Who is reading your work emails? Employers must obtain consent before snooping, lawyers warn
It follows a decision by the European Court of Human Rights last month that employers must warn staff if they plan to monitor their emails.
Lawyers have urged regional companies to ensure they follow suit.
That European ruling is expected to set a precedent on how far a company could potentially snoop into their employees’ online activities.
The court’s decision was related to a case in Romania where a man was fired for using his work email to communicate with his family.
“The key point for employers is that their ability to monitor employees’ activities on email and online must be carefully managed and prior consent obtained,” said Rebecca Ford, partner in the MENA employment team at Clyde and Co, based in Dubai.
The European ruling may pose questions for European multinationals in the region where workplace practices and norms can vary.
Samir Kantaria, partner, head of employment law, at Al Tamimi & Co. said that he advises companies when they are drawing up their HR manuals or employment contracts to ensure that the employee doesn’t “expect a right to privacy” when using work email on the company’s network.
“If there was any potential for an employee to make trouble for an employer, the practices we recommend our clients to take are there to try to protect them,” said Kantaria.
He is currently working on a case in which the employer is presenting work emails in a disciplinary procedure as evidence that the employee was not fulfilling the requirements of his job.
Monitoring of employee emails should be “reasonable” and “for a business purpose,” said Ford — news that might come as a relief to many employees who occasionally use their work account to quickly arrange a catch-up with friends, book a restaurant or pay a bill.
Ford added that the monitoring of employee online activities outside of the workplace or through their own personal devices could be considered “unlawful.”
While lawyers in the UAE and the rest of the Gulf can make recommendations to employers, there is as yet no specific data protection laws that apply at federal level across the UAE for example. Some other Gulf countries are in the process of developing their own laws.
In the UAE, the Penal Code and Cybercrimes law makes it a criminal offense to intercept personal and confidential material without consent. It is currently the only federal level legislation that could offer any protection against someone reading or intercepting your personal data, such as emails. While there is move and a growing desire to set up a more specific federal level data protection law, there is nothing in the legislative pipeline yet, said Nick O’Connell, partner at the law firm Al Tamimi & Company.
“There is quite a bit of movement in the region. Qatar — about a year ago — they introduced a data protection law. I have also heard recently that Bahrain has a draft law on the horizon, and for the UAE I think it really is just a matter of time.
Data protection is much more on peoples’ radar than it used to be and at a legislative level it really is just a matter of time,” he said. “In order to be a credible economy I think these days you need to make sure you are in line with what other countries are doing in this space,” he said.
Dubai International Financial Center (DIFC) and the Abu Dhabi Global Markets (ADGM) already have their own data protection laws that govern the way personal data is processed.
LONDON: A new European legal ruling on workplace email monitoring could impact multinationals with operations across the Gulf.