Monitoring employees – not so easy

From a quick message to a family member whilst at work all the way to the Upper Chamber of the European Court of Human Rights: the latest ruling on privacy rights should be a reminder to all employers that monitoring their employees’ communications is a risky business.

The employee in the Romanian case of Bărbulescu v Romania was dismissed for using an office Yahoo Messenger app to message members of his family, despite the fact that his employer had banned private use of the online account. Having got nowhere with local Romanian courts Mr Bărbulescu applied to the European Court of Human Rights, alleging that his right to privacy had been breached. While the lower court found that the employer had acted reasonably, the Grand Chamber, on appeal, reversed the conclusion because, amongst other reasons, the employee had not been informed that activity on the app would be monitored.

Some employers might agree that it would be intrusive to listen into an employee’s private phone call at work, monitor personal email accounts or intercept private post left in an office out-tray. However, more often than not employers consider business email and apps to be fair game when checking up on employee activity. Whilst this judgment may appear irrelevant because it relates to a Romanian employer, the basis for it follows the European Convention on Human Rights, which applies in the UK via the Human Rights Act; UK judges are required to take the court’s rulings into account and thus it affects UK employers.

Also, although not referred to in the judgment, there is a consistency in approach with the General Data Protection Regulation (GDPR) which is set to apply from May next year in that, the subject matter was whether Mr. Bărbulescu had knowingly submitted to the monitoring. Monitoring of this kind amounts to the processing of personal data in respect of which the GDPR is set to introduce much tougher rules and penalties for breach. Together, there appears to be a clear shift in attitude towards protecting the privacy and personal data of individuals, not least because the line between private and professional life is becoming ever more blurred in most modern working environments.

Theresa Mimnagh, Associate Director of the legal and compliance specialist Lawspeed, commented, “Undoubtedly some recruitment businesses will be monitoring staff activity, but they should be aware of this case. They need to ensure that they are upfront with their employees not only as regards the fact of the monitoring, with a proper reason for doing so, but also how information is to be used. Agencies that don’t do this risk a breakdown in employee relations, the potential of court action following this case and, once the GDPR is in place, the risk of significant fines if a complaint is made to the Information Commissioner.”

Mimnagh concluded “Monitoring employees’ emails is one of the aspects to be covered in our GDPR seminars on 10th and 12th October and we will be running a series of recruitment specific workshops throughout the remainder of 2017 and early 2018 on this subject.”

For more information, please call Lawspeed on 01273 236236 or email to [email protected] with “data protection” in the subject line.

Webinar: November 2017 – Plugging the gaps – common problems with agency contracts and how to resolve them
Why doing nothing can now be a criminal offence