After the European Court of Human Rights (ECHR) hearing earlier this week, which concerned an employee who was an engineer in Romania, the judges said that the employer had a right to check that the employee was not completing his work and that he had breached the company’s rules by sending personal messages on the company’s time.
The decision now binds all countries that have ratified the European Convention on Human Rights, and this includes the UK.
In this case, the employee had been using Yahoo Messenger to chat with his family as well as professional contacts, and had asked the European Court of Human Rights to rule that the company had breached his right to confidential correspondence by accessing his messages.
In July 2007, the employer informed him that his communications had been monitored, and presented him with a 45 page transcript of his messages, including exchanges with his fiancée.
He was dismissed for breaching the company’s internal regulations, which stated that it was strictly forbidden “to use computers, photocopiers, telephones, telex and fax machines for personal purposes.”
The judges said the employer could monitor the messages because it believed it was accessing a work account and that it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.”
The judges added: “The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings.”
However, the European Court of Human Rights also made clear in its judgment that it would not be acceptable to carry out unregulated snooping of staff’s private messages. It said a set of policies must be drawn up to define what information employers can collect and how.
Part of this set of policies was announced and stated that “If the employer’s internet monitoring breaches the internal data protection policy or the relevant law or collective agreement, it may entitle the employee to terminate his or her employment and claim constructive dismissal, in addition to pecuniary and non-pecuniary damages.”
Following this, the final comments made by the judges were “the employer in this case had a clear, absolute ban on using its IT resources for personal matters: when the employee denied doing so, the employer could only properly investigate by reading his emails. Many employers allow, or at least tolerate, some personal email use at work so could easily find themselves on the wrong side of the law if they read personal emails without justification and a clear policy allowing them to do so.”
This case also underscores the link between human rights and data privacy, as data hacks continue to hit the headlines. Claims under human rights law are just one risk to business if employee or customer data is hacked and they can’t show they’ve taken sufficient precautions.