Following staff protest, the Daily Telegraph is reported to have decided to remove motion trackers it recently installed under desks to monitor energy usage. On the victorious side, the European Court of Human Rights has just decided that there was no violation of an employee’s right to respect for private life and correspondence when his employer accessed his Yahoo Messenger account.
Despite appearing to be a ground-breaking change to the law, the European Court decision does not give employers an unfettered green light to snoop on employees or immediately dismiss those who breach their rules and procedures.
It does however highlight the legal issues and risks employers need to be aware of before taking measures to monitor staff activity, including their email, social media and internet use.
The employee in this Romanian case, was dismissed for breaching the company’s rules which strictly prohibited personal use of its computer systems and equipment. At the employer’s request, the employee had created a Yahoo Messenger account to respond to clients’ enquiries.
Following an ad hoc internet surveillance exercise, records showed that the employee had used the internet for personal purposes. The employee alleged his privacy rights had been breached and that the Romanian courts had failed to protect this right.
The European Court looked at whether a fair balance had been struck between the employee’s rights and the employer’s legitimate interests. It acknowledged that the employee had a right to privacy but found that the employer’s conduct had been reasonable and proportionate.
The employer was entitled to check whether employees were carrying out their duties during working hours. The employer had accessed the messaging account believing it contained client work-related communications only. When confronted by his employer, the employee confirmed initially that he had only used the messenger account for professional purposes.
The court accepted that monitoring the employee’s communications was the only way of establishing if he had breached the company’s rules. It was also relevant that the employer had previously dismissed another employee for personal use of its internet, telephone and photocopiers and that staff had been warned that their activity was under surveillance.
Employers intending to monitor any staff activity should be aware of workers’ privacy and data protection rights. In the UK, the Information Commissioner’s Employment Practices Code gives employers useful guidance on monitoring at work. Impact assessments should be carried out before monitoring starts and electronic communications policies should clearly specify the types of monitoring carried out and their purposes. Policies which are vague and ambiguous will not be sufficient.
Increasing accessibility to and activity on social media makes a blanket ban on personal use of company computer systems and equipment an unrealistic solution for most organisations.
However, permitting personal use of these systems does not automatically entitle employers to monitor personal messages. Nor does it constitute an automatic waiver of workers’ privacy and data protection rights.
Sickness absence or periods of annual leave will often require workers’ email accounts to be monitored during absence to manage business enquiries. These, and other genuine business reasons, may well justify a legitimate need to monitor workers’ email and internet use, but any monitoring measures should be transparent, necessary, fair and proportionate.
Accessing emails which are clearly identifiable as being private and personal, for example by the subject heading of an email, should be avoided.
A careful balance must be found between workers’ rights and the legitimate needs of the business. Despite the recent court ruling which some have interpreted otherwise, this balancing exercise remains no mean feat.
Sourced from Lydia Christie, Senior Associate, Howard Kennedy LLP