The recent ruling by the European Court of Human Rights (ECHR) in the case of Bărbulescu v Romania involves whether employers monitoring private messages sent by an employee through a work related messaging account is an infringement of an employee’s right to privacy under Article 8 of the European Convention of Human Rights (ECHR).
Mr Barbulescu, an engineer, used his business Yahoo Messenger to send and receive personal messages from his fiancée and brother. The messages included personal information regarding his health and sex life. Using the messaging service for personal use was a breach of the employment contract Mr Barbulescu had with the company, and hence he was dismissed. As part of the investigatory proceedings regarding the dismissal, the employer accessed the private messages sent through the Yahoo Messaging service and printed them out. Consequently they were used in the disciplinary proceedings as well as the subsequent appeals.
The Romanian national courts upheld the employer’s decision to dismiss, and the ECtHR ruled that the monitoring and use of the personal messages sent and received was a proportionate interference of his right to privacy under Article 8 of the ECHR. The Court seemed to be persuaded by the way the Romanian court judgement did not reveal the precise nature of the messages, just the fact that they were of a personal content. The Court stated that it was “not unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.”
Although this decision does give European employer’s permission to access personal messages sent through a business account or sent across a company server, it doesn’t overrule previous ECtHR case law or British legislation and leave employer’s powers unchecked. The Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000 provide limitations on employers’ power to monitor employees’ private communications. Ian Brownhill, a Barrister at No.5 Chambers and employment law expert warns that this ruling could have repercussions for employers too saying: “Employers beware though, reading an employee’s personal internal correspondence has implications under the Data Protection Act and depending on how you got by the password, perhaps even the criminal law.”
There has been a media frenzy regarding the ruling, with headlines such as “European Court Rules Employers Can Read Workers’ Private Emails And Messages On Yahoo, WhatsApp And More” (The Huffington Post) and “Companies can monitor workers’ private online chats, European court rules” (The Guardian) which can be misleading. The ruling handed down regards messages sent over a company server from a company account, one mainly used for communicating with clients. It doesn’t give employers power to look through messages sent from personal phones.
Lilian Edwards, a professor of internet law at Strathclyde University, has pointed out the judgement is in line with past case law and rulings. “In this case, the employers say clearly that you are not to use the internet for anything but work. Although it is not popular, it is completely legal. The employer seems to have played this by the book.”