Bosses CAN’T snoop through your emails

Early last year, I wrote an article for this blog about a privacy case decided by the European Court of Human Rights (ECtHR). The case itself was not particularly interesting, ground breaking nor did it have particular direct impact on UK law. The newspaper coverage of the case, however, was astonishing with front pages screaming "Your boss can now read EVERY Facebook and WhatsApp message you send at WORK". Writing the article was as much about dispelling myths as anything else.

The case I'm referring to is Barbulescu v Romania. This week something more remarkable has happened in relation to this case; the Grand Chamber of the ECtHR has overturned the original decision and found in favour of the Claimant that Romanian authorities had not adequately protected his right to respect for his private life and correspondence.

Background

The background to the case was that Barbulescu, a Romanian national, was employed by a private company in charge of sales and, at his employer's request, he set up a Yahoo messenger account to respond to clients' enquiries. His employer then monitored his use of that account and presented evidence to show that he had used the account to send personal messages, including information about his health and sex life, contrary to the employer's internal procedures. Barbulescu was dismissed.

Barbeluscu brought an unsuccessful claim before the Romanian courts challenging his dismissal, in which he argued that his employer had breached his right to correspondence enshrined in the Romanian Constitution and Criminal Code. Following an unsuccessful appeal, Barbulescu brought a claim before the ECtHR but his claim was against the Romanian state, not his employer, because individuals can only enforce the European Convention of Human Rights against public bodies, not private individuals or companies.

What decision was made this week?

The Grand Chamber concluded that Romanian authorities had not adequately protected Barbulescu's right to privacy and had failed to strike a fair balance between the interests at stake. The judges criticised the Romanian courts for failing to determine whether Barbulescu had been given prior notice that his communications might be monitored nor had they given sufficient regard to the extent of the monitoring or the intrusion into his private life.

What is the impact of this case?

As with the earlier decision on this case, the impact on UK law is minimal. For the reasons explained in my previous blog on the case, we continue to recommend that employers are cautious about how, when and why they access private information about their employees. It was already the established position in UK law that employees should be notified in advance if their private communications are likely to be monitored. This is particularly relevant with the forthcoming introduction of the General Data Protection Regulation, as Amy Wren has been explaining recently for this blog.

A more alarming issue is the misreporting of the case by UK newspapers last year, many of whom a quick Google search suggests haven't bothered to cover the appeal decision this week.