Does Bărbulescu v Romania prevent employers from ever monitoring private emails sent at work?
A recent European Court of Human Rights decision has caused confusion about whether employers can access private messages sent by their employees. In this blog we explore the background of the case, the current law in this area and the implications for employers.
Bărbulescu v Romania – coverage of both the original decision and appeal
In early January 2016 the front pages of various national newspapers proclaimed the creation of a ‘right for employers to snoop on private emails’. This followed a decision in a case involving a Romanian man (Bărbulescu) whose employer had accessed a Yahoo! Messenger account that he had set up for professional purposes but which he had also used for personal communications with his fiancé and brother.
The European Court of Human Rights (ECtHR) found that Bărbulescu’s right to a private life had not been violated by the employer’s actions in accessing the private messages, which they presented to him in full when he denied using the account for personal purposes, and the breadth of coverage reflected the profound implications of this ruling for employment relationships. However, the headlines weren’t accurate. In fact, they were misleading to such an extent that the Council of Europe took the unusual step of releasing a statement to clarify the ruling, and to condemn what it considered as ‘a new benchmark’ for the British press misreporting cases.
Against this confused backdrop it was perhaps inevitable that the outcome of Bărbulescu’s subsequent appeal would be ripe for misunderstanding, especially as it effectively reversed the earlier decision. In its ruling the Grand Chamber of the ECtHR found that the employer’s monitoring of Bărbulescu’s personal messages had construed a breach of his right to a private life. Coverage of this decision was perhaps understandably less dramatic than the previous headlines, but did refer to a ‘bolstering’ of employee rights to privacy, and employers now being ‘forced’ to warn employees about any monitoring of internet use. So have employee rights been bolstered, or is this more bluster?
The current law
In many respects – and despite the widespread coverage – Bărbulescu is somewhat of a red herring when it comes to the United Kingdom, where the Data Protection Act 1998 and Employment Practices Code issued by the Information Commissioner’s Office have already taken a fundamentally identical approach for many years.
At the heart of this issue is whether an employee has ‘a reasonable expectation of privacy’. For example, if someone has been told that their work communications will not be monitored, or if they have not been given any indication either way, then any monitoring will represent a breach of the employee’s right to a private life. Accordingly, employers must already inform employees in advance about any monitoring, what will be monitored and how any information will be processed. The Code, which employers must adhere to unless there is a very good reason to deviate from it, notes that covert monitoring will only very rarely be justifiable, and recommends that an impact assessment is undertaken before any monitoring takes place.
However, Bărbulescu is a helpful reminder that an ‘…employer’s instructions cannot reduce private social life in the workplace to zero’, meaning that even if organisational policies are clear that the content of employee emails may be monitored, employers will still need to act proportionately to justify doing so in practice. Impact assessments should therefore balance any intrusion against its objective, consider the impact of the monitoring and gauge whether the method in question is the least most intrusive mechanism available. In addition to the information already mentioned, which must be provided to employees, the Code also suggests that details of the purpose of monitoring and the safeguards protecting employee privacy are provided.
Conclusion and implications
Although Bărbulescu hasn’t dramatically changed the legal situation in the UK, it is certainly a timely reminder that there will be numerous occasions when employers have legitimate reasons to monitor employee communications, some of which may well be personal in nature. Reviewing/establishing relevant policies and practices may well be a prudent step, as a failure to get this right could lead to claims for unfair dismissal, fines from the Information Commissioner’s Office and possible breakdowns of trust between an employer and its employees more broadly.
For advice and assistance, please contact:
Hempsons Employment Team
Thursday 11th January 2018