On 5 September 2017, in the case of Bărbulescu v Romania (Application no. 61496/08), the Grand Chamber of the European Court of Human Rights reversed a First Chamber decision and found that the Romanian courts, in reviewing the decision of a private company to dismiss an employee after having monitored his communications on an online messaging service, failed to strike a fair balance between the employee’s right to respect for his private life and correspondence enshrined in Article 8 of the European Convention on Human Rights on the one hand, and his employer’s right to take measures in order to ensure the smooth running of the company on the other. In its judgment, the Grand Chamber specifies the criteria to be applied by national authorities when assessing whether a measure to monitor employees’ correspondence and other communications is proportionate to the aim pursued and whether the employee concerned is protected against “arbitrariness”.
The Grand Chamber recognised that States must be granted a wide margin of discretion in assessing the need to establish a legal framework governing the conditions in which an employer may regulate electronic or other communications of a non-professional nature by its employees in the workplace. Nevertheless, it said, the discretion enjoyed by States in this field could not be unlimited. The domestic authorities must ensure that the introduction by an employer of measures to monitor correspondence and other communications, irrespective of the extent and duration of such measures, is accompanied by “adequate and sufficient safeguards against abuse” (see Klass v Germany 6 September 1978, § 50, Series A no. 28, and Roman Zakharov §§ 232-34). At paragraph 121 of its judgment, the Grand Chamber identified the following factors as relevant to the national authorities’ assessment of whether a given measure is proportionate to the aim pursued and whether the employee is protected against arbitrariness:
- whether the employee has been notified of the possibility that the employer might take measures to monitor correspondence and other communications, and of the implementation of such measures;
- the extent of the monitoring by the employer and the degree of intrusion into the employee’s privacy. In this regard, a distinction should be made between monitoring of the flow of communications and of their content. Whether all communications or only part of them have been monitored should also be taken into account, as should the question whether the monitoring was limited in time and the number of people who had access to the results;
- whether the employer has provided legitimate reasons to justify monitoring the communications and accessing their actual content. Since monitoring of the content of communications is a distinctly more invasive method, it requires weightier justification;
- whether it would have been possible to establish a monitoring system based on less intrusive methods and measures than directly accessing the content of the employee’s communications. There should be an assessment in the light of the particular circumstances of each case of whether the aim pursued by the employer could have been achieved without directly accessing the full contents of the employee’s communications;
- the consequences of the monitoring for the employee concerned and the use made by the employer of the results of the monitoring operation, in particular, whether the results were used to achieve the declared aim of the measure;
- whether the employee had been provided with adequate safeguards, especially when the employer’s monitoring operations were of an intrusive nature. Such safeguards should, in particular, ensure that the employer cannot access the actual content of the communications concerned unless the employee has been notified in advance of that eventuality.
The thrust of the judgment is the need for national authorities, either statutory or judicial, to recognise that an employee’s right to respect for his private life and correspondence cannot be expunged by the rules to which his employer subjects him and that any such rules must be proportionate and subject to adequate safeguards, including procedural safeguards, to protect the employee from their arbitrary application. In Copland v UK, the ECtHR found that the monitoring of the applicant’s telephone calls, e-mail and internet usage by the college of further education at which she was employed constituted a violation of Article 8 insofar as, at the relevant time, there was no domestic law regulating monitoring. The interference in that case was therefore not “in accordance with the law” as required by Article 8(2). The significance of this latest case is that it establishes that it is not enough that the employer has a lawful policy in place stipulating that communications may be monitored or even that the employee has prior notice of the deployment of such measures. The lawfulness of the employer’s activities will also depend on their proportionality determined according to the further criteria identified by the Grand Chamber. Such factors will also aid the assessment of whether the employer’s processing of personal data contained in an employee’s workplace communications goes no further than is necessary in the legitimate interests of the employer, bearing in mind that the imbalance in the relationship between employer and employee means that consent, as a legal ground for processing, cannot always be relied on.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find our more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.