By EDRi

Altogether, this judgment is not the ECtHR’s finest hour – Steve Peers

On 12 January 2016, the European Court of Human Rights (ECtHR) handed down a new ruling regarding the electronic surveillance of employees by their employers (Bărbulescu v Romania). Applying a relatively permissive interpretation of the right to privacy, the Court did not establish a breach of article 8 of the European Convention on Human Rights. Despite having found violations of the right to privacy in similar cases, the Court took a different view in this judgment. It therefore warrants careful analysis.

................................................................. Support our work - make a recurrent donation! https://edri.org/supporters/ .................................................................

The case concerned Mr Bărbulescu, who was dismissed from his job as a sales manager for sending personal messages during working hours. In order to support these accusations, his employer accessed the messaging logs on Mr Bărbulescu’s workplace computer. Mr Bărbelescu contested his dismissal in court, claiming that it had been the result of an unjustified breach of his right to privacy. When his claims were rejected in the national courts, he lodged a complaint before the ECtHR alleging that the Romanian state had failed in its positive obligation to protect his right to privacy.

While the Court acknowledged that the employer’s accessing of personal correspondence constituted a limitation of the right to privacy – as they have previously decided for telephony and email in Halford and Copland – they did not establish a breach of the Convention. This might lead to some to believe (incorrectly) that this judgment opens the doors for indiscriminate employers surveillance, which it does not. The Court did not overrule or ignore the findings from Halford and Copland, but rather found various case-specific factors to distinguish the the current case from its predecessors.

In previous case law on employer-employee surveillance, the Court emphasised whether the employee had received prior notification of the possibility of surveillance and, accordingly, whether they had a ‘reasonable expectation of privacy’. It is not entirely clear whether Mr Bărbulescu had received any prior notification. The Court noted that parties disagree on this issue and did not pursue it further.

The Court therefore turned to other factors in deciding Mr Bărbulescu’s case: in distinguishing it from previous decisions, the Court emphasised that his employer’s internal regulations expressly prohibited any non-professional use of workplace equipment (while personal communications were at least tolerated in Halford and Copland). Accordingly, the employer could have accessed the employee’s Yahoo Messenger account on the assumption that the communication related to professional activities. The Court also found that ‘it is not unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours’. In addition, the monitoring was found to be limited and proportionate since other data and documents stored on the computer were not examined . In light of these facts, the Court considered that the Romanian judiciary did not exceed its margin of appreciation in finding that the employer acted within its disciplinary powers.

The broader significance of this ruling is difficult to assess. Firstly, this is due to the fact that the Court did not explicitly consider all the criteria laid down in article 8(2) of the Convention. While the Court focused on the question of proportionality, it did not explain why the limitation was ‘in accordance with the law’ and based on a ‘legitimate aim’. This departure from previous case law makes it difficult to draw comparisons with previous rulings and to assess the precise ramifications of this decision.

Secondly, the ruling also contains some factual inconsistencies. As outlined in a blog post by Steve Peers, contradictions arise regarding the order of events and the non-disclosure of the identity of the message recipients. For example, it is not clear whether the employer started his surveillance before or after formally accusing Mr Bărbulescu. This matter is not insignificant. After all, the employer claims to have relied on Mr Bărbulescu’s denial of accusations in assuming that his communications were of a non-private nature. The Court recognises this assumption as a valid defense, but it is unclear whether this assumption is solely justified by Mr Bărbulescu’s prior denial of accusations or could also be applied to their employees more generally. When must employer’s take into account the potentially private nature of workplace communications? In this regard and others, the judgment remains unclear due to an ambiguous presentation of the underlying facts. ‘Altogether, this judgment is not the ECtHR’s finest hour’, Peers writes. Indeed, it cannot be ruled out that it will be taken to the Grand Chamber and given a more comprehensive, in-depth treatment.

Is Workplace Privacy Dead? Comments on the Barbulescu judgment (14.01.2016)
http://eulawanalysis.blogspot.be/2016/01/is-workplace-privacy-dead-comments-on.html?m=1

ECtHR Judgment: Bărbulescu v Romania (12.01.2016)
http://hudoc.echr.coe.int/eng?i=001-159906

ECtHR Judgment: Halford v UK (25.06.1997)
http://hudoc.echr.coe.int/eng?i=001-58039

ECtHR Judgment: Copland v UK (03.04.2007)
http://hudoc.echr.coe.int/eng?i=001-79996

(Contribution by Paddy Leersen, Intern at EDRi)

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner