EU Court: Employee E-mail Monitoring May Not Breach Privacy Rights

By Sarah Thompson, © McGuire Woods February 1, 2016

The European Court of Human Rights (ECHR) on Jan. 12 ruled that a Romanian employer did not breach its employee’s privacy rights when it monitored his Yahoo Messenger account and fired him for using the account to send private messages during work hours. This decision does not alter previous case law on the reasonable expectation of privacy, nor does it override existing legislation, which places key limitations on an employer’s power to monitor employees’ private communications. It does, however, serve as a helpful reminder of how employers can and should lawfully monitor employee communications.

The employee, a sales engineer, set up the Yahoo account at the employer’s request for the purpose of responding to client queries. Company rules made it clear that computers were not to be used for personal reasons. The employee, however, used the account to send personal messages to his brother and fiancée, including about his health and sex life. The question for the ECHR was whether the employer acted lawfully in accessing the individual’s private messages on a business account.

The key point of the ECHR ruling was that there had been no violation of Article 8 of the European Convention on Human Rights (the right to respect for private life, home and correspondence). It held that “it is not unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours” and “the employer’s monitoring was limited in scope and proportionate.”

Balance Must Be Struck

This decision has created a lot of publicity and media coverage. Some commentary suggests that employers now have free rein to read employees’ private messages. That is not the case. In the United Kingdom, employers have been able to review employee emails when carrying out disciplinary investigations and the employment tribunals have accepted evidence obtained in that way. The key issue is often whether, on the facts, the employee has a reasonable expectation of privacy. A balance must be struck between an employee’s right to respect for private life and the employer’s interests.

It is now, more than ever, important to ensure that your business has in place a clear and comprehensive policy setting out what is considered acceptable use of company IT systems, that such systems may be monitored and the extent and purpose of such monitoring. Policies need to be clearly communicated to employees and made readily available. Any investigation or action taken against an employee for an alleged misuse of company IT systems should be consistent, reasonable and proportionate.

Multinational companies should be aware that restrictions on employee monitoring may differ considerably across different European jurisdictions. There may also be limitations and, under general and sector-specific data protection, telecommunication and employment laws that need to be considered prior to undertaking any employee monitoring. For example, in the UK, the Regulation of Investigatory Powers Act 2000 prohibits the interception of communication, including emails, except with the prior consent of both the sender and the recipient.

Sarah Thompson is an associate in the London office of McGuire Woods. Republished with permission. © 2016 McGuire Woods. All rights reserved.



Hire the best HR talent or advance your own career.

Discover what’s trending in HR

Search and download FREE white papers from industry experts.

Search and download FREE white papers from industry experts.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.