In the case of Barbulescu v Romania, the Grand Chamber of the European Court of Human Rights (“ECtHR”), has found that the monitoring of Mr Barbulescu’s Yahoo Messenger communications infringed his Article 8 privacy rights. This decision has overturned the January 2016 decision of the Chamber of the ECtHR, which we previously summarised here.
Mr Barbulescu was dismissed by his employer for breaching their IT policy, which strictly prohibited any use of the internet, phone or fax machine for personal matters. As part of the disciplinary process, his employer had monitored his Yahoo Messenger account, set up by Mr Barbulescu at his employer’s request to respond to client queries, and discovered that he had used the account to send personal and intimate messages, both to his fiancée and his brother.
After unsuccessfully attempting to challenge his dismissal under Romanian law, Mr Barbulescu brought a claim against the Romanian government in the ECtHR for failure to protect his Article 8 right to respect for his private and family life, his home and his correspondence.
In January 2016, the Chamber of the ECtHR, found the monitoring Mr Barbulescu’s internet and email communications to be a proportionate interference with his Article 8 rights and that it was not unreasonable for an employer to want to verify that their employees are working during working hours.
Mr Barbulescu appealed this decision to the Grand Chamber of the ECtHR.
The decision of the Chamber was overturned by a majority. The Grand Chamber found that Mr Barbulescu’s Article 8 rights had been infringed and that the Romanian courts had failed to both protect his rights and failed to strike a fair balance between Mr Barbulescu’s and his employer’s interests.
Perhaps the key factor in their decision was the fact that the employer’s IT policy did not inform employees of the extent to which their internet usage and online communications would be monitored, or that their employer had access to the content of these communications. Also significant was the fact that the Romanian courts had failed to adequately consider the justification for such a strict IT policy, and whether the same result could have been achieved through less intrusive means.
The Grand Chamber set out several factors to be considered when assessing the monitoring of workplace communications to ensure adequate safeguards against abuse. These include the extent to which employees were notified of the monitoring, the extent of the monitoring, whether the employer had a legitimate reason to justify the monitoring and the consequences of the monitoring.
The Chamber’s initial decision was surprisingly employer-friendly. This decision by the Grand Chamber is a return to established principles. This decision emphasises the need for a clear policy on monitoring electronic communications, which explains when and to what degree such monitoring will occur.
It is important to remember that, in the UK, employers’ ability to monitor the private communications of their employees is limited under statute. In addition, the Information Commissioner’s ‘Employment Practices Code’ recommends carrying out an impact assessment prior to monitoring communications and this assessment should consider factors similar to those identified by the Grand Chamber. This judgment therefore reiterates the laws and guidelines already in place in the UK.