A recent European Court of Human Rights (ECHR) case (Barbulescu -v- Romania) has attracted much publicity in the UK press as giving employers the green light to read employees’ private emails. Is that correct and does this case really change things?
Mr Barbulescu was employed as an engineer in charge of sales. His employer had a strict policy of not permitting private use by employees of its computer and telecommunications systems. Mr Barbulescu was asked by his employer to set up a Yahoo Messenger account so that Mr Barbulescu could communicate with customers.
Sometime later, the employer notified Mr Barbulescu that it has been monitoring his account and they believed that he had been using it for private communications. Mr Barbulescu denied this at which point his employer presented him with a 45 page transcript of all his Yahoo Messenger communications, including private communications with his fiancée and brother. Mr Barbulescu was dismissed for breaching the employer’s policy on personal use of computer systems.
Mr Barbulescu subsequently brought employment claims in the Romanian courts alleging that his dismissal was void since the employer had breached his right to privacy by accessing his private communications. Mr Barbulescu was unsuccessful before the Romanian courts but his case was brought before the ECHR. Mr Barbulescu’s argument was that Romania had failed to protect properly his Article 8 right to respect for his private and family life, his home and correspondence.
The ECHR’s Decision
The first key point made by the ECHR was confirmation that Article 8 is engaged to protect employees who use their employer’s telecommunications systems for private purposes. In other words, employees have a reasonable expectation of privacy at work. Nonetheless, this right is not absolute. The question in this case was whether Romania had struck the right balance between protecting the right of Mr Barbulescu to privacy at work with that of his employer to manage its resources effectively.
The ECHR found against Mr Barbulescu in this regard. It noted that:
- The employer had a clear policy regarding the private use of the employer’s telecommunications systems;
- It had not been unreasonable for the employer to want to verify that its employees were engaged on professional tasks during working hours;
- Monitoring was the only effective way of ensuring that telecommunications were being used for work-related purposes;
- When the employer accessed the Yahoo Messenger account, it did so in the belief that the account contained only employment-related messages, this being the basis on which the account had been set up; and
- The employer had not gone beyond examining the Yahoo Messenger account to checking any other documents or data on his computer.
Therefore, the employer’s monitoring was limited in scope and proportionate.
What does this mean for employers in the UK?
Contrary to some of the more lurid headlines in the press, this case does not give employers carte blanche to read their employees’ private emails. In fact, it reiterates principles that have long applied in the UK, namely that employees do have a right of privacy at work but, notwithstanding that, employers do have the right in limited circumstances to monitor private communications at work. The ECHR’s judgment is a reminder that any monitoring must be done in a limited manner and proportionately to the issues involved.
If monitoring is to take place:
- Make sure that this is clearly stated in a policy that it brought to the attention of all affected employees. The policy should state which communications may be monitored and in what circumstances. This will set the expectations of employees as to the circumstances in which their communications may be monitored.
- Limit the number of individuals within your organisation who may undertake monitoring and set out clear ground rules about the monitoring that can take place which are consistent with company policy.
- Ask yourself whether monitoring is really required in a particular situation.
- Act proportionately – if your concern is, for example, the volume of private emails being sent, it is usually not necessary to read the contents of those emails to establish the point.