Monitoring Employee's Private Communications

The Grand Chamber of the European Court of Human Rights (ECtHR), in an appeal from a decision of the Chamber of the ECtHR, has found a Romanian man, whose employer read personal messages he sent using a work account, had his right to a private life breached. The ruling reverses the original decision of the Chamber of the ECtHR, which found the employer was within its rights to monitor his computer activity. The ECtHR's original decision was seen by many as an employer-friendly decision which allowed snooping on employees' personal emails. The reality was somewhat different – but the latest decision does raise the bar, to a degree, for national courts when making decisions in cases where monitoring of employee communications is relevant.


In this case, the employer accused an employee of using his professional Yahoo Messenger account for sending personal communications, in breach of the employer’s rules. The employee denied doing so, but when the company checked his chat logs, it found both private and professional messages. He was dismissed and brought claims in the Romanian courts and, subsequently, the ECtHR.

He claimed the messages should have been protected by the right granted to him by Article 8 of the European Convention on Human Rights, which guarantees respect for private and family life and correspondence.

The employee had been informed of the employer's strict internet usage policy, and had even signed a copy of the employer’s notice reiterating the policy shortly before the disciplinary proceedings. Crucially, however, he had not been told expressly that the content of his personal communications on work IT equipment could be monitored at any time. Equally important was the failure of the domestic courts to properly consider the justification for such strict monitoring, and whether the same result could have been achieved through less intrusive means.

Responsibilities of UK employers

This decision is of limited relevance in the UK because this area is already heavily regulated by legislation, including the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000. These place important limitations on employers' power to monitor their employees' private communications. In addition, the Information Commissioner's Employment Practices Code recommends that, before embarking on monitoring of communications, employers carry out an impact assessment to demonstrate that they have achieved the correct balance between protecting workers' privacy and the interests of the business.

The factors to be taken into account in this kind of impact assessment reflect those which the Grand Chamber considered to be relevant in the context of protecting individuals' Article 8 rights. In addition, it should be noted that Part 3 of the Employment Practices Code states that if workers are allowed to access personal email accounts at work, such emails should only be monitored in exceptional circumstances.

It should be noted that an employee may also be able to claim that excessive monitoring has breached the implied duty of trust and confidence, entitling them to resign and bring claims based on constructive dismissal.

It was the case before this decision, and still is, that employers should have well-drafted and well-publicised policies in place on the use of work devices and systems by staff; and any employer engaging in the monitoring of employee communications should have a clear business rationale for doing so and carry it out in a reasonable manner.

Judgement raises the bar for national courts

The significance of this recent decision is that national authorities, courts and employment tribunals are likely to conduct more detailed fact-finding and balancing exercises when faced with employee complaints relating to communications monitoring; and in relevant cases, employment tribunals will be more likely to find unfairness where an employer reaches a decision to dismiss based on evidence obtained from scrutinising employee communications beyond the boundaries expressly provided for in any internal rules and procedures.

Warning for employees

It remains the case that where employers do have appropriate policies in place, private communications made using their systems can be monitored, and this can result in disciplinary action up to and including dismissal. Indeed, in certain circumstances, employers can also access private messages and data on devices belonging to employees, such as smart phones, tablets and laptop computers, where they have been used for work-related purposes.

Accordingly, an employee should not communicate anything using a system or device that their employer has notified them can be accessed or otherwise monitored that they would not be happy communicating directly to the employer.

As per guidance provided by the ECtHR and the UK Information Commissioner, employees who are given permission to use their work email for private communications should mark messages as private or personal when appropriate so that when monitoring use of their email systems, employers can avoid opening personal emails unless there is a very good reason to do so.

Ruling will apply to the UK post Brexit

The ECtHR is distinct from the EU, so this judgment will remain applicable law after Brexit, regardless of whether or the extent EU law shall continue to apply.

Leave a Reply

(Your email will not be publicly displayed.)