On Tuesday, the European Court of Human Rights ruled that companies must inform employees if their work email accounts are going to be monitored, Reuters reported. Further, such monitoring must not infringe upon workers' privacy, the court ruled.
The ruling came in judging the case of a Romanian man fired 10 years ago for using a work email account to send messages to his family. The judges found that the Romanian courts failed to protect the man's private messages because his employer had not previously alerted him that the company would monitor his account.
Though many employees worry about falling prey to phishing or other malware attacks, their privacy may be more likely to be compromised by their own employer than a third-party hacker. Email privacy has become a controversial issue, Reuters noted, as more employees use work addresses for personal messages even as employers often maintain the right to monitor those communications.
When employee email privacy cases have gone to court, employers usually win, Reuters reported.
SEE: Electronic Communications Policy (Tech Pro Research)
In this case, the European court ruled by an 11-6 majority that the Romanian judges, by backing the employer, had failed to protect the employee's right to privacy and correspondence, according to Reuters. The court concluded that the employer had not been informed ahead of time of the exact extent or nature of his employer's email monitoring, or that the employer could access the content of his messages.
The court also ruled that there had not been a strong enough assessment of whether the company had legitimate reasons to monitor the employee's messages—for example, there was no evidence that he had exposed the company to cyber risks or that he was involved in illegal activities, Reuter reported.
"This set of requirements will restrict to an important extent the employers' possibilities to monitor the workers' electronic communications," Esther Lynch, confederal secretary of the European Trade Union Confederation, told Reuters. "Although it does not generally prohibit such monitoring, it sets high thresholds for its justification. This is a very important step to better protect worker's privacy."
The US has no such law, according to Privacy Rights Clearinghouse. "If an email system is used at a company, the employer owns it and is allowed to review its contents," the group's website states. "Messages sent within the company as well as those that are sent from your terminal to another company or from another company to you can be subject to monitoring by your employer. This may include Internet-based email accounts such as Gmail and Yahoo as well as instant messages."
Employees should assume that their work email is being monitored and is not private, according to Privacy Rights Clearinghouse. However, this European ruling may lead to new privacy expectations for companies, James Froud, partner at law firm Bird & Bird, told Reuters.
"We may see a shift in emphasis, with courts requiring employers to clearly demonstrate the steps they have taken to address the issue of privacy in workplace, both in terms of granting employees 'space' to have a private life whilst clearly delineating the boundaries," Froud told Reuters.
The 3 big takeaways for TechRepublic readers
1. On Tuesday, the European Court of Human Rights ruled that companies must inform employees if their work email accounts are going to be monitored, and that such monitoring must not infringe upon employee privacy.
2. The ruling came after a case in Romania in which an employee was fired for sending messages to family members from his work account.
3. US employers still retain the right to monitor employee email; however, this ruling may eventually impact those policies as well.
- How a data breach can negatively impact your company's stock price (TechRepublic)
- Visibrain launches monitoring platform for brand reputation management (ZDNet)
- Almost half of IT security incidents are caused by company employees, report says (TechRepublic)
- 10 time-saving tips for speeding your work in Outlook (TechRepublic)
- Information Security Management Fundamentals (TechRepublic Academy)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.