Boss Can Read Private Messages Sent on Work Media

The European Court of Human Rights in Strasbourg, recently handed down a decision in which they have determined that employers can make and enforce policies that employees were not to use their internet for anything but work.

Employees can read private messages on work facilities to check compliance with the policies. The employee, Bogdan Barbulescu routinely used his employer’s interest for sending yahoo messenger chats whilst he was at work. The employer had set out a policy that they were not to use the internet for anything but work. The employer maintained regular checks on the use of internet accounts and discovered the impropriety.

Mr Barbulescu argued that he had a right to private life and this had been breached when his employer perused a log of messages on a yahoo message account which he had created for work and from a second account. Mr Barbulescu had prior warning that the company would check his messages.

The ECHR said that the firm was within its rights to read Yahoo Messenger chats sent whilst he was at work. His employer had established a policy with regard to internet usage that it was only to be used for work and the employer had a right to check on Mr Barbulescu’s activities and determine whether he was complying with the company’s rules. The ECHR held:-

  • The firm believed it was accessing a work account;
  • That it was “not unreasonable...that an employer would want to verify that employees were completing their professional tasks during working hours”
  • The employer acted within its discretionary powers, since as the domestic Courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate.
  • This was a proportionate step because the employer refrained from accessing any other information stored on Mr Barbulescu’s work computer. The device used to send messages was owned by the employer. This decision was likely to be followed in any similar case in the United Kingdom.

The question here is: what rights do workers in the United Kingdom have to privacy? In what circumstances would an employer be able to look at documents contained within work computers, mobile phones or iPads to monitor work performance and identify breaches of the firm’s policies with regard to internet use?

It is clear that information contained on work computers belongs to the employer. Employees should be wary of putting private & confidential information on work computers, particularly where there is a strict policy in regard to the employer’s ability to access that information. Employees should be particularly careful in breaching the use of any social media and internet policies produced by the employer.

Right to Privacy

The first question that arises is whether or not there is a right to privacy. Under English Law, the right to privacy has been very sporadic. It has effectively arisen intermittently within case law, particularly with regard to actions for nuisance and harassment and a tortious action for trespass. More recently, informational privacy has been recognised by the Data Protection Act 1988. There was not traditionally a recognised general right to privacy or rather informational privacy. However, the Human Rights Act 1988 developed the concept of a right to human privacy under articles 8, 9 and 10.

Article 8 states in the first paragraph that “everyone has a right to respect for private and family life, his home and his correspondence”.

Article 9 provides a right to freedom of thought, conscience and religion.

Article 10 allows for a right to freedom of expression.

The key provision is in article 8. However, article 8 has limitations set out in paragraph 2:

“...there shall be no interference by a Public Authority with the exercise of this right, except such as is in accordance with the law and is necessary in a democratic society in the interest of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedom of others.”

What the ECHR determined and what would be determined here as well, is that in Employment Law, the right to respect for private and family life must be limited by the terms of an Employment contract and the employer’s policies, in so far as they are otherwise lawful. One cannot have privacy from lawful investigation, into breaches of contract where those investigations are conducted on media or technology owned by the employer, if the employer has set out a policy for doing this and warned the employee.

Therefore, the right to privacy is limited by the following:-

1.    Implied or expressed term in employment contracts, that the employee must

(a)      comply with the reasonable instructions of his employer

(b)      provide his professional services exclusively during working time to the employer

2.    The employer’s right to supervise monitor and appraise his staff’s performance and to set appropriate and lawful performance targets.

3.    The employer’s right to monitor the use of equipment that the employer owns and has provided for work purposes.

4.    Procedures regarding inspection of work technology and media including the circumstances which warnings must be given before such inspections take place. Employers should also set out the need for the inspection to proportionate i.e. limited to the identified purpose of the inspection.

5.    The employer’s privilege to detect and manage breaches of contract.

6.    The employer’s duty to comply with Public Law, with respect to the commission of civil or criminal offences in working time, using the employer’s media and technology.

7.    The employer’s privilege to protect his or her reputation from harm by improper use of the employer’s media or technology.

These requirements are quite restrictive. An employer who time manages his/her staff, and creates policies against improper use of his/her media and internet facilities, could truly discipline a staff member who failed to meet time targets for who was in breach of social media policies by making unauthorised use of the employer’s media, for private purposes, to the detriment of his efficiency and target management at work.

Managing the Social Media Environment

Employers must take steps to ensure that they provide very clear guidelines to their staff about uses and abuses of their media and technology. All employers should have the following in place:-

1.    A clear set of terms and conditions of employment, which set out the employee’s duty to apply their time exclusively to the employer’s instructions, during the working day and to obey the reasonable instructions of the employer. The employment contract may also set out the definition misconduct or gross misconduct which would include internet use and unauthorised use of the employer’s media and technology.

2.    The employer should have a relevant policy in writing which could be notified to the employee, setting out the authorised use of the employer’s technology and its limitation and/or a social media policy setting out the extent or otherwise to which an employee may use the employer’s technology, internet facility and social media technology and possibly the penalties for abuse.

3.    The employer should have a clear policy as to misconduct with respect to technology, internet or social media abuse (this could include iPads, phones and laptops) including the systems of warnings which would be put in place when an inspection was likely to occur and as to any breaches or misconduct discovered in the course of such inspection.

4.    The employer should have in place appropriate grievance and disciplinary procedures which are compliant with the draft ACAS procedures. Employers should keep detailed records of every step taken with respect to an allegation of misconduct for technology, internet or social media abuse. If this evidence can be produced before a Tribunal in the course of a plan for unfair dismissal, it is unlikely that a Tribunal will make a determination inconsistent with the Barbulescu case. However, there must be a word of warning with regard to private facilities such as phones, iPads and laptops owned by the employee. An employer might discipline an employee for failing to reach notified targets, because the employee was undertaking private activities during work hours but it is unlikely that a UK Court will hold than an employer is entitled to require an employee to surrender private resources to the employer for inspection, to enable the employer to read private correspondence. But of course, the employee may choose to provide personal data or information in order to defend a particular position but it is unlikely that they can be compelled to do so. The point was not determined by the decision in Barbulescu but in that respect, the information contained in private resources may be protected by article 8 in the “right to respect for his private and family life, his home and his correspondence...”

Of course, the best protection for employees is not to send anything during working hours on any media under their control, especially work computers, mobile phones, iPads etc which they would not want the employer to see.

If you have any questions on this article or would like us to review your terms and conditions of employment please contact Paul Stevens on 0208 290 7422 or email

to chat