Rupa Mooker: ECHR ruling '“ boss or Big Brother?

Employees are often encouraged to use social media, once seen as a purely personal method of communication, as a business development tool. And in the workplace, having a chat by the water cooler with your colleagues is quickly being replaced by instant messaging/WhatsApp/Facebook chats (usually using the employer’s wifi!).

Whilst this 21st century explosion of technology means that communication is now faster and easier than ever, as we continue to digitise our lives a number of interesting issues begin to arise, some of which were considered by the European Court of Human Rights (ECHR) in the case of Barbulescu (B) v Romania.

Background

B was employed as an engineer by a private company. At his employer’s request, he created a Yahoo Messenger account for the purpose of responding to client enquiries. The employer had in place a ban on using the internet at work for personal use. The employer informed B that his Yahoo messages had been monitored and they had found personal messages from him to his fiancée and brother. His employment was terminated on the grounds of his breach of the company’s regulations.

B argued that his right to private life, under Article 8 of the European Convention of Human Rights, had been infringed by his employer’s actions. The ECHR found that, although Article 8 had been engaged, a fair balance had been struck between B’s right to respect for his private life and his employer’s interests.

ECHR decision

The ECHR said that it was not unreasonable for B’s employer to seek to verify employees were completing their professional tasks during working hours. So, there was no breach of B’s right to a private life. At first glance, this decision could be interpreted as giving employers authority to “snoop” on all of an employee’s communications during working time – whether professional or private. To some, this seems a bit harsh but to what extent does it affect employers in the UK?

What is the position in Scotland?

The ECHR’s decision binds the UK because it has ratified the European Convention on Human Rights. However, let’s be clear. Employers do not have the right to snoop on an employee’s personal emails and messages despite what the ECHR ruling says. The particular facts of that case are significant.

The employer had a clear policy stating that employees were not allowed to send personal communications during working hours. B’s employer had only accessed the offending messages in the belief that the account contained client-related communications only.

Employers therefore must exercise caution when monitoring the online and other communications of their employees. Under current UK data protection law, personal data – being any data that can or has the potential to identify a person – may only be processed (used, stored, etc) if such processing is considered fair. In an employment context, the Information Commissioner’s Office (ICO), the body responsible for upholding information rights in the UK, recommends that workers are made fully aware of the nature, extent and reasons for any actual or potential monitoring of their communications by employers. The ICO generally considers monitoring of personal emails to be particularly intrusive and employers need to act fairly and reasonably when it comes monitoring.

Also, whilst the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 allow monitoring in defined circumstances, businesses should always have proper policies in place and tell the employees that monitoring is occurring otherwise there will be difficulties in using any evidence gathered.

Practically, this means that employers must take care to ensure they have clear policies in place in relation to internet usage at work, social media and data protection. Employees should be made aware of the rules and understand to what extent personal use of the internet and devices at work will be tolerated. If an employer’s policies are unduly intrusive, not applied consistently or are unclear as to an employee’s rights and obligations, the employer will find it difficult to enforce and successfully discipline an employee for breach.

It is of note that the ECHR judgment also stated that where an employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement “it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages”.

We advise that employers review any policies that are currently in place in order to ensure compliance with legal requirements.

• Rupa Mooker is a senior associate and employment law specialist at MacRoberts