In July 2007, a company informed one Bogdan Barbulescu that his communications had been monitored, and presented him with a 45-page transcript of his messages, including exchanges with his fiancee and his brother.
He was dismissed for breaching the company’s internal regulations, which stated that it was strictly forbidden “to use computers, photocopiers, telephones, telex and fax machines for personal purposes”.
When he took his company to court, Barbulescu lost the case and instead appealed to the ECHR.
However, the ECHR said that it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours”.
It was further added: “The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.”
On the other hand, the ECHR warned bosses that it would not be acceptable to carry out unregulated snooping of staff’s private messages. It said a set of policies must be drawn up to define what information employers can collect and how.
The judgment said: “If the employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement, it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages.”
This was echoed by Hilary O’Connor, an employment partner at King Wood & Mallesons, who said: “Employers should not take this as a green light to snoop on their employees, as some commentators have suggested. The employer in this case had a clear, absolute ban on using its IT resources for personal matters: when the employee denied doing so, the employer could only properly investigate by reading his emails.
“Many employers allow, or at least tolerate, some personal email use at work so could easily find themselves on the wrong side of the law if they read personal emails without justification and a clear policy allowing them to do so. This case also underscores the link between human rights and data privacy, as data hacks continue to hit the headlines. Claims under human rights law are just one risk to business if employee or customer data is hacked and they can’t show they’ve taken sufficient precautions.”