Workplace control: a new ruling by the European Court
Plot of affairs
10 years ago, the complainant, Bogdan Barbulesku, was dismissed from a private company for having corresponded during working hours with his bride and brother in Yahoo Messenger.
He worked in a Romanian private company in the sales support department. His duties included responding to customer requests and for this he used Yahoo Messenger, which he installed at the request of the employer and in which he started a special account.
')
The company had internal rules that strictly forbade the use of company resources (including the Internet) for personal needs. The applicant was acquainted with them on receipt. A year after that, a document was sent to the company, in which it was recalled that it was forbidden to use the company's equipment and the Internet for purposes other than work. It also stated that the company can control workers on how they use equipment and the Internet in the workplace. A case of the employee’s dismissal was also described for using the Internet, faxing and copying for personal use, was unable to cope with her duties and was negligent in her work. The applicant was also acquainted with this document against the signature.
In July 2007, the complainant was summoned to the authorities and asked for an explanation of why his activity on the Internet is much higher than that of his colleagues.
On the charge of using the Internet for personal purposes, Bogdan Barbulesku wrote a written statement that he does not use the Internet for personal purposes. An hour later, the authorities showed him a printout of his correspondence in Yahoo Messenger on 45 pages in the week preceding his call to the authorities. From this print it was clearly visible that he corresponded on personal matters with his brother and bride. After 2 weeks he was fired. The applicant lost a dispute with the employer in the Romanian courts regarding his dismissal. He appealed to the European Court about the invasion of his right to privacy (Article 8 of the European Convention). The case was considered in terms of the obligations of the state to protect the rights from violation by other persons, in this case the former employer of the applicant. At first, the Court found no violation. After review of the case in the Grand Chamber , a violation was found.
What the European Court decided
The court pointed out that the following factors should be taken into account when monitoring the employee:
The main issue that the Court has analyzed in this case is how far the national courts have weighed the competing interests of the parties: on the one hand, the right to privacy and the integrity of correspondence provided for in Article 8 of the Convention; on the other hand, the company's interest in the efficiency of its business and its security. And accordingly, as far as the Romanian courts have taken into account the factors listed above, when considering the dispute the applicant with his company.
1. Monitoring Warning :
The court noted that the national courts proceeded from the fact that the applicant had been warned that his correspondence would be reviewed by his employer. In particular, he was notified on receipt that the company was forbidden to use its resources, including the Internet, for personal purposes, and that another employee was dismissed for using the company's resources for personal purposes. However, according to the ECtHR, they did not investigate the question whether the applicant was informed about the scope and nature of such monitoring. According to the ECtHR, a company that is going to control the employee’s correspondence should notify him before the start of monitoring, especially when controls are made on the content of the correspondence.
2. Scope of intervention :
The Court also noted that the national courts did not carry out an analysis of the scope of monitoring and the extent of the company's intervention in their employee’s personal environment.
3. Grounds for monitoring :
In addition, the courts did not assess what grounds and needs monitoring was justified. Only one of the national courts indicated that there was a need to protect the IT system from hacking, to prevent the company's possible liability in case of violations in cyberspace that could be committed on its behalf, and to protect trade secrets from disclosure. But the ECtHR indicated that these are theoretical grounds. There was no concrete evidence that the actions of the applicant could lead to the materialization of one of the listed risks.
4. Alternative to monitoring :
The courts did not examine whether it was possible to achieve the same goal (to prove that the applicant used the resources of the company for his personal purposes) without evaluating the content of his correspondence.
5. The consequences of monitoring :
The ECtHR noted that at the national level, the question of the seriousness of the monitoring consequences was not considered and that, as a result, the employee suffered the most serious possible disciplinary punishment - dismissal.
6. The moment at which the company learned the contents of the correspondence.
Romanian courts did not examine the question of when the company read the contents of the correspondence. In all likelihood, these happened before the applicant was called in to ask about personal use of the Internet. The fact that a company could gain access to the content of the correspondence at any time during the disciplinary proceedings contradicts the requirement of transparency enshrined in the recommendations of the Committee of Ministers (CM / Rec (2015) 5).
Having listed all those factors that the Romanian courts did not take into account when considering the applicant's case, the European Court concluded that the state did not adequately protect the applicant's privacy. On this basis, the Court found a violation of the rights of the applicant.
The main conclusion is this: it is possible to monitor what the employee does at the workplace, but with the observance of guarantees. It is necessary to warn him that he will be controlled, indicating what will be directly viewed, why (control objectives), to what extent and for how long. The results of the control can not be used for other purposes, except for those that were reported to the employee. For example, if the goal of control was to protect the IT system of a company, then dismissing an employee did not quite match that goal. But the monitoring of employee compliance with his duties to do only work in the office can correspond. But at the same time, it is necessary to determine whether it is necessary to read his correspondence in order to “catch” his personal affairs in the workplace. If it can be proved without reading personal correspondence, then the correspondence cannot be read (in this case, it was probably enough to identify the recipients of his messages in the messenger - the brother and the bride). And if only after reading the correspondence it was possible to prove that it was conducted on personal matters from the workplace (for example, if it is not clear from the names of the addressees that this is a brother and bride), then the company should be ready to prove that reading the contents of the correspondence was the only way to collect evidence that the employee wrote to his brother and bride during working hours from a working computer. And the employee must be warned that the company is going to review his correspondence and read its contents. Well, the violation in this case was established because the courts did not ask all these questions when they considered the dispute.
Such a decision of the European Court seems logical. If companies can control employee correspondence only on the basis of internal rules and a general notification that employee correspondence at the workplace can be monitored at any time, this can lead to total control over people at the workplace. And if the Convention does not allow such control by states, then why can private companies allow it? Today, the boundaries between work and non-work are erased, people are increasingly sending workers a letter from their personal smartphones from home or on the way home. It is difficult to imagine that the prohibition on using work resources for personal purposes also applies to such cases. The European Court has already established that the rules for protecting the home from unauthorized intrusions by the state also apply to offices. The Barbulescu Ruling logically continues this approach.
10 years ago, the complainant, Bogdan Barbulesku, was dismissed from a private company for having corresponded during working hours with his bride and brother in Yahoo Messenger.
He worked in a Romanian private company in the sales support department. His duties included responding to customer requests and for this he used Yahoo Messenger, which he installed at the request of the employer and in which he started a special account.
')
The company had internal rules that strictly forbade the use of company resources (including the Internet) for personal needs. The applicant was acquainted with them on receipt. A year after that, a document was sent to the company, in which it was recalled that it was forbidden to use the company's equipment and the Internet for purposes other than work. It also stated that the company can control workers on how they use equipment and the Internet in the workplace. A case of the employee’s dismissal was also described for using the Internet, faxing and copying for personal use, was unable to cope with her duties and was negligent in her work. The applicant was also acquainted with this document against the signature.
In July 2007, the complainant was summoned to the authorities and asked for an explanation of why his activity on the Internet is much higher than that of his colleagues.
On the charge of using the Internet for personal purposes, Bogdan Barbulesku wrote a written statement that he does not use the Internet for personal purposes. An hour later, the authorities showed him a printout of his correspondence in Yahoo Messenger on 45 pages in the week preceding his call to the authorities. From this print it was clearly visible that he corresponded on personal matters with his brother and bride. After 2 weeks he was fired. The applicant lost a dispute with the employer in the Romanian courts regarding his dismissal. He appealed to the European Court about the invasion of his right to privacy (Article 8 of the European Convention). The case was considered in terms of the obligations of the state to protect the rights from violation by other persons, in this case the former employer of the applicant. At first, the Court found no violation. After review of the case in the Grand Chamber , a violation was found.
What the European Court decided
The court pointed out that the following factors should be taken into account when monitoring the employee:
- The employee must be notified in advance that the employer can control it and about the essence of such control.
- The content of the monitoring and the degree of invasion of the employee’s privacy. The decision notes that there is a difference between viewing the correspondence and reading the contents of the correspondence. In the second case, the invasion of privacy is much more serious.
- The grounds for control must be legal and reasonable.
- When carrying out the control, if possible, methods should be used that do not assess the entire content of the employee’s correspondence.
- An assessment of the consequences of control for the employee and the extent to which control results are used for the purposes for which such control is established should be carried out.
- When controlling, an employee should be provided with adequate ways to protect his private life: a company cannot read any employee messages until they are warned that a company can do this.
The main issue that the Court has analyzed in this case is how far the national courts have weighed the competing interests of the parties: on the one hand, the right to privacy and the integrity of correspondence provided for in Article 8 of the Convention; on the other hand, the company's interest in the efficiency of its business and its security. And accordingly, as far as the Romanian courts have taken into account the factors listed above, when considering the dispute the applicant with his company.
1. Monitoring Warning :
The court noted that the national courts proceeded from the fact that the applicant had been warned that his correspondence would be reviewed by his employer. In particular, he was notified on receipt that the company was forbidden to use its resources, including the Internet, for personal purposes, and that another employee was dismissed for using the company's resources for personal purposes. However, according to the ECtHR, they did not investigate the question whether the applicant was informed about the scope and nature of such monitoring. According to the ECtHR, a company that is going to control the employee’s correspondence should notify him before the start of monitoring, especially when controls are made on the content of the correspondence.
2. Scope of intervention :
The Court also noted that the national courts did not carry out an analysis of the scope of monitoring and the extent of the company's intervention in their employee’s personal environment.
3. Grounds for monitoring :
In addition, the courts did not assess what grounds and needs monitoring was justified. Only one of the national courts indicated that there was a need to protect the IT system from hacking, to prevent the company's possible liability in case of violations in cyberspace that could be committed on its behalf, and to protect trade secrets from disclosure. But the ECtHR indicated that these are theoretical grounds. There was no concrete evidence that the actions of the applicant could lead to the materialization of one of the listed risks.
4. Alternative to monitoring :
The courts did not examine whether it was possible to achieve the same goal (to prove that the applicant used the resources of the company for his personal purposes) without evaluating the content of his correspondence.
5. The consequences of monitoring :
The ECtHR noted that at the national level, the question of the seriousness of the monitoring consequences was not considered and that, as a result, the employee suffered the most serious possible disciplinary punishment - dismissal.
6. The moment at which the company learned the contents of the correspondence.
Romanian courts did not examine the question of when the company read the contents of the correspondence. In all likelihood, these happened before the applicant was called in to ask about personal use of the Internet. The fact that a company could gain access to the content of the correspondence at any time during the disciplinary proceedings contradicts the requirement of transparency enshrined in the recommendations of the Committee of Ministers (CM / Rec (2015) 5).
Having listed all those factors that the Romanian courts did not take into account when considering the applicant's case, the European Court concluded that the state did not adequately protect the applicant's privacy. On this basis, the Court found a violation of the rights of the applicant.
The main conclusion is this: it is possible to monitor what the employee does at the workplace, but with the observance of guarantees. It is necessary to warn him that he will be controlled, indicating what will be directly viewed, why (control objectives), to what extent and for how long. The results of the control can not be used for other purposes, except for those that were reported to the employee. For example, if the goal of control was to protect the IT system of a company, then dismissing an employee did not quite match that goal. But the monitoring of employee compliance with his duties to do only work in the office can correspond. But at the same time, it is necessary to determine whether it is necessary to read his correspondence in order to “catch” his personal affairs in the workplace. If it can be proved without reading personal correspondence, then the correspondence cannot be read (in this case, it was probably enough to identify the recipients of his messages in the messenger - the brother and the bride). And if only after reading the correspondence it was possible to prove that it was conducted on personal matters from the workplace (for example, if it is not clear from the names of the addressees that this is a brother and bride), then the company should be ready to prove that reading the contents of the correspondence was the only way to collect evidence that the employee wrote to his brother and bride during working hours from a working computer. And the employee must be warned that the company is going to review his correspondence and read its contents. Well, the violation in this case was established because the courts did not ask all these questions when they considered the dispute.
Such a decision of the European Court seems logical. If companies can control employee correspondence only on the basis of internal rules and a general notification that employee correspondence at the workplace can be monitored at any time, this can lead to total control over people at the workplace. And if the Convention does not allow such control by states, then why can private companies allow it? Today, the boundaries between work and non-work are erased, people are increasingly sending workers a letter from their personal smartphones from home or on the way home. It is difficult to imagine that the prohibition on using work resources for personal purposes also applies to such cases. The European Court has already established that the rules for protecting the home from unauthorized intrusions by the state also apply to offices. The Barbulescu Ruling logically continues this approach.
Source: https://habr.com/ru/post/337614/
All Articles