Are Employers now allowed to ‘snoop’ on their employees?

The recent case of Barbulescu v Romania has provided useful guidance on whether employers have the right to access and monitor employees’ personal communications in the workplace.

By way of background, Bogdan Mihai Barbulescu, a Romanian engineer, was instructed by his employer in 2007 to set-up a Yahoo messenger account. The purpose of the account was specifically for communication with business clients. Mr Barbulescu was later dismissed by his employer for personal internet use at work, contrary to the employer’s internal rules. As part of the employer’s investigation, they accessed private messages sent by Mr Barbulescu to friends and family on the messenger account. These messages were then used in the disciplinary proceedings.

Following his dismissal, Mr Barbulescu argued that his employer had breached his right to privacy due to the fact that they had accessed and read his personal messages. Mr Barbulescu took his case to the Romanian courts who ultimately sided with the employer. Mr Barbulescu subsequently took his case to the European Court of Human Rights (ECHR) in 2008, arguing that the decision to terminate his employment was based on a violation of his Article 8 right to respect private and family life.

The ECHR has now handed down its judgement and held in favour of Mr Barbulescu’s employer. The ECHR concluded that it was not unreasonable that the employer wanted to verify that employees were completing their professional tasks during work hours. The ECHR also pointed out that Mr Barbulescu had been warned of the consequences of using his work devices for personal conversations. The ECHR subsequently held that the monitoring and use of the personal messages was a proportionate interference of his Article 8 rights.

This case has received a great amount of media coverage in the UK. It is however important that employers remember that there are still limitations on their power to monitor employees’ private communications. This case does not override previous ECHR case-law on reasonable expectations of privacy. Nor does the case replace existing UK legislation such as the Data Protection Act 1998. Mr Barbulescu’s case was specific in that he was using a business account to send personal messages, which breached his employer’s rules. This is different to an employer reviewing and monitoring personal messaging accounts that have no relevance to the workplace.

If you or your business would like any further guidance on drafting an IT or social media policy that is suitable for your workplace then do not hesitate to contact us  0161 672 1425.