This is a question that somewhat surprisingly made its way to the European Court of Human Rights (ECHR) in the recent case of Barbulescu v Romania.
Mr Barbulescu was employed as an engineer in charge of sales. As part of his duties, Mr Barbulescu was asked by his employer to set up a Yahoo Messenger account for the sole purpose of communicating with customers. Mr Barbulescu’s employer operated a strict prohibition on the private use of its computer systems by its employees and had a clear written policy in place.
In July 2007 (yes, it really did take over 8 years for this matter to find its way to the ECHR!), Mr Barbulescu was informed by his employer that they had been monitoring his use of the Yahoo Messenger account and that they believed that he had been using it for personal communications, in breach of policy. Mr Barbulescu refuted this, claiming that he had only made use of the systems for business purposes. Following an investigation by the employer, Mr Barbulescu was subsequently presented with a 45 page transcript showing messages with his brother and fiancée concerning some undeniably personal matters! Mr Barbulescu was later dismissed for breaching the employer’s policy on personal use of computer systems.
Mr Barbulescu brought claims in the Romanian court arguing that by accessing his private communications his employer had breached his right to privacy (Article 8 of European Convention on Human Rights). He was unsuccessful before the court of first instance and on appeal.
The question referred to the ECHR was whether there had been a violation of Article 8 by virtue of the company having accessed Mr Barbulescu’s personal communications – in this particular case, that fact also underpinned Mr Barbulescu’s dismissal. The ECHR declared that Article 8 had been engaged, but (by majority, with one notable dissenting judgment) that the right conferred by Article 8 had not been breached in these circumstances. It was found that the employer in this case had a clear policy prohibiting the private use of its systems and providing for monitoring and the majority considered that this was a reasonable manner of ensuring that employees were using their systems for work-related purposes only and enforcing that policy. Further, when the account was accessed, the employer had a reasonable belief that the account only contained messages between Mr Barbulescu and the business’s customers, given that the account had been set up for that sole purpose and that Mr Barbulescu himself had represented this.
Does the outcome of this case automatically give employers in the UK the green light to access and read their employees’ private emails in all circumstances? Clearly not and a distinction can seemingly be drawn between a business email account and a private email account operated by an employee using an employer’s systems.
Whilst this case confirms that employees do not have an absolute right to privacy at work and that employers do have the right, in limited circumstances, to monitor relevant communications (so long as any monitoring is objectively justified, proportionate and provided that a clear policy is in place), it does also suggest real limitations on that right, particularly in the case of personal email accounts and the like which are not work-related but which might be operated using work systems.
If you do plan on monitoring your employees IT usage, ensure that you provide clearly for this right within a written policy and bring it to the attention of all employees. Your policy should include details of what communications may be monitored and in what circumstances, so that employees are made aware in advance.
If you would like our advice please contact the Employment Team.
Comments