James Rhodes from DAC Beachcroft looks at a recent case into the extent to which employees are entitled to privacy in their use of the internet for personal use.
UK press coverage of the recent European Court of Human Rights (ECHR) decision in Barbulescu v Romania (typified by the Daily Mail headline 'Having an affair? Your boss knows ALL the sordid details – because he's spying on your emails!) could not have been wider of the mark. If anything, the case serves as a useful reminder of the safeguards which protect employees from unwarranted interference in their private lives.
Mr Barbulescu, at his employer's request, set up a Yahoo! Messenger account with which to communicate with customers. His employer had a strict ban on personal use of the internet at work. In contravention of that ban, Mr Barbulescu used his work Yahoo! Messenger account to exchange messages with his brother and fiancée. Some of those messages contained sensitive information about his health and sex life. When challenged, Mr Barbulescu denied personal use of his work account. In response, his employer presented him with a 45-page transcript of personal messages. Mr Barbulescu was dismissed.
In finding in the employer's favour, the ECHR held that, although Mr Barbulescu had a reasonable expectation of privacy (even in the use of his work account), his employer had not unlawfully interfered with that right in all the circumstances. In any such case, a balance must be struck between the employee's right to privacy and the employer's right to ensure that employees are adequately fulfilling their duties. In this case, the balance was found to be in the employer's favour.
The key factors in this decision were:
· The employer had a strict prohibition on personal use of email and internet – this was a particularly unusual aspect of the case as most UK employers tend to allow some personal use.
· Shortly before Mr Barbulescu had been dismissed, another employee had been dismissed for personal use of the internet, telephone and photocopier. As a consequence, all staff were reminded of the policy and the consequences of a breach. They were also notified that their use of the internet would be monitored.
· Mr Barbulescu had lied about his personal use which meant that monitoring and accessing his account was the only way of policing the ban.
· The employer did not access other information on Mr Barbulescu's computer and so its search was targeted and proportionate – it did, however, access a personal Yahoo! Messenger account from which Mr Barbulescu had also been sending messages during work time.
· The employer did not rely upon the content of the messages (much of which was personal and sensitive); rather, it was the fact that the account had been used for personal messages that led to Mr Barbulescu's dismissal.
Nothing in the decision gives employers the right to ‘spy on emails’. It reinforces the well-established position that, even whilst at work, an employee has ‘the right to respect for his private and family life, his home and his correspondence’ and that an employer would be acting unlawfully if it interferes with that right unjustifiably and disproportionately.
Even where misuse is suspected, an employer's monitoring should generally be limited to establishing the fact of (excessive) personal use rather than prying into the content of communications unless it was suspected that the content itself was incompatible with the employee's duties.
The decision also reinforces the importance of having clear policies in place which set out not only the parameters within which an employee can use the internet for personal purposes but also the circumstances in which that use will be monitored and the scope of that monitoring.
DAC Beachcroft (http://www.dacbeachcroft.com/people/directory/james-rhodes)