Employers can read office hours messages sent by workers - court

Company within its rights to read messages sent by employee during work, ECHR says

A European court ruling that an employer was within its rights to read the private emails of a worker is not expected to have implications for Irish workplace practices.

In a case before the European Court of Human Rights (ECHR) in Strasbourg, judges ruled that a company which had read an employee’s messages sent through Yahoo Messenger while he was at work was within its rights to do so.

The ruling said the man, an engineer in Romania, had breached company policy and his employer had a right to check if he was completing his work.

Bogdan Mihai Barbulescu (35) was employed by a private company as an engineer in charge of sales. At his employer’s request, he created a Yahoo Messenger account for the purpose of responding to clients’ enquiries.

The company informed him in July 2007 that records showed he had used the internet for personal purposes, contrary to its rules. He insisted in writing that he had only used the messaging app for work purposes, but was then presented with a 45-page transcript of his communications with his brother and his fiancée.

The ECHR said the employer had acted within its disciplinary powers.

The ruling affects all EU countries that have ratified the European Convention on Human Rights, which includes Ireland.

In passing down the ruling, the judges stated that unregulated spying on employees would not be acceptable, and called on a set of polices to be drawn up by employers that would clearly state what information they could collect and how.

Many employers in Ireland already have workplace policies on internet use and write them into contracts.

Dr TJ McIntyre, chairman of the privacy rights body Digital Rights Ireland, said the ECHR decision in the Romanian case was likely to be "quite narrow".

“It’s about communication on the employer’s own devices and in circumstances where private use was prohibited and where the individual said it was only professional use.

“It doesn’t necessarily change the position that unless you’ve been very explicitly warned that your communications can be monitored that it would still be illegal to do so.”

Mr McIntyre said there was often a “blurring of the lines” between the personal and the professional, such as where people sometimes used their own devices for professional communications.

“It’s potentially dangerous in that sense. Any situation where the employer has the capacity to read your messages is one where you should be worried.”

The Data Protection Commissioner has taken the view that people can be expected to have "a certain degree of privacy in their communications on employers' equipment, unless it's explicitly ruled out".

The DPC’s guidance says the limitation of the employee’s right to privacy should be “proportionate to the likely damage to the employer’s legitimate interests”.

“In the absence of a clear policy, employees may be assumed to have a reasonable expectation of privacy in the workplace,” the office says.

Additional reporting: Reuters