European court rules companies must tell employees of email checks

By Alastair Macdonald and Foo Yun Chee STRASBOURG (Reuters) - Companies must tell employees in advance if their work email accounts are being monitored without unduly infringing their privacy, the European Court of Human Rights said in a ruling on Tuesday defining the scope of corporate email snooping. In a judgment in the case of a man fired 10 years ago for using a work messaging account to communicate with his family, the judges found that Romanian courts failed to protect Bogdan Barbulescu's private correspondence because his employer had not given him prior notice it was monitoring his communications. Email privacy has become a hotly contested issue as more people use work addresses for personal correspondence even as employers demand the right to monitor email and computer usage to ensure staff use work email appropriately. Courts in general have sided with employers on the issue. The ruling sets boundaries for e-monitoring versus privacy rights, said Stephanie Raets at Belgian law firm Claeys & Engels Antwerp. "The most important lesson learned from the judgment is that, although an employer may restrict the employees' privacy in the workplace, it may not reduce it to zero," she said. The company had presented Barbulescu with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use. Barbulescu had previously told his employer in writing that he had only used the service for professional purposes. The European court in Strasbourg ruled by an 11-6 majority that Romanian judges, in backing the employer, had failed to protect Barbulescu's right to private life and correspondence. The court concluded that Barbulescu had not been informed in advance of the extent and nature of his employer's monitoring or the possibility that it might gain access to the contents of his messages. The company was not named in the ruling. The court also said there had not been a sufficient assessment of whether there were legitimate reasons to monitor Barbulescu's communications. There was no suggestion he had exposed the company to risks such as damage to its IT systems or liability in the case of illegal activities online. "This set of requirements will restrict to an important extent the employers' possibilities to monitor the workers' electronic communications," said Esther Lynch, confederal secretary of the European Trade Union Confederation. "Although it does not generally prohibit such monitoring, it sets high thresholds for its justification. This is a very important step to better protect worker's privacy." The ruling could lead to more clarity on the scope of corporate discipline, said James Froud, partner at law firm Bird & Bird. "We may see a shift in emphasis, with courts requiring employers to clearly demonstrate the steps they have taken to address the issue of privacy in workplace, both in terms of granting employees 'space' to have a private life whilst clearly delineating the boundaries," he said. (Reporting by Alastair Macdonald, Julia Fioretti and Foo Yun Chee in Brussels; Editing by Matthew Mpoke Bigg)