Workplace Surveillance: is our privacy protected at work?
By Yuan Stevens and Joanna Bronowicka, December 2016
Can your boss spy on you at work? Can your employer monitor private chats with your family? If you work in Europe, the answer to these questions might depend on the upcoming ruling of the the European Court of Human Rights. Yuan Stevens and Joanna Bronowicka analyse the implications of the pending case for privacy of workers in Europe.
On November 30, 2016, the Grand Chamber of the the European Court of Human Rights (ECtHR) was supposed to issue a final ruling in the Barbulescu v. Romania case. But the final decision has been deferred for several more months. The ruling will define the meaning of privacy at work for employees in the 47 countries that have ratified the European Convention of Human Rights.
The case raises important questions: is the privacy of workers in Europe still adequately protected by law? What are the legal instruments available to workers in case their privacy was breached? What rules should employers follow when monitoring their workers? Answering these questions will be an important challenge for lawmakers and researchers in the years to come.
The Spark: Engineer Fired for Chatting at Work
The case goes back to 2007 when a Romanian engineer Bogdan Barbulescu was fired by his employer for using a Yahoo Messenger account for personal purposes. His employer presented him with a 45-page transcript of chats with his brother and fiancée — some of which referred to his sexual health problems. The employer justified his decision with company policy, which explicitly forbids the use of “computers, photocopiers, telephones, telex and fax machines for personal purposes.”
Barbulescu claims he was never informed that his employer was monitoring his internet usage ostensibly through spyware. He sued his employer in domestic courts for wrongful dismissal, but they decided that the company acted reasonably. The engineer decided to pursue his legal battle in Strasbourg’s human rights court, which might set an important precedent for millions of other workers.
In the first ruling issued by the ECtHR in January 2016, Barbulescu’s claims were dismissed again, but the Romanian worker appealed to the court’s Grand Chamber. The majority of judges in the initial ruling had reasoned that although the privacy of the engineer was breached, his right to privacy has to be balanced with his “employer’s interests”. The court upheld that the Romanian courts did strike an appropriate balance.
In his dissenting opinion, judge Paulo Pinto de Albuquerque argued however that, “workers do not abandon their right to privacy and data protection every morning at the doors of the workplace.” He also points out that “employer’s interests” are not clearly defined in the ruling, but can be inferred to mean interest in profitability and productivity. The protracting deliberations of the Grand Chamber suggest that the the judges will not take their decision lightly.
Workplace Surveillance: Technology Outpaces Legal Adjustments
In the decade since Barbulescu was fired, the pace of technological change has accelerated. Today, the technologies used to supervise employees at work include not only software for monitoring computers, phones and emails of the employees but also cameras, microphones, biometric devices, and GPS receivers. As the digitisation of work advances, the social and legal norms about privacy and surveillance at workplace are still in flux. And the national, European and international laws are slow to adapt to these technological changes.
One of the earliest attempts to address the question of electronic monitoring of workers was done by the International Labour Organisation (ILO) almost 20 years ago. In the Code of Practice: Protection of workers’ personal data issued in 1997, the ILO offers general principles with respect to the protection of workers’ personal data and how it ought to be collected, secured, stored, used, and communicated. The guidelines state that “Computerized retrieval techniques, automated personnel information systems, electronic monitoring, genetic screening and drug testing illustrate the need to develop data protection provisions which specifically address the use of workers’ personal data in order to safeguard the dignity of workers, protect their privacy (…).” Two decades later, the need identified by the ILO is even more apparent.
European human rights law has been much slower in recognising technological change. In 1997, the ECtHR ruled that Article 8 (the right to privacy) can apply to telephone calls made from the workplace (Halford v. the United Kingdom). Only in 2007, did the case of Copland v. the United Kingdom, expand the right to privacy to emails and personal internet usage on business premises. Importantly, that ruling also established that employees have a reasonable expectation of privacy absent a warning that their communication would be monitored.
Another source of legal safeguards for workers’ privacy has been the European Union’s data protection regime. The EU directives apply more specifically to the collecting, storing and processing of personal data about employees, rather than the act of workplace surveillance. However, as the Article 29 Working Party suggests in its 2001 opinion, rules about workers’ data can be extended to their electronic communication: “Any collection, use or storage of information about workers by electronic means will almost certainly fall within the scope of the data protection legislation. This is also the case of the monitoring of workers’ email or Internet access by the employer.”
The new EU data protection rules which will enter into application on May 25, 2018 also do not directly address the challenge of workplace surveillance. The task of providing specific rules about processing employees’ personal data remains in the hands of Member states. Article 88 of the General Data Protection Regulation (GDPR) does, however, state that “those rules shall include suitable and specific measures to safeguard the data subject’s human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing.”
As the challenges of workplace surveillance become more apparent, it is clear that the patchwork legislation does not adequately meet the needs of European workers who do not want to completely forgo their privacy at work. Employers who turn to digital tools to improve productivity and profitability, might also find it hard to navigate the constantly evolving and multilayer legal framework. Lawmakers and courts will have to respond by providing a clear and balanced legal framework. The final decision by the ECtHR will be an important step in this direction.
Images: BYTE Magazine