EU Court: Employee Email Monitoring May Not Breach Privacy Rights
Privacy & Cybersecurity Update
Date: January 22, 2016
Employers with European operations have become accustomed to workplace privacy rules that prohibit information management practices in the EU that are generally accepted in the United States. In the wake of a recent ruling, however, the picture may not be so dark. The European Court of Human Rights on January 12 ruled that a Romanian employer did not breach its employee’s privacy rights when it monitored his Yahoo Messenger account and subsequently fired him for breach of the company’s computer use policy. The court, which addresses cases involving alleged violations of civil and political rights, issues decisions that are binding on the countries concerned (in this case, Romania) and that often are persuasive precedent for other European member state governments.
Following is a summary of the events that resulted in the case going before the court:
- Bogdan Mihai BÄƒrbulescu, a Romanian national, was employed by a private company located in Romania. At his employer’s request, BÄƒrbulescu created a Yahoo Messenger account for the purpose of responding to client inquiries.
- Three years later, the employer notified BÄƒrbulescu that his Yahoo Messenger communications had been monitored and that 45 pages of transcripts showed he used the internet for personal reasons in violation of the employer’s internal computer use policies, which explicitly prohibited the use of the company Yahoo Messenger account for personal communications.
- The employer subsequently fired BÄƒrbulescu for breach of its internal computer use policies.
- BÄƒrbulescu sued the employer and lost both his initial case and a subsequent appeal.
In affirming the decision in the employer’s favor, the court noted a number of sources of relevant Romanian and international law, but it ultimately restricted its analysis to the application of the Convention for the Protection of Human Rights and Fundamental Freedoms (Convention). In particular, the court considered Article 8 of the Convention, which provides that a person “has the right to respect for his private and family life, his home and his correspondence” and with some exceptions, prohibits interference with that right.
The court ultimately held that the employer did not breach BÄƒrbulescu’s rights under Article 8 and that a fair balance was struck between BÄƒrbulescu’s right to privacy and his employer’s interests. The court based that holding primarily on its findings that:
- Because of the existence of the employer’s internal policy, BÄƒrbulescu did not have a reasonable expectation that his communications would be free from monitoring.
- The employer accessed BÄƒrbulescu’s Yahoo Messenger account in the belief that it contained professional messages and acted within its disciplinary powers when it found that its internal policies had been violated.
- The employer only accessed communications on BÄƒrbulescu’s Yahoo Messenger account. The employer did not access other data stored on his computer.
The court’s ruling, which represents somewhat of a departure from Europe’s general tendency to favor individual privacy rights, reiterates for employers the importance of adopting comprehensive internal policies that are clearly communicated to employees.
FOR MORE INFORMATION
For more information, please contact:
Roy E. Hadley, Jr.
Thomas F. Zych
Craig A. Foster
Darcy M. Brosky
This advisory bulletin may be reproduced, in whole or in part, with the prior permission of Thompson Hine LLP and acknowledgement of its source and copyright. This publication is intended to inform clients about legal matters of current interest. It is not intended as legal advice. Readers should not act upon the information contained in it without professional counsel.
This document may be considered attorney advertising in some jurisdictions.
© 2016 THOMPSON HINE LLP. ALL RIGHTS RESERVED.