In the US, when it comes to your employer watching you at work, the law is clear: it can, and it probably does. The company you work for has wide latitude to peek into your Slack chats, monitor which sites you visit, read your emails, and record your every keystroke. It’s all legal. But in Europe, a new court ruling may start to limit employers that engage in this type of surveillance. These limitations may well extend to your American company, too — if you work for a multinational corporation that also employs people in Europe.
On Tuesday, the European Court of Human Rights ruled that companies can surveil their employees’ email — but only if workers are given an explanation about the policy in advance. At issue is a case that goes back to July 2007, when a Romanian man named Bogdan Mihai Barbulescu was fired after his bosses presented him with transcripts showing he used computer software to chat with his fiancée and brother at work. After the court ruled against him, Barbulescu escalated his case to the Court, which in its final ruling this week said Barbulescu’s right to privacy had indeed been violated — because he hadn’t been properly notified about the corporate surveillance.
“The European Court of Human Rights ruling is clear — workers do not leave their human rights at the doorstep of their workplace,” Esther Lynch, confederal secretary of the European Trade Union Confederation, told BuzzFeed News in an email.
According to James Froud, a partner at the international law firm Bird & Bird, the court’s final decision was not particularly surprising. ”The courts in Europe have pretty much always taken the view that the right to privacy extends into the workplace,” he says. But Froud told BuzzFeed News that this case could force employers to be clearer about their surveillance policies in the future. “Employers are likely to be required to do more,” Froud said. “It may no longer be enough to have a notice in an employment contract or hidden away in a policy.”
In Europe, privacy is widely held to be a fundamental human right, one that should be protected as much as possible in every setting. But at work, you’re using equipment, software, and an internet connection provided by your company. Every byte of data you send and receive is effectively owned by your company, which has the right to its property. And companies often lay out as much in their employment contracts.
This is just the application of pre-digital legal doctrine to the digital age, said Vivek Krishnamurthy, assistant director of Harvard Law School’s Cyberlaw Clinic, who specializes in international internet governance. “There’s a long line of court cases that deal with employers intercepting employee communications” in order to know whether they needed to discipline that employee, said Krishnamurthy. “Courts almost always come out favoring the employer.”
Nowadays, it is widely understood — and well-accepted — that every employee will use company resources to do some (reasonable) amount of personal life management at work. But the law hasn’t formally caught up to how people use technology at work. More sophisticated employers are starting to create policies that match up to the expectations of a modern employee (and if you’re lucky, you work for one of them). But they aren’t legally bound by duty to do so. “It’s a freebie,” Krishnamurthy said.
This latest ruling by Europe’s human rights court could nudge more companies towards that direction. “US multinational employers will need to take into consideration that there is a greater emphasis, from the European perspective, on the privacy of European employees,” said Stephen Ravenscroft, a London-based partner in the law firm White & Case who specializes in employment law.
But for everybody else, this ruling doesn’t change much. “There are relatively weak expectations of privacy at work,” said Krishnamurthy. For better or for worse, this is still the norm — and you should act accordingly.
“The proper way to approach what you’re doing at work is, just think your employer could be watching you, for any number of legitimate reasons — network security, monitoring bandwidth, you name it.” If you don’t want your employer finding out you’re doing something at work, just don’t do it, he said. “At a certain point, it’s just common sense."