In a case referring to the employees’ rights to the privacy of their correspondence and communications, the European Court of Human Rights (hereafter ECtHR) has ruled that employers are entitled to monitor their employees’ private online communications conducted through means of a messaging account provided for professional purposes.
The details of the case are as follows: the employment’s contract of Romanian engineer was terminated by his employer, back in 2007, after the company he worked for found out that he was using messaging services, such as Yahoo Messenger, to conduct personal contacts, namely with his brother and fiancée. The account was created, at the employer’s request, strictly for professional purposes and a personal use was specifically forbidden by the company policy, of which the employee was made aware. The internal regulation established, inter alia, that “it is strictly forbidden to disturb order and discipline within the company’s premises and especially … to use computers, photocopiers, telephones, telex and fax machines for personal purposes.”
While the company considered that the employee had breached the company rules by using the service for personal purposes, and thus the termination of the employment’s contract was justified, the employee argued that the termination decision was illegal due to be founded on a violation of his rights to respect for his private life and correspondence.
Among the pertinent legal instruments deemed applicable and referred by the ECtHR are, obviously, the European Convention of Human Rights (hereafter ECHR), the Directive 95/46/EC and the Art.29WP “Working document on the surveillance and the monitoring of electronic communications in the workplace”, which I also have addressed here, in regards of the issue of the monitoring of employees.
The core issue at stake was whether, considering the factual context described, the employee could have had a reasonable expectation of privacy when communicating from the Yahoo Messenger account that he had registered at his employer’s request and considering that the employer’s internal regulations, of which he was aware, strictly prohibited employees from using the company’s computers and resources for personal purposes.
Having into consideration that the use of messaging was only allowed for solely professional purposes, the Court deemed that it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.” (par. 59)
In this regard, it considered that “the employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.” Particularly relevant to the formation of that assumption was the fact the employee had initially claimed that he had used the messaging account to advise the company’s clients. (par. 57)
Therefore, despite concluding that an interference with the applicant’s right to respect for private life and correspondence within the meaning of Article 8 of the ECHR indeed occurred, the ECtHR concluded that there has been no violation of such rights, because “the employer’s monitoring was limited in scope and proportionate”.
The claim that the employee’s right to privacy and the confidentiality of his correspondence had been violated was therefore dismissed.
This ruling is in line with that respecting the Benediktsdóttir v. Iceland case, in which the ECtHR concluded that the right to privacy and to correspondence has to be balanced with the other rights, namely those of the employer.
However, the dissenting opinion of the judge Pinto de Albuquerque deserves particular mentioning. Particularly based on the very personal and sensitive nature of the employee’s communications, the non-existence of an Internet surveillance policy, duly implemented and enforced by the employer and the general character of the prior notice given to employees in regards of the monitoring conducted on the communications, it leads one to wonder if the assessment regarding the respect of the necessity and proportionality principles could have been as straightforward as it firstly seemed. Namely considering that the employer also accessed the employee’s own personal account.
Thus said, the specific details of the case should not be overlooked and rushed or generalized conclusions should be avoided.
As pointed out by Pinto de Albuquerque, in the absence of a prior notice from the employer that communications are being monitored, the employee has a reasonable expectation of privacy. Moreover, the complete prohibition of the use of the Internet by employees for personal purposes is inadmissible. Furthermore, the practice of complete, automatic and continuous monitoring of Internet usage by employees is also forbidden.
The fact that the employee was adequately informed of the internal regulations imposing restriction upon the use of the messaging service for personal purposes and that employer had accessed the communications in the belief of their professional nature are paramount elements in this context. In no way must this ruling be interpreted as a general faculty of employers to monitor or snoop on their employees’ private communications.
Indeed, as clearly put by the Art.29WP in the above mentioned document, the simple fact that monitoring or surveillance conveniently serves an employer’s interest could not justify an intrusion into workers’ privacy.
In fact, as outlined by the judge Pinto de Albuquerque in his dissenting opinion: “if the employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement, it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages.”
Therefore, employers should take special care in providing appropriate information in regards of the use that employees are allowed to make of the company’s communication means, namely for personal purposes. Moreover, employers intending to conduct monitoring activities over their employee’s activities should implement a proper and clear monitoring policy, restricted to what is necessary and proportionate to its interests and goals. It is of paramount importance that employees are able to understand the nature, scope and effects of the monitoring, namely how their communications are controlled, what content is accessed, how is it analysed and what information is recorded and kept and for what purposes. In this context, data protection rules fully apply, namely conferring employees with the rights to access all the information held about them and to obtain a copy of such records.
And to completely prevent unpleasant surprises, a word of advice to employees: do not rely on your employer’s good judgement. Avoid altogether using means provided to you for professional purposes to conduct private activities or communications.