Employers can monitor private messages, ECHR rules

Employers can justify reading workers’ private online messages, after a judgment yesterday in the European Court of Human Rights (ECHR).

The ECHR ruled that a company that read an employee’s Yahoo Messenger chats that he sent while he was at work was within its rights.

The judges said that the employer had a right to check the employee – an engineer in Romania – was completing his work and that he had breached the company’s rules by sending messages on its time.

The decision, handed down yesterday, binds all countries that have ratified the European Convention on Human Rights, and this includes the UK.

The engineer had been using Yahoo Messenger to chat with his family as well as professional contacts, and had asked the ECHR to rule that the company had breached his right to confidential correspondence by accessing his messages.

In July 2007, the employer informed him that his communications had been monitored, and presented him with a 45-page transcript of his messages, including exchanges with his fiancee and his brother.

He was dismissed for breaching the company’s internal regulations, which stated that it was strictly forbidden “to use use computers, photocopiers, telephones, telex and fax machines for personal purposes”.

The judges said the employer could monitor the messages because it believed it was accessing a work account.

The ECHR said that it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours”.

The judges added: “The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.”

However, the ECHR also made clear in its judgment that it would not be acceptable to carry out unregulated snooping of staff’s private messages. It said a set of policies must be drawn up to define what information employers can collect and how.

The judgment said: “If the employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement, it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages.”

Hilary O’Connor, employment partner at King Wood & Mallesons, underlined this point. She said: “Employers should not take this as a green light to snoop on their employees, as some commentators have suggested.

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

Email(Required)

OptOut

From time to time, we will send you emails about selected products, events and services from Personnel Today and OHW+ - but you can choose to opt-out at any time. If you do not wish to receive these emails, please tick this box.

Phone

This field is for validation purposes and should be left unchanged.

Δ

“The employer in this case had a clear, absolute ban on using its IT resources for personal matters: when the employee denied doing so, the employer could only properly investigate by reading his emails. Many employers allow, or at least tolerate, some personal email use at work so could easily find themselves on the wrong side of the law if they read personal emails without justification and a clear policy allowing them to do so.”

She added: “This case also underscores the link between human rights and data privacy, as data hacks continue to hit the headlines. Claims under human rights law are just one risk to business if employee or customer data is hacked and they can’t show they’ve taken sufficient precautions.”