Online Employee Privacy – How far can you go?
29 March 2016 by Tony Fisher
The European Court of Human Rights (ECHR) recently ruled that it was acceptable for an employer to monitor an employee’s private online messages that were sent and received during working hours. As a country that has ratified the European Convention on Human Rights, Britain has to abide by the ECHR’s rulings and employers within Britain will want to be aware of the potential effect that this recent judgment could have on domestic law.
The case in question involved a Romanian employee, Mr Barbulescu, who was fired in 2007 after using his work email to send personal messages to his fiancé and brother. Barbulescu in turn filed a complaint and looked for justice in the courts, hoping they would rule that his right to confidential correspondence had been breached.
The ECHR instead ruled in favour of the employer saying that it was “not unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours”. This follows the trend of an approach by the courts to give employers the right to monitor what employee’s do on the employers computer systems.
This decision does not give employers any new powers to ‘snoop’ on employees and employers themselves should also be careful, as acquiring an employees password and accessing any of their internal correspondence could potentially have implications under the Data Protection Act and even criminal law. Barbulescu’s employer accessed his emails on “the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate” and it is for this reason that they weren’t deemed to have broken the law.
Traditionally the UK courts are keen to treat each situation on a case-by-case basis and will not offer a blanket ruling. It therefore remains to be seen whether the ruling will affect all forms of online communication during working hours, such as social media and messaging platforms, or only those designated for work uses, in this case email.
So, for now, if an employee needs to do something personal it is best to stick to using their own smartphone or equivalent device, ideally using mobile data rather than their office wi-fi. This should act as a good base level of personal data protection for employees and many apps, such as WhatsApp, offer their own heightened levels of encryption.
To avoid potential pitfalls as an employer, it is key to have the correct policies in place and ensure that they are communicated effectively to the employee. Employees should all have provided explicit consent after being notified personally of the relevant policies. As we have seen, the length an employer can go to when monitoring their employees is wholly dependent on the situation at hand, and when any doubt arises it is important to seek specialist Employment Law advice.
If you are an employer or employee with a data protection issue in the workplace, we at Fisher Jones Greenwood can help. If you would like any more information please give the Employment team a call on 01245 890110 or contact us by email at [email protected].