Monitoring of an employee’s private internet use and resulting dismissal justified

The European Court of Human Rights (“ECHR”) has today set down a judgment in the case of Bărbulescu v Romania, with a finding that the employer’s monitoring of the employee’s use of the company’s internet for personal purposes and his resulting dismissal did not violate Article 8 of the European Convention on Human Rights (right to respect for a private and family life).

Mr Bărbulescu, who was an engineer in charge of sales at a private company, created a Yahoo Messenger account on his company-provided device at the request of the employer for the purpose of responding to client enquiries. After a period of monitoring, it was found that Mr Bărbulescu had used the account for both professional and personal purposes, with the company finding in particular messages exchanged with his brother and his fiancée relating to purely personal matters. Mr Bărbulescu’s employment was terminated for breach of internal policy, which stated that company resources were not permitted to be used for personal purposes.

Following a domestic court process, the case and question of whether Article 8 had been breached was left to be determined by the ECHR. The ECHR found that Article 8 was engaged, but “did not find it unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.” Mr Bărbulescu’s claim that his right to privacy had been breached was dismissed.

This is being held as a wide-reaching judgment in the press, but does not necessarily alter the position previously held by employers in the UK. The press release issued by the ECHR specifies that the Court “noted that the employer had accessed Mr Bărbulescu’s account in the belief that it contained client-related communications”. The judgment therefore does not appear to extend to personal use by employees of their own private devices, but employees who use company-provided devices for personal use should be alive to the prospect that those devices may be checked by their employer, and their use monitored. Following this judgment, such employees should also be aware that such monitoring may extend to their personal use of such devices.

What should employers do?

1. Ensure that their internal IT, internet and social media policies cover the remit of what is acceptable use of company servers and devices, specify when (if at all) personal use may be permitted, and enable employers to monitor devices and usage as necessary.
2. If you have concerns about the use of company devices by employees, reminders of the remit of their behaviour as regulated by the internal policy should be circulated.
3. Any specific incidents of misconduct should be dealt with in the usual way, by following internal disciplinary procedures and acting within the band of reasonable responses open to the employer.

If you have any queries on the impact of this ruling to your organisation, please do not hesitate to contact a member of the Ashtons Legal Employment team.