'Don't snoop on staff,' European bosses warned

Worker Image copyright Getty Images
Image caption Employers have been warned not to carry out "Stasi-style surveillance"

Bosses have been urged not to indulge in invasive surveillance by reading their employees' private messages.

A series of groups spoke out after Europe's top court ruled a Romanian man whose employer read his messages had not had his rights violated.

He broke company policy by using a work account to talk to his family.

In response, bodies representing directors and workers, as well as privacy and human resources groups, all issued similar warnings to bosses.

The European Trade Union Confederation, which represents workers across the continent, said the judges' decision should not act as a "green light… to start snooping" on staff.

The case in the European Court of Human Rights did not introduce any new rules, but acted as a stress test for those that already allowed similar surveillance by employers in some circumstances.

'Big Brother bosses'

Institute of Directors director general Simon Walker said: "Employees should not be subject to Stasi-style surveillance at work.

"We would strongly urge businesses not to read an employee's personal messages, apart from in the most exceptional circumstances."

Image copyright Thinkstock
Image caption Bosses have been warned that many employees will be unhappy with surveillance measures

British Trades Union Congress general secretary Frances O'Grady said: "Big Brother bosses do not get the best out of employees.

"Staff who are being snooped on are less productive and less healthy".

And the Chartered Institute of Personnel and Development said: "Employees that feel under excessive surveillance are also more likely to suffer from stress, so there needs to be a clear case for monitoring."

They were joined by the privacy campaign group Big Brother Watch, which said: "None of us should ever assume that what we do online during work hours or when using devices owned by our employer, such as computers, tablets or mobile phones, is private - but, equally, no employee should be in fear of being monitored by their boss."

Private life

The judges' ruling, handed down on Tuesday, said Romania had not failed to uphold the right to a private life of its citizen Bogdan Barbulescu.

Mr Barbulescu's employer had sacked him after finding he had been using a Yahoo Messenger account to speak to both his fiancee and his brother, despite having been asked to set up the account for work purposes only, the seven judges said.

The company had also banned private use of the internet at work.

When confronted, Mr Barbulescu had denied violating the policy, the judges found.

And the company had therefore been justified in reading both the work and private correspondence on the account - some of it highly sensitive.

Mr Barbulescu said his rights had been violated and, having been unsuccessful in arguing as much in the domestic courts, asked the judges to rule that Romania had failed in its duty to him.

Does the decision make it legal for my boss to snoop on me?

Image copyright Thinkstock
Image caption The court's decision does not create new powers for employers

The court's decision does not introduce new measures.

Reading the messages was already legal in Romania, as it is in other countries, including the UK.

Rather, it agreed with the Romanian authorities that the circumstances in which Mr Barbulescu's messages had been read did not represent a breach of his right to a private life.

The judges, in effect, declined to send a signal to courts across Europe that they considered surveillance under those circumstances unacceptable.

If the judges had found the other way, the Romanian government would have been obliged to abide by their decision.

Others, however, would not, because European Court of Human Rights decisions affect only the country named in the case.

The effect on domestic courts is different.

Each country adopts its own approach to the court's decisions.

In the UK, for example, judges are obliged to take them into account, not to follow them without question, as has sometimes been claimed.

Moreover, the court's decision did not actually go further than existing UK laws, which already allowed some reading of employees' communications under certain circumstances.

One of the seven judges, who disagreed with his colleagues, did say that the blanket ban on private internet use at work imposed by Mr Barbulescu's former employer was unacceptable and there should be stricter regulation of when and how bosses should be allowed to carry out such surveillance.

So, how do I avoid my private messages being read?

The case before the court considered the specific circumstances in which Mr Barbulescu found himself - rather than workplace surveillance as a whole - and agreed that they were not a breach of his rights.

So, avoiding those would be a good start.

In the UK, the amount of access employers have to employees' communications is defined by a series of laws and regulations that balance when it is lawful against when it is proportionate and necessary.

Image copyright Thinkstock
Image caption Experts recommend limiting private communications to personal devices and networks

Essex University professor of EU and human rights law Steve Peers told the BBC: "Employees might be violating employer policies if they install software to block tracking.

"It is best for people to stick to company policy on use of work equipment and use their own smartphones if they need to do something personal.

"Definitely the wisest course for people whose company policies allow their work emails to be read - or who believe their employer would do it anyway - is to use their own phone or tablet, and use mobile data if they can, instead of employer wi-fi."

Apps that use end-to-end encryption, such as Signal, WhatsApp and others, provide an extra level of security.

Broadly, "the legal principles should be similar across Europe, particularly regarding personal data, as this is derived from EU legislation", said Kathryn Dooks, an employment partner at the law firm Kemp Little.

But some domestic laws and regulations would differ, she told the BBC.

Are there any exceptions?

The banking regulator, the Financial Conduct Authority, requires banking companies to "take reasonable steps to record relevant telephone conversations, and keep a copy of relevant electronic communications" on company equipment.

FCA-regulated businesses must also take steps to stop staff sending work messages on their own equipment.

According to a 2014 Financial Times article, some banks became so concerned employees, aware they were being watched, would move to non-work channels to engage in illicit behaviour that they started comparing performance against average internal communications channel use.

More on this story