ECHR scales back businesses' powers to snoop on staff's private messages
Companies must try to stop staff from using work email for personal use before it gets out of hand
The European Court of Human Rights (ECHR) has rules a company shouldn't have sacked one of its employees because he sent private emails from his work account during working hours.
The ECHR used the case of Romanian Bogdan Mihai Brbulescu vs Romania to stipulate what companies can and can't do when monitoring employee emails.
If a company wants to monitor employee email usage, it must notify the employee beforehand and tell them to what extent their communications will be monitored, whether the employer has legitimate reasons to monitor the content, whether it's possible to monitor the communications via other, less intrusive methods and the consequences if an employee is found to be misusing company email.
The court ruled the way the employer in this case monitored emails was against Brbulescu's human rights, explaining the employer "failed to strike a fair balance between the interests at stake: namely Mr Brbulescu's right to respect for his private life and correspondence, on the one hand, and his employer's right to take measures in order to ensure the smooth running of the company, on the other."
The court found no evidence that Brbulescu received a warning that his communications were being monitored prior to losing his job and even if he was told, he was unaware of the extent of the snooping. It concluded that the company had not protected his right to respect for his private life and correspondence under Article 8 of the Convention.
This overturns rulings made in Romanian courts, which said the employer was within its rights to monitor Brbulescu's computer activity using software.
"Although it was questionable whether Mr Brbulescu could have had a reasonable expectation of privacy in view of his employer's restrictive regulations on internet use, of which he had been informed, an employer's instructions could not reduce private social life in the workplace to zero," said the court in its decision.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Although this decision could concern other businesses that they are unable to monitor employee emails, the EHCR explained they can still dismiss employees if they're using business email for personal use. However, the employer must take sufficient safeguards to prevent abuse before it gets out of hand.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.