About as much as it has to do with the government’s no deal planning preparations: not much at all. I for one would be perfectly content to return to a time when the yellowhammer was allowed to roam the Siberian hills without having to bear the weight of the impending economic crisis on its fragile frame.
However, we are where we are, and it would be remiss of me not to use the opportunity presented by the poor yellowhammer’s fate for a dubious segue into a blog on monitoring in the employment relationship.
When Operation Yellowhammer documents were leaked to the press last month, the House of Commons subsequently voted in favour of Dominic Grieve’s motion requiring the disclosure of:
- Operation Yellowhammer papers, and
- e-mails, texts and WhatsApp messages sent and received by civil servants and the now infamous special advisors to the Prime Minister on both work and private devices/accounts.
The government’s response to 1, was to disclose a suspiciously thin and euphemistically titled “Reasonable Worst-Case Planning Assumptions” document (presumably after a panicked civil servant frantically crossed through the original title – “Base Scenario”).
As far as 2 goes, Michael Gove described the request as “inappropriate in principle and in practice”, and rejected it out of hand. This is my tenuous link to employee monitoring. I know, most employers are unlikely to find Dominic Grieve banging on their door waving an Act of Parliament demanding to see private employee communications, but employers can and do monitor communications. Is it equally inappropriate to monitor private communications as part of that? When do private messages become the employer’s business?
Employee monitoring – practical tips
Accessing an employee’s private messages is not completely out of bounds, but it is a risky business. The position is not straightforward as the issue intercepts several significant areas of law, including human rights, data protection and equality law:
- Data protection is clearly a primary concern. Although monitoring activities can still be conducted lawfully under the GDPR, before undertaking any such monitoring employers will need to consider:
- What is the legal basis for processing the data? Remembering that relying on consent in an employment context will rarely be appropriate.
- Whether a data protection impact assessment is required and, if so, whether it supports the use of monitoring. Consider whether there is a less intrusive way of achieving your desired aim.
- Has the employee been given adequate notice that monitoring may be carried out?
For more information about the data protection implications of monitoring, please see Owen O’Rorke’s blog (although written prior to the introduction of the GDPR, it’s principles remain relevant) or contact our Data Protection team.
- The starting point from a human rights perspective is the European Convention on Human Rights, incorporated into national law by the Human Rights Act 1998. Article 8(1) provides a right to respect for one's “private and family life, his home and his correspondence”, with a familiar EU caveat that an infringement on the right must be sufficiently important to obtain a legitimate aim, whilst going no further than necessary. Case law in this area directs courts to consider:
- whether a reasonable expectation of privacy had been given to the employee (eg was there an IT acceptable use policy in place at the workplace, and was the employee given clear advance notification about monitoring), and
- whether the interference with privacy was justified. This idea is neatly summarised in the following extract of the Grand Chamber of the ECtHR’s judgment in Barbulescu, “[…] an employer's instructions cannot reduce private social life in the workplace to zero”’ In other words, an employer cannot simply grant itself absolute power to invade privacy by putting in place draconian policies. For more information about the Barbulescu case, please see our blog piece on the decision – here.
- To give you a flavour of how the courts have dealt with cases in this area:
- Halford v United Kingdom  24 ECHR 32: there was a breach of Article 8 when a police inspector's telephone calls from her office were tapped. She had been given no indication that her calls would be monitored and, in fact, one of the two office telephones had been explicitly designated as being for her private use.
- Copland v United Kingdom  ECHR 253: Ms Copland's telephone, e-mail and internet usage were monitored in order for her employer to ascertain whether Ms Copland was making excessive use of the employer’s resources for personal reasons. At the relevant time, the employer did not have a policy regarding the monitoring of employees' telephone calls, e-mail or internet usage. The European Court of Human Rights held that there had been a violation of Ms Copland's rights under Article 8(1).
- Garamukanwa v United Kingdom (70573/17)  6 WLUK 109, the European Court of Human Rights agreed found that an employee had no reasonable expectation of privacy in material seized from his mobile phone during a police investigation into allegations of harassment against him made by a colleague. The police subsequently passed the seized material to his employer, who used it in disciplinary proceedings against Mr Garamukanwa. Mr Garamukanwa had been on notice for over a year that his employer found his conduct unacceptable, following receipt of a complaint by the colleague, and the Court considered that he could not have reasonably expected that, after this date, any materials or communications linked to the allegations would remain private.
- It could potentially be considered discriminatory if an employer accesses the private messages/accounts of a certain employee because they have a protected characteristic. It could also be portrayed as an act of victimisation under the Equality Act 2010 or detrimental treatment under whistleblowing legislation if an employee who has raised relevant complaints is suddenly targeted for monitoring.
- Publicly available messages or posts sent from an employee’s personal account are a slightly separate matter. The key issue will be the nature and seriousness of the comments made, and the damage to the employer’s reputation. For more information, please see my recent article on the dismissals of Danny Baker and George Galloway following comments they made on social media.
If you require further information about anything covered in this blog, please contact Hugh Young, or your usual contact at the firm on +44 (0)20 3375 7000.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, October 2019