Select Page

This statement often conjures up negative emotions and particularly in the workplace the idea of monitoring and surveillance can make employees’ wary and in turn demotivated.

However, for organisations, monitoring employees at work is an important tool to manage risk and responsibilities going forward. It is important that a fair balance is reached between an organisations requirement to monitor and staff’s right to privacy.   

Monitoring employees has been the subject of many legal cases over the years and the issue has appeared again in January 2016 in the case of Barbulescu v Romania. This case focuses on monitoring employees’ use of the internet and personal communications at work.

Before we look at that case in more detail it would be useful first of all to consider the main points around monitoring employees’ in the workplace.

Why is monitoring important?

Employees’ use of email and the internet (including their activities on social network sites and blogs) can lead to performance issues, damage to an organisations reputation, loss of business and various legal liabilities including:

  • Harassment and discrimination.
  • Defamation.
  • Communication of confidential information and trade secrets.
  • Copyright infringement.
  • Hacking.
  • Transmission of viruses.
  • Employee negligence.

The above risks can be managed by monitoring employees’ actions and employing specific policies and methods to tackle these issues.

Legal Issues?

Before an employer considers monitoring its employees’ there are legal implications that must be considered such as:

Electronic forms of workplace surveillance involve the processing of personal data and as such is regulated by the Data Protection Act 1998 (DPA 1998). Employers will need to consider the eight data protection principles set out in Schedule 1 to the DPA 1998 as these apply to the processing of all personal data.

All eight principles are relevant to employee monitoring, but some are more significant than others, in particular:

  • Personal data shall be processed fairly and lawfully considering the processing conditions set out in Schedule 2 and Schedule 3 (sensitive personal data) to the DPA 1998. This effectively requires the provision of detailed information to employees about the employer’s monitoring activities.
  • Personal data shall be obtained only for specified lawful purposes and shall not be processed in a manner incompatible with those purposes. In the context of monitoring, this principle becomes relevant where the employer does not provide sufficiently detailed information about:

–          the method by which it monitors its employees;

–          the information it collects; and

–          how the information may be processed.

  • Personal data shall be adequate, relevant and not excessive for the purposes for which they are processed.

In addition the following issues should be considered by employers’: 

  • The duty of trust and confidence, which is implied into every employment contract, and this implied duty is relevant as the employer’s monitoring activities may constitute a breach of this duty, depending on the circumstances.  If there has been a fundamental breach of the implied term of trust and confidence then the employee may consider bringing a claim for constructive unfair dismissal.
  • If disciplinary action is taken against an employee in relation to the monitoring activities discovered, employers must act fairly and reasonably in accordance with the Employment Rights Act 1996 and follow procedural requirements of the Acas code of practice.
  • Employees who believe they have been unfairly targeted by their employer’s monitoring activities could also claim they have been unlawfully discriminated against as a result of their sex, race, age, disability, religion or sexual orientation.

Along with the DPA employers should be aware of the European Convention on Human Rights (ECHR), which has been incorporated into UK law by the Human Rights Act 1998.

The argument that employees tend to run on monitoring in the work place is their right to privacy within article 8 of the ECHR has been breached.

Is there a right to privacy at work?

Article 8(1) of the ECHR states “everyone has a right to respect for his private and family life, his home and his correspondence”. However, this is not an absolute right.

The case, Barbulescu v Romania (mentioned at the beginning of this article) deals precisely with this issue. In this case the European Court of Human Rights held that there was no violation of an employee’s right under Article 8 ECHR in circumstances where an employee had been dismissed for using the Company’s internet for personal purposes during working hours.

In this case, Mr Barbulescu was an engineer who used his business Yahoo Messenger account to send and receive personal messages with his fiancée and his brother, including messages about his health and sex life. This was in breach of his employment contract. His employer, discovering this accidentally, dismissed him. Mr Barbulescu argued that the Romanian courts should have excluded all evidence of his personal communications on the grounds it infringed his Convention rights to privacy.

The European Courts held that while Article 8 was engaged, the employer’s monitoring of his communications pursuant to workplace rules and regulations had been reasonable in the context of disciplinary proceedings, and the Romanian Courts had acted appropriately in balancing the employee’s rights against the interest of his employer.  The Court recognised the need for employers to be able to verify that employers are completing professional tasks during working hours.

This judgment really underlines the importance of having appropriate monitoring polices in place and making sure they are communicated to employees and adhered to by employers.

Going forward

It is important for employers to provide information to employees about any monitoring it proposes to carry out in the workplace. The best way to do this is via an electronic communications policy, which should include:

  • Clear standards of conduct and performance
  • Examples of appropriate and inappropriate use of technology and IT systems
  • How activities may be monitored
  • That inappropriate use will be dealt with as a disciplinary matter

The policy should be given to employees at the start of their employment and reminders about the policy together with any changes to the policy should be provided regularly. It may also be useful to undertake training on the policy with line managers so they can ensure the policy content is communicated and adhered to properly.

Do employers now have a right to “snoop” on their employees?

In essence the case supports that provided there is a clear policy in place about the use of electronic communications and IT systems, and the accessing of employees’ use of IT systems is proportionate and legitimate then any action taken in light of this may be fair if the act committed breaches the organisations policy.

However the case highlights the requirement to have a policy in place, to ensure this is clearly communicated to staff and that the monitoring is reasonable and for business purposes.

Fundamentally the case does not allow for an absolute right for employers to “snoop” on their employees’ private communications.

This issue has also been discussed by Caroline Acton in the attached Yorkshire Post article:

If you would like any further information on this article please contact Marie or Caroline at Consilia Legal on 0113 357 1315 or