By Paman Singh, Employment law solicitor, Law At Work

A LANDMARK decision that a Romanian engineer had been unfairly dismissed for exchanging intimate messages with his fiancé during working hours could set a new legal precedent across Europe.

Originally the European Court of Human Rights (ECtHR) found the Romanian justice system had been right in its ruling and the employer had acted reasonably, both in reading the employee’s messages and in his subsequent dismissal, a decision that resulted in a flurry of news headlines suggesting employers could now snoop on employees’ email accounts at leisure.

Loading article content

This time round the judges overturned the earlier ruling which was, said the Court, a violation of his right to a private life. This is despite the fact the company’s rules prohibited personal use of office resources and the employee had been told not to use his company email account for private messages.

With Brexit creeping towards us, bosses may assume rulings of the European Court of Human Rights will not apply here, but in fact they do. The ECtHR has nothing to do with the European Union or European Court of Justice, and Britain is expected to observe the Convention after Brexit.

In an age when the use of instant messaging apps within the workplace is widespread, this ruling is important. Research carried out by IT recruitment website Dice, found nearly 70 per cent of UK workers regularly send WhatsApp, Facebook, and other instant messages at work. Whilst the original decision by the ECtHR allowed employers to carry out reasonable monitoring to ensure their employees were using their work hours productively, this is no longer the case.

This case reinforces the importance of having well drafted policies in place setting out in clear terms the circumstances in which personal use of systems is permitted and, importantly, the extent of monitoring and circumstances in which it may occur.

A major reason why the employee’s arguments succeeded was the fact that his employer had failed to tell him about the nature and extent of any monitoring of his personal communications before this monitoring took place.

As a practical tip, employers should put in place a policy which helps to support the argument the employee had no expectation of privacy at all. The fuller the information, the more likely it is that an employee will not be able to demonstrate an expectation of privacy over communications on workplace equipment. Generic wording would appear not be sufficient and, in any event, would not meet data protection requirements.

For example, do your social media policies make it clear that you may monitor posts made outside of the work place, even if posted using personal equipment?

A detailed policy will go some way to ensuring that employers do not fall foul of the law but it will not give them carte blanche to monitor all employee communications unfettered. The Court emphasised at length that the scope of any monitoring should be considered, alongside the level of intrusion. In essence, there ought to be a balancing up exercise carried out by an employer before they decide to monitor private communications, to ensure it is done proportionately.

As the Information Commissioner’s Office’s Employment Practices Code indicates, privacy impact assessments should be conducted before introducing technology which could be used to monitor employees. A proper impact assessment will also help to meet the need for documented processes and risk assessments under the forthcoming revamp of data protection laws by the General Data Protection Regulations (GDPR).

There are few businesses that will not be impacted in some way by the issues and following the decision, employers should seek expert advice before taking any actions that could land them on the wrong side of the revised legal position.