In January 2016, the European Court of Human Rights found an employer’s monitoring of its workers’ private communications permissible. The case raises important questions as to why employers should monitor email and Internet use and whether there is a right to privacy at work.
Firstly we’ll outline the facts of the case. Mr Barbulescu had set up a Yahoo account, at his employers’ request, to communicate with clients. The employer had a written policy prohibiting personal use of its IT systems. The employer banned Mr Barbulescu from using the Yahoo account further after it was discovered that he had used it for personal reasons.
The employee denied that this was the case and the employer produced evidence of the personal communications from the account. Mr Barbulescu was ultimately dismissed, having breached the internal regulations and denied that he was in fact using the account for personal communications.
He complained that his right to privacy had been breached. The Court found that it was not unreasonable for an employer to want to verify that its employees were working during working hours. Mr Barbulescu’s denial made it reasonable for the employer to then look further at his communications in the Yahoo account as it did not believe him. The Court concluded that a balance must be struck between the rights of workers to privacy and the employer’s rights.
Why monitor use of telecommunications?
This might be an obvious question to an employer, but not always to an employee.
Misuse of an employer’s telecommunications systems can have a number of consequences.
There is a risk that personal emails, for example, could contain unprofessional remarks, which might include language that would fall foul of the employer’s code of conduct or which might amount to harassment or discrimination.
Linking such content to the employer could cause embarrassment or reputational damage; even the broadsheets enjoy reporting on those unpleasant emails about mother in laws or rugby tours that go viral in minutes. Alternatively, misuse could physically damage the employer’s systems by introducing a virus for example. The employee could be engaging in unlawful activities in the company’s name or revealing an employer’s trade secrets irrespective of whether or not the use occurs during normal working hours.
Less consequential, personal use of the employer’s information systems could still be disruptive to the employer’s business if it occurs during business hours, particularly if excessive use, distracting the employee from work.
The law
While headline hitting, Mr Barbulescu’s case is nothing new. Similar issues have been heard in the UK employment tribunals before, but this decision from the European Court will take precedence.
Employers may monitor employees in the workplace in limited certain circumstances. If the employer has a specific, clear policy in place permitting monitoring and delineating what is and what isn’t permitted telecommunications use, the employer can be confident in doing so.
There is a good handful of UK regulation for workplace surveillance in this area, complemented by international legislation
• Data Protection Act 1998 - limits the employer’s ability to hold and process personal data
• Regulation of Investigatory Powers Act 2000 - it is unlawful to intercept a communication in the course of its transmission in the UK except with express or implied consent
• Telecommunications Regulations 2000 - without consent, an employer may still monitor telecommunications provided that it is for a specified purpose relevant to the business, such as investigating or detecting the unauthorised use of the telecommunication system. The test for this is relatively high and employees must have been told that interception might take place.
• The European Convention on Human Rights Article 8 - contains an express right to private and family life and our domestic law must be read in light of this right.
• Human Rights Act 1998 - Employees of public bodies can enforce the right directly against their employer under the.
These convention rights are not absolute, but are subject to exceptions where interference (e.g. by the employer) is proportionate.
The Employment Appeals Tribunal (EAT) held that an employee, Mr Atkinson, of a public body who had sent overtly sexual emails on the employer’s email system did not have a reasonable expectation of privacy. The employer’s IT policy contained provisions precluding such communications. Mr Atkinson was well aware of it, as he had actually written the policy!
In earlier cases before the European Courts, the Court had established that if the employee did not believe that their telecommunications were being monitored, the employee’s right to privacy was indeed breached as was the case of a police officer who had been told that her phone was not being tapped, when in fact it was.
Employer’s must ensure that their written policies communicated to staff contain the requisite notice that the employer may monitor use of all telecommunications systems otherwise monitoring may not be justifiable. The policies should be kept up to date as technology changes i.e. a policy, which allows monitoring of email, or Internet use will not be sufficient to allow an employer to track an employee’s whereabouts by monitoring the location of their company mobile phone.
Importantly, “monitoring” does not normally extend to reading private communications. If the communication is obviously personal, the employer should not go further and review its contents save in exceptional circumstances. Mr Barbulescu gave his employer just cause to do so once he denied that he had sent personal communications.
With the right policies in place, this judgement underlines employers’ rights to monitor both the existence and content of “private” communications to ensure workers are spending their time at work working. The case is not however a green light to employers to simply monitor and read all communications without first having given notice to the employee that it would monitor and also having good reason to look at the content of private communications.
By Emma Barlett, partner, Charles Russell Speechlys LLP
In January 2016, the European Court of Human Rights found an employer’s monitoring of its workers’ private communications permissible. The case raises important questions as to why employers should monitor email and Internet use and whether there is a right to privacy at work.
Firstly we’ll outline the facts of the case. Mr Barbulescu had set up a Yahoo account, at his employers’ request, to communicate with clients. The employer had a written policy prohibiting personal use of its IT systems. The employer banned Mr Barbulescu from using the Yahoo account further after it was discovered that he had used it for personal reasons.
The employee denied that this was the case and the employer produced evidence of the personal communications from the account. Mr Barbulescu was ultimately dismissed, having breached the internal regulations and denied that he was in fact using the account for personal communications.
He complained that his right to privacy had been breached. The Court found that it was not unreasonable for an employer to want to verify that its employees were working during working hours. Mr Barbulescu’s denial made it reasonable for the employer to then look further at his communications in the Yahoo account as it did not believe him. The Court concluded that a balance must be struck between the rights of workers to privacy and the employer’s rights.
Why monitor use of telecommunications?
This might be an obvious question to an employer, but not always to an employee.
Misuse of an employer’s telecommunications systems can have a number of consequences.
There is a risk that personal emails, for example, could contain unprofessional remarks, which might include language that would fall foul of the employer’s code of conduct or which might amount to harassment or discrimination.
Linking such content to the employer could cause embarrassment or reputational damage; even the broadsheets enjoy reporting on those unpleasant emails about mother in laws or rugby tours that go viral in minutes. Alternatively, misuse could physically damage the employer’s systems by introducing a virus for example. The employee could be engaging in unlawful activities in the company’s name or revealing an employer’s trade secrets irrespective of whether or not the use occurs during normal working hours.
Less consequential, personal use of the employer’s information systems could still be disruptive to the employer’s business if it occurs during business hours, particularly if excessive use, distracting the employee from work.
The law
While headline hitting, Mr Barbulescu’s case is nothing new. Similar issues have been heard in the UK employment tribunals before, but this decision from the European Court will take precedence.
Employers may monitor employees in the workplace in limited certain circumstances. If the employer has a specific, clear policy in place permitting monitoring and delineating what is and what isn’t permitted telecommunications use, the employer can be confident in doing so.
There is a good handful of UK regulation for workplace surveillance in this area, complemented by international legislation
• Data Protection Act 1998 - limits the employer’s ability to hold and process personal data
• Regulation of Investigatory Powers Act 2000 - it is unlawful to intercept a communication in the course of its transmission in the UK except with express or implied consent
• Telecommunications Regulations 2000 - without consent, an employer may still monitor telecommunications provided that it is for a specified purpose relevant to the business, such as investigating or detecting the unauthorised use of the telecommunication system. The test for this is relatively high and employees must have been told that interception might take place.
• The European Convention on Human Rights Article 8 - contains an express right to private and family life and our domestic law must be read in light of this right.
• Human Rights Act 1998 - Employees of public bodies can enforce the right directly against their employer under the.
These convention rights are not absolute, but are subject to exceptions where interference (e.g. by the employer) is proportionate.
The Employment Appeals Tribunal (EAT) held that an employee, Mr Atkinson, of a public body who had sent overtly sexual emails on the employer’s email system did not have a reasonable expectation of privacy. The employer’s IT policy contained provisions precluding such communications. Mr Atkinson was well aware of it, as he had actually written the policy!
In earlier cases before the European Courts, the Court had established that if the employee did not believe that their telecommunications were being monitored, the employee’s right to privacy was indeed breached as was the case of a police officer who had been told that her phone was not being tapped, when in fact it was.
Employer’s must ensure that their written policies communicated to staff contain the requisite notice that the employer may monitor use of all telecommunications systems otherwise monitoring may not be justifiable. The policies should be kept up to date as technology changes i.e. a policy, which allows monitoring of email, or Internet use will not be sufficient to allow an employer to track an employee’s whereabouts by monitoring the location of their company mobile phone.
Importantly, “monitoring” does not normally extend to reading private communications. If the communication is obviously personal, the employer should not go further and review its contents save in exceptional circumstances. Mr Barbulescu gave his employer just cause to do so once he denied that he had sent personal communications.
With the right policies in place, this judgement underlines employers’ rights to monitor both the existence and content of “private” communications to ensure workers are spending their time at work working. The case is not however a green light to employers to simply monitor and read all communications without first having given notice to the employee that it would monitor and also having good reason to look at the content of private communications.
By Emma Barlett, partner, Charles Russell Speechlys LLP
