Written by Martin Pratt
The headlines in today’s papers have been dominated by what’s being reported as a “new” right given to employers by the European Court of Human Rights – to “snoop” on private emails and messages at work. In fact the new decision doesn’t change much, if anything, in the UK at all.
In the case in question, Mr Barbulescu, a Romanian engineer, set up a Yahoo Messenger account, at his employer’s request, for the purpose of responding to client enquiries. In 2007 his employer informed him that his communications through that account had been monitored, saying that he used the account for personal purposes, contrary to express company policy. He was presented with a transcript of messages with his fiancée (among others) that related to personal matters such as his health and sex life. He was fired for breach of company policy.
The Romanian County Court dismissed his complaint against dismissal because his employer had complied with Romanian unfair dismissal law and he had been duly informed of the employer’s policy on use of company property. Mr Barbulescu then applied to the European Court of Human Rights (ECHR) contending that the employer’s conduct had disproportionately infringed his right to a private life.
The ECHR held that it hadn’t. It was not unreasonable for Mr Barbulescu’s employer to seek to ensure that employees were completing their professional tasks during working hours. Furthermore, his employer had accessed his messaging account in the honest belief that it contained client-related communications only.
That decision is consistent with UK law as it stands. The court said that there could be an expectation of privacy in the workplace but a balancing act needs to be performed and the extent to which an individual has a ‘reasonable expectation of privacy’ in relation to what they are doing. Here the employee had broken a strict policy banning workplace use of computers. The “spying” on the employee was the employer trying to find out whether he had breached the policy. The ECHR said that this was permissible.
This decision really confirms what the position is in the UK already. The Information Commissioner, whose responsibility is to police the Data Protection Act, has produced a Code of Practice – Part 3, which deals with monitoring at work, and is already compliant with the Barbulescu decision. The Information Commissioner says that for employee monitoring to be lawful you need:
- a clear business need for the monitoring;
- to ensure that the intrusiveness of the monitoring is proportionate to that business need; and
- a clear policy or instruction making sure that such monitoring is going to take place.
Employers don’t have free reign to spy on their employees – it’s all about what’s reasonable in the circumstances.
Contact the Author
I am a partner in the employment law team and represent both individuals and employers, but specialise in acting for professionals such as public company directors, lawyers, hedge fund managers, accountants, MDs in investments banks, private equity principals and tech entrepreneurs, both as individuals leaving old employers and setting up or joining new enterprises. I advise senior individuals on new employment contracts and joining LLPs. On the employer side my expertise covers the employment aspects of mergers, acquisitions and outsourcing. My varied employer client base includes professional services firms, hedge funds, publishers, marketing agencies, charities, fitness studios and medical practices. I represent clients in all types of employment related disputes, involving matters like whistleblowing, discrimination, bonus claims, harassment, TUPE, High Court injunctions and unfair dismissal.