On 12 January 2016, the European Court of Human Rights (“ECHR”) handed down a judgment permitting the monitoring of an employee’s private internet use on a company computer during working hours.
Monitoring private communications on company IT systems
The decision concerned an employee in Romania who used an instant messaging service, set up for corresponding with clients, to communicate with his brother and fiancée, in contravention of his employer’s internal policy. The employee’s employment was terminated as a result. The employee argued that the monitoring of his private correspondence breached his right to respect for his private and family life, his home and his correspondence under Article 8 of the European Convention on Human Rights. Whilst the ECHR did find that such right was applicable, it held that the monitoring of the employee’s communications was reasonable to the extent that the surveillance undertaken was for the purpose of confirming whether professional tasks were completed during working hours.
Whilst this judgment should provide comfort to those employers who wish to monitor employee communications during working hours, it is not clear how far the remit of such surveillance may extend. For example, the vast majority of employees use their personal smartphones at work, and may connect to the office Wi-Fi. However, it is not clear whether the courts would consider surveillance of the personal use of the internet by an employee using their personal smartphone as reasonable. Other employees in this age of 24/7 working may be provided with employer smartphones/devices yet be permitted to use these for their own reasonable personal communications as well. The line as to what will be reasonable personal communications will inevitably be a grey one, particularly with many employees working flexibly outside of traditional working hours.
Best practice for employers monitoring employees’ use of IT
Employers should continue to proceed with caution if they decide to monitor employees’ internet use as compliance with data protections laws, and other relevant legislation, will still be necessary. Employers should ensure that they have appropriate policies in place for the use of information and communication systems at work, clearly setting out guidance on the acceptable use of such systems, whether users will be monitored and the purpose(s) of any monitoring.