Court judgments, often complex and difficult to translate into a soundbite (or, these days, clickbait), are frequently misreported. This is particularly the case with European court judgments, whether from the ECJ, where Advocate General opinions are usually reported as “rulings”, or the European Court of Human Rights, where the consequences of decisions are frequently misstated. And that’s before you even get to the difference between the ECJ and the ECHR, another source of confusion.
This week the ECHR gave judgment on a case involving a Romanian engineer (Barbulescu v. Romania) who was disciplined for using Yahoo! Messenger during work hours. A key point here is that the Y! Messenger account was set up by the employee on the instruction of the employer for work purposes. It was not a personal account. The employee argued that the employer had breached his right to privacy, but the ECHR decided that the actions of the employer were limited and proportionate.
Most headlines and some reports represented the decision as meaning that employers can now spy freely on employee communications. This is quite a dangerous misinterpretation or oversimplification of the decision.
Elaine Edwards has a very helpful article explaining the law and the judgment on the Irish Times.
In passing down the ruling, the judges stated that unregulated spying on employees would not be acceptable, and called on a set of polices to be drawn up by employers that would clearly state what information they could collect and how.
The judgment is not a surprise to employment lawyers. These cases are focused on whether the employee has a reasonable expectation of privacy in their communications. Whether a reasonable expectation arises largely depends on whether or not policies are in place governing the use of communication services or whether warnings have been given to employees that communications may be monitored. Even if covert surveillance might be used, and such surveillance is sometimes necessary, a policy should be in place so that employees are aware that they might be subjected to covert surveillance at some point. The Employment Appeals Tribunal (now the Workplace Relations Commission) has previously said:
Setting traps and ambushes for an employee is inappropriate behaviour for an employer.
One interesting point, noted in the UK Human Rights Blog, is that the warning given to Barbulescu that his employer might monitor his communications was of a general nature. Such a warning by an employer in the Irish context might not be sufficient.
Barbulescu definitely does not give employers carte blanche to put their employees under surveillance. There remain – as there were before this judgment – cases where such surveillance is justified, and cases where it is not … national courts, perhaps excited by the new Regulation, might insist that higher standards apply in national law. For the time being, though, employers should be aware that there is still a fine line between acceptable and unacceptable monitoring of their employees.
He alludes to an important point: the judgment does not displace Irish employment or data protection law. The Data Protection Commissioner published guidance on workplace monitoring years ago which notes the importance of balancing the legitimate interests of the employer against the privacy rights of the employee. It requires that monitoring, whether by CCTV or access to electronic communications, be done in a transparent manner. An interesting recommendation, often forgotten by organisations, is that “[e]mployers should consider whether they would obtain the same results with traditional measures of supervision”.
David Whincup put it well on the Squire Patton Bogs employment law blog:
[The] headline in the Mail : “Bosses free to spy on emails” should actually have read : “Bosses free to check that you are using their equipment to do what you are paid to do”. But where would be the news in that?
Mashable’s headline came close and was able to highlight the qualification in the judgment with the addition of three simple words.