The recent ECHR ruling does not give employers the right to act like Big Brother
The ECHR ruling in case of Barbulescu v. Romania could be interpreted as allowing employers to unlimited access and surveillance of private communications of their employees.
Although it cannot be denied that the ruling had a surprise effect taking into consideration the previous court rulings, employers should be careful not to rely solely on the media coverage of the content of the ruling, while ECHR examined whether the state struck a fair balance between the applicant’s right to respect his private life and correspondence and his employer’s interests and not the activities of the employer himself.
Summary of facts
Mr. Barbulescu was employed in a private company as an engineer in charge of sales and has created a Yahoo Messenger account (instant messaging) for business purposes upon employer’s request. The employer terminated his employment agreement for breach of the company’s internal regulations which strictly forbid use of computers and other gadgets for personal purposes.
The employer proved this breach by presenting the employee with transcript of his personal messages exchanged with his fiancé and his brother and terminated his employment contract. Mr. Barbulescu challenged the employer’s decision in front of domestic courts unsuccessfully.
In front of the ECHR, Mr. Barbulescu, the applicant, alleged that the termination of employment contract by his employer had been based on a breach of his right to respect for private life and correspondence and that the domestic courts have failed to protect his right (Article 8 of the European Convention on Human Rights (“Convention”)).
In order to determine whether a violation of Article 8 of the Convention occurred, ECHR assessed whether the applicant had a reasonable expectation of privacy when communicating from the said Yahoo Messenger account.
In its assessment the ECHR noted that the domestic courts have attached particular importance to the fact the employer had accessed the said account in the belief that it contained professional messages since the employee initially denied using the account for private purposes and therefore the access was legitimate. Next to that, domestic courts relied on the transcripts of communication only to establish the disciplinary breach and the content of the communications was not a decisive element.
The ECHR found that it is not unreasonable for the employer to want to verify the employees are completing their professional tasks during working hours. The ECHR further assessed the access to the employee’s private correspondence was proportional and limited in scope since only employee’s Yahoo messenger account was examined, but not the other data stored on his computer. Consequently, as the domestic authorities have not failed to strike a fair balance between the applicant’s right to respect his private life and his employer’s interest, ECHR decided that there has been no violation of Article 8 of the Convention.
Employers should not be misled by the headlines in the media and think they are now allowed to impose surveillance on the employee’s private communication. As said, ECHR did not rule in respect of employer’s actions but on whether Romania as a country fulfils its obligation under Article 8 of the Convention. The same is confirmed by the Slovenian Information Commissioner who shares the opinion and stresses that employers in general should not control employee’s private communications at the workplace and that the mentioned ruling should not be used as a general guide for examination of (in) adequacy of monitoring the employees at the workplace.
When adopting internal regulations on monitoring, the employers should take into consideration (next to applicable laws) the guidelines of the Article 29 Working Party (independent EU advisory body on data protection) which state that any monitoring measure must pass a list of four tests: transparency, necessity, fairness and proportionality. Employers should keep in mind, as judge Pinto de Albuquerque stressed in his partly dissenting opinion by quoting Article 29 Working Party, that “Workers do not abandon their right to privacy and data protection every morning at the doors of the workplace”.