Pri­vacy rights of work­ers in spot­light

Euro­pean Court of Hu­man Rights backs com­pany over the fir­ing of an em­ployee for con­tra­ven­ing com­puter pol­icy

Business Day - Business Law and Tax Review - - BUSINESS LAW & TAX REVIEW - VER­LIE OOSTHUIZEN

IN THE week of Jan­uary 11, the Euro­pean Court of Hu­man Rights de­liv­ered a land­mark de­ci­sion re­gard­ing the in­ap­pro­pri­ate use of so­cial me­dia mes­sag­ing plat­form, Ya­hoo Mes­sen­ger, by an em­ployee in Ro­ma­nia.

The em­ployee had been us­ing the ser­vice for pri­vate mes­sages at work and the ac­count had been ac­cessed and read by his em­ployer. He was dis­missed for con­tra­ven­ing the com­pany’s com­puter pol­icy by par­tic­i­pat­ing in per­sonal cor­re­spon­dence dur­ing work­ing hours.

The em­ployee al­leged that his right to pri­vacy had been breached by the com­pany’s sur­veil­lance of his Mes­sen­ger ac­count.

Briefly the facts of the case are that the em­ployee, an en­gi­neer in charge of the sales of a pri­vate com­pany in Ro­ma­nia, had been di­rected by his em­ployer to set up a Mes­sen­ger ac­count for the pur­poses of re­spond­ing to client queries. A while there­after, the em­ployee was in­formed by the com­pany that his Mes­sen­ger ac­count had been un­der sur­veil­lance and that the records in­di­cated that he had been us­ing the ser­vice for pri­vate mes­sages dur­ing work­ing hours and that this was a con­tra­ven­tion of the com­pany’s in­ter­nal pro­ce­dures. The em­ployee stated that he had only used Mes­sen­ger for pro­fes­sional pur­poses. A printed tran­script of his ac­count showed this was clearly un­true and he was dis­missed for us­ing com­pany prop­erty for per­sonal pur­poses.

Is­sues of the em­ployee’s right to pri­vacy and the pro­cess­ing of per­sonal data were at the fore­front of the court’s de­ci­sion in this mat­ter. The pro­tec­tion of per­sonal data is a long es­tab­lished re­quire­ment and le­gal prac­tice in Europe. SA has re­cently passed the Pro­tec­tion of Per­sonal In­for­ma­tion Act (POPI) which is closely based on the prin­ci­ples enun­ci­ated in the Euro­pean codes. There­fore, guid­ance from the Euro­pean Courts shall be sig­nif­i­cant in im­ple­ment­ing POPI in SA. This re­cent de­ci­sion is bind­ing on all sig­na­to­ries of the Euro­pean Con­ven­tion on Hu­man Rights, which in­cludes the UK.

Sig­nif­i­cantly, the court stated that an em­ployee’s right to pri­vacy does not mean that ev­ery ac­tiv­ity that he or she en­gages in is pro­tected from scru­tiny. Al­though em­ploy­ees could have a rea­son­able ex­pec­ta­tion as to the pri­vacy of tele­phone calls, e-mails and in­ter­net ac­cess at the work­place in the ab­sence of ex­plicit poli­cies gov­ern­ing such mat­ters, it was not a blan­ket pro­tec­tion. Thus, if a com­pany has an un­am­bigu­ous pol­icy pro­hibit­ing the use of its fa­cil­i­ties for pri­vate com­mu­ni­ca­tions, then there can be no ex­pec­ta­tion of pri­vacy for those com­mu­ni­ca­tions.

The court held in this case that the em­ployer had a clear pro­hi­bi­tion against pri­vate com­mu­ni­ca­tion and that the em­ployer was en­ti­tled to en­sure and ver­ify that the em­ployee was com­plet­ing his “pro­fes­sional tasks dur­ing work­ing hours”. The court also found that the pro­cess­ing of the em­ployee’s per­sonal in­for­ma­tion had been “lim­ited in scope and (was) pro­por­tion­ate” to the pur­pose the em­ployer was try­ing to achieve.

This judg­ment is in­cred­i­bly far­reach­ing in its con­se­quences for em­ploy­ees in Europe. Whether this ap­proach would be able to pass muster in SA re­mains to be seen. What this judg­ment does show is that statutes such as POPI may not mean that an em­ployee is im­mune from sur­veil­lance by their em­ployer when us­ing com­pany IT equip­ment dur­ing work­ing hours.

Fur­ther­more, it also shows that the Euro­peans do not re­gard strict IT poli­cies as en­croach­ing on an in­di­vid­ual’s right to pri­vacy or pro­tec­tion of per­sonal in­for­ma­tion.

Con­se­quently, em­ploy­ers would be well ad­vised, with the proper and nec­es­sary le­gal as­sis­tance, to re­vise their IT poli­cies and pro­ce­dures re­gard­ing per­sonal com­mu­ni­ca­tions dur­ing work­ing hours.

Statutes such as POPI may not mean that an em­ployee is im­mune from sur­veil­lance by their em­ployer when us­ing com­pany equip­ment An em­ployee’s right to pri­vacy does not mean that ev­ery ac­tiv­ity that he or she en­gages in is pro­tected from scru­tiny

Pic­ture: iSTOCK

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.