers. After monitoring his use of the account for a week, the employer accused him of using it for personal messages. He denied this. His employer responded by presenting him with a 45 page long transcript of personal messages he had been sending to his brother and fiancée. The employer fired him for breaking its rules.
Barbulescu complained that his employer’s decision to dismiss him was unlawful. When he lost his case in Romania, he appealed to the ECHR, arguing this was contrary to his right to a private life under Article 8 of the European Convention of Human Rights. The Convention also applies in the UK.
What did the Court say?
The ECHR considered whether, given his employer’s policy, Barbulescu could expect his emails to remain private. Significantly, it distinguished the case from others where some use of work systems for personal emails was allowed. Here, the employer had accessed the Yahoo Messenger account in the belief that it contained only work messages as Barbulescu had (incorrectly) said. The employer conducted a limited, proportionate search to establish the truth. The Court therefore decided a fair balance between Barbulescu’s right to privacy and his employer’s interests had been struck. The dismissal was therefore lawful.
Does this mean my boss can now read all those personal emails I’ve been sending?
This case shouldn’t be cause for alarm. The decision does not overrule previous case law which establishes that workers have a right to privacy in the workplace. The Data Protection Act also places responsibilities on how companies use our information, and provides important protections for “personal data”.
Employers should have a clear IT policy in place and they should warn you if monitoring is to be carried out. Furthermore, any monitoring must be proportionate – in other words, your employer may only review what is really necessary and cannot trawl through irrelevant private communications.
What can I do to avoid running into difficulties?
When you are at work, you should remember that there may be occasions when it is justified for your employer to monitor you. Employers may have legitimate reasons for this, such as assessing performance, preventing “cyberslacking”, and ensuring that staff are not breaking the law or internal procedures.
Check the policy and stick to it. If your employer allows you to use its systems for personal messages, take the simple step of putting “private” or “personal” in the subject heading. Keep any personal use of work systems within reason and, if an email is particularly sensitive, use your own private communications device and wait until outside normal working hours.