On 12 January 2016, the European Court of Human Rights (the “Court”) ruled that that there had not been a violation of Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms protecting the individual’s private life in case of an employer monitoring the employee’s communications within the framework of disciplinary proceedings.
Background
An employee was dismissed by his employer in 2007 for privately using a Yahoo Messenger account at work, chatting with his fiancée and his brother. The messenger account was specifically set up for business purposes. Any use for personal affairs was expressly forbidden by the company’s internal regulations. The employer discovered the employee’s breach while accessing the account with the belief that it contained professional messages, as the employee denied any personal use of the account. The employer, however, presented a 45 page transcript of personal messages that the employee had exchanged.
Mr. Barbulescu challenged the dismissal before the Bucharest Court (Tribunalul Bucureşti) complaining that the decision to terminate his contract was null and void as his employer had violated his right to correspondence in accessing his communications in breach of the Constitution and Criminal Code. The claim was dismissed on the grounds that the employer had complied with the dismissal proceedings under the Labour Code and that Mr Bărbulescu had been duly informed of the company’s regulations and said judgment was maintained by the Bucharest Court of Appeal.
Relevant Romanian law
The Labour Code in force at the time of events provided in Article 40 par. (1) letter (d) that the employer had the right to monitor the manner in which the employees completed their professional tasks. Article 40 par. (2) letter (i) provided that the employer had a duty to guarantee the confidentiality of the employees’ personal data.
Further, Law no. 677/2001 on the protection of individuals with regard to the processing of personal data1 and the free movement of personal data1 provided that personal data can only be processed if the concerned person consented to it and it sets out a list of exceptions when consent is not necessary. Exceptions refer, among other situations, to the completion of a contract to which the concerned individual is a party and to securing a legitimate interest of the data operator (Article 5par. (2) (letters a and e)).
It is noteworthy that such legal texts are in force on the date hereto.
The Court’s arguments
For assessing if there had been an interference under Article 8, the Court analysed the degree of “reasonable expectation of privacy” that employee had at the workplace. In this connection, it noted that it is not disputed that the applicant’s employer’s internal regulations strictly prohibited employees from using the company’s computers and resources for personal purposes.
Further, the Court noted local courts attached particular importance to the fact that the employer had accessed the applicant’s Yahoo Messenger account in the belief that it had contained professional messages, since the employee had initially claimed that he had used it in order to advise clients. Consequently, the employee could not claim an “expectation of privacy” while at the same time denying private use. In addition, the employee had no convincing reason for using work equipment for private purposes Therefore, the Court concluded that the employer acted within its disciplinary powers since, accessing the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access is legitimate.
The Court found that the employer’s decision to terminate the applicant’s employment was not based on either the actual content of his communications nor on the fact of their eventual disclosure. In this regard, the Court noted that the applicant did not argue that he had had no other form in which to bring these arguments separately before local courts, as the applicable law provided for other remedies designed principally to protect private life (such as a criminal complaint based on Article 195 of the Criminal Code or a complaint based on Article 18(2) of Law no. 677/2001), and the applicant did not claim that they were ineffective.
Moreover, the Court was persuaded by the fact that the Romanian courts did not reveal the precise content of the personal messages, but only that they were personal. Only the Yahoo Messenger account set up for business purposes was accessed and no other documents and data stored on Mr Barbulescu’s computer.
In conclusion, the Court’s view was that nothing indicated that the Romanian authorities had failed to strike a fair balance, within their margin of appreciation, between the applicant’s right to respect for his private life and the employer’s interests.
Conclusions
This decision does not give employers green light to put their employees under surveillance. There remain cases where surveillance is justified and cases where it is not.
A reasonable expectation of privacy was considered to be justified where the employer expressly allowed employees to use a company phone or computer for private purposes (Case Halford v. United Kingdom), or where it had been tolerated (Case Copland v. United Kingdom).
It is noteworthy that in case of Bărbulescu v. Romania, the difference is that the employer expressly prohibited such use.
As Judge Pinto de Albuquerque recommends in his separate opinion, for the sake of transparency and awareness, the employers should implement an Internet usage policy in the workplace, including, inter alia, specific rules on the use of email, instant messaging, social networks, blogging and web surfing. The rights and obligations of employees and in the same time of the employer should be set out clearly and the employees should be notified personally of the said policy and consent to it explicitly.
