News

16 April 2021

Crisis, what crisis? Legal sector revenues surge - Julie Norris quoted in The Law Society Gazette

12 April 2021

How family lawyers have adapted their working practices during the pandemic- Will MacFarlane quoted in The Times

12 April 2021

Mid-tier auditors fear the scrutiny of big mandates - Julie Matheson quoted in the Financial Times

Filter news by category:

Blogs

Events

21 April 2021

Kingsley Napley Spotlight Series - Insights into Legal Services Regulation in 2021 : Embedding effective structures, systems and processes

15 April 2021

The Importance of Dialogue - International Judicial Dialogue and the Contribution of Women to the Judiciary

1 March 2021

Kidz to Adultz: Venue to Virtual

2 February 2021

Kingsley Napley Spotlight Series - Insights into Legal Services Regulation in 2021: The Impact of Beckwith v SRA

20 January 2021

The Future of Visas and Immigration with Lord Bilimoria

KN Talks

KN BAME Talks - Shannett Thompson and Donna Cummings delve into issues around BAME recruitment

A tougher stance on foreign nationals with criminal convictions?

Show all talks

Data Protection – can employers still monitor employees’ communications in light of Barbulescu v Romania?

6 September 2017

Don’t panic, they can. But, the decision in Barbulescu v Romania from the appeal chamber of the European Court of Human Rights (ECtHR) shows that, in future, employers must apply their mind in a much more rigorous way to how they go about it.

The facts of the original ECtHR decision were widely reported in 2016. The employee in question complained that his employer had unlawfully monitored his Yahoo! Messenger account, which had been expressly set up for business purposes, and used this as grounds to dismiss him. The ECtHR disagreed. He knew that he wasn’t allowed to use this for personal communication, but he did so extensively (and in a rather explicit fashion...). The employer’s interference to his right to privacy under Article 8 had been proportionate.

The ECtHR appeal court has now overturned that decision. It considered that the manner in which the communications were monitored did not give adequate protection to the employee’s right to privacy and so was disproportionate and unlawful.

A fundamental problem with the employer’s approach to monitoring was that they had not informed the employee in advance of its extent and nature or “of the possibility that [they] might have access to the actual content of his messages”. This is despite the fact that it was beyond doubt that the employee knew full well what he was doing was strictly prohibited by the employer’s policies.

The ECtHR stated that “it considers that proportionality and procedural guarantees against arbitrariness are essential”. It set out factors for courts to consider when determining what side of the line an employer’s monitoring activities fall upon:

  1. whether the employee has been given advance notice. In normal circumstances, this notice should be clear about the nature of the monitoring;
  2. whether it is simply the flow of communications which is being monitored or the actual content of the messages and to what extent;
  3. whether the employer has legitimate reasons to justify the monitoring which takes place. The bar is higher if the content of the messages is accessed;
  4. whether less intrusive monitoring could have taken place, i.e. if the employer could have achieved its aims without actually accessing the content;
  5. whether the employee was aware of what the monitoring could be used for, i.e. if the employee didn’t know the messages might be used to sack them, this may weigh against the employer; and
  6. whether there were adequate safeguards in place to protect the employee, including preventing the employer from accessing the content of the messages until the employee has been notified of this possibility.

In light of Barbulescu, it is undoubtedly prudent for employers to take a close look at their policies and practices regarding monitoring employees’ communications to ensure that they can comply with the above.

We will be providing further in depth analysis and practical guidance on what the Barbulescu case means for businesses at our data protection seminar next week - Managing employee data risks - Are you GDPR friendly and Brexit proofed?

At this seminar, as well as covering the impact of that decision, we will also be covering a range of issues including consent and recruitment; data management; subject access requests; and cross-border transfers.

This event is now fully booked, but materials will be available after the event, so please contact us at events@kingsleynapley.co.uk if you would like to receive a copy of these.

Should you have any GDPR or data protection queries, please contact Kingsley Napley’s data protection team.

 

You may also be interested in reading some of our recent blogs on the topic of data protection, subject access requests and GDPR, including:

Employment Law Team

+44 (0)20 7814 1200

enquiries@kingsleynapley.co.uk

Connect on LinkedIn

Follow on Twitter

Subscribe to blog RSS feed

Subscribe to all blog RSS feeds
LinkedIn Twitter Facebook Email to a friend

Share insightLinkedIn Twitter Facebook Email to a friend Print

Email this page to a friend

We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.

Leave a comment

You may also be interested in:

Blog

Civil Fraud Quarterly Round-Up: Q1 2021

Mary Young

Blog

Breakdown of Trust

Sital Fontenelle

Blog

How do we calculate compensation in a cerebral palsy case

Aideen McGarry
Close Load more

Skip to content Home About Us Insights Services Contact Accessibility