Does an employer’s access to workers’ e-mail breach the right to privacy?
In previous posts, we looked at the limits to managerial powers when it comes to employees’ right to privacy, in relation to, for example, the secrecy of communications, or the possibility of using camera recordings for disciplinary purposes.
Following on from these posts, in the last few weeks the media has echoed the recent judgement by the European Court of Human Rights, of January 12, 2016. This decision held that an employer’s access to an employee’s personal instant messaging account set up for professional purposes, did not breach the right to privacy and served to verify whether the employee was complying with his employment obligations during working hours.
In this specific case, the employer had sacked the worker on finding, after monitoring his email account, that he had used the company’s IT systems for personal purposes, which was expressly forbidden under the Company’s internal policies.
The European Court of Human Rights found it appropriate and not excessive for an employer, in its managerial capacity and in order to monitor his employees’ professional activities, to verify whether the employee in question was using the Company’s IT resources during working hours for strictly professional purposes, especially if such monitoring was limited to e-mails and did not include other data and documents that the employee stored on his computer.
The above notwithstanding and despite the media impact of the judgment, it should be borne in mind that this ruling by the European Court of Human Rights simply ratifies previous judgments and what has become settled case law in Spain (following the Supreme Court judgment of September 27, 2007), as well as decisions by the highest data protection authority in Spain (Spanish Data Protection Agency “AEPD”).
As a final, practical observation, it is necessary to underscore once more how important it is for companies to have a protocol or internal policy in place, or even to append clauses to employment contracts, establishing the “rules of the game” as far as the use of IT systems is concerned. If these resources are subsequently used for personal purposes contrary to a prohibition in this regard, since the employees are aware of the monitoring and measures applicable, it cannot be held that “a reasonable expectation of privacy” has been breached. This was the term used by the European Court of Human Rights in its judgments from some time ago, namely in the Halford case (June 25, 1997) and the Copland case (April 3, 2007), to assess the existence of a breach of article 8 of the European Convention on Human Rights.
Garrigues Labor and Employment Law Department