ECHR scales back businesses' powers to snoop on staff's private messages
Companies must try to stop staff from using work email for personal use before it gets out of hand
The European Court of Human Rights (ECHR) has rules a company shouldn't have sacked one of its employees because he sent private emails from his work account during working hours.
The ECHR used the case of Romanian Bogdan Mihai Brbulescu vs Romania to stipulate what companies can and can't do when monitoring employee emails.
If a company wants to monitor employee email usage, it must notify the employee beforehand and tell them to what extent their communications will be monitored, whether the employer has legitimate reasons to monitor the content, whether it's possible to monitor the communications via other, less intrusive methods and the consequences if an employee is found to be misusing company email.
The court ruled the way the employer in this case monitored emails was against Brbulescu's human rights, explaining the employer "failed to strike a fair balance between the interests at stake: namely Mr Brbulescu's right to respect for his private life and correspondence, on the one hand, and his employer's right to take measures in order to ensure the smooth running of the company, on the other."
The court found no evidence that Brbulescu received a warning that his communications were being monitored prior to losing his job and even if he was told, he was unaware of the extent of the snooping. It concluded that the company had not protected his right to respect for his private life and correspondence under Article 8 of the Convention.
This overturns rulings made in Romanian courts, which said the employer was within its rights to monitor Brbulescu's computer activity using software.
"Although it was questionable whether Mr Brbulescu could have had a reasonable expectation of privacy in view of his employer's restrictive regulations on internet use, of which he had been informed, an employer's instructions could not reduce private social life in the workplace to zero," said the court in its decision.
Although this decision could concern other businesses that they are unable to monitor employee emails, the EHCR explained they can still dismiss employees if they're using business email for personal use. However, the employer must take sufficient safeguards to prevent abuse before it gets out of hand.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now