Employers may be entitled to snoop on personal messages sent from chat software during work hours, the European Court of Human Rights (ECHR) has ruled.
The ruling related to a case brought by a Romanian engineer who was fired in 2007 after his bosses rummaged through his chat logs sent from a work account and found several personal messages.
Bogdan Bărbulescu had lost his case in a Romanian domestic court in Bucharest before appealing to the ECHR. He claimed in both instances that his bosses had breached his right to privacy by reading a 45-page transcript of his chat logs.
However, the court heard that Bărbulescu's employer had previously banned staff from sending personal messages during work hours and warned all staff about the consequences of doing so.
As a result, the European court ruled that the company had done nothing wrong because the messages were sent from a work device, reportedly set up specifically to answer customer queries.
The ruling stated: "The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings."
However, the ECHR added that workers should remain protected from any "unfettered snooping" by employers.
"Even where there exist suspicions of cyber slacking, diversion of the employer's IT resources for personal purposes, damage to the employer's IT systems, involvement in illicit activities or disclosure of the employer's trade secrets, the employer's right to interfere with the employee's communications is not unrestricted," stated the ruling.
The court's decision applies to all European counties signed up to the European Convention on Human Rights, which includes the UK. However, it is important to note that UK domestic courts have only to consider the ruling in any similar cases in the future and are not held to it by law.
The court advised European firms to create a solid policy with regard to workplace internet use.
"All employees should be notified personally of the policy and consent to it explicitly. Before a monitoring policy is put in place, employees must be aware of the purposes, scope, technical means and time schedule of such monitoring," the judges ruled.
"Employees must be made aware of the existence of an internet use policy in force in their workplace, as well as outside the workplace and during out-of-work hours, involving communication facilities owned by the employer, the employee or third parties."
Sally Annereau, data protection analyst at Taylor Wessing, said the ECHR had made the right decision based on the facts of the case and added that claims it allowed snooping all private communications by staff is wrong.
“While the UK, as a signatory to the European Convention on Human Rights, is bound by the judgments of the European Court of Human Rights, this judgment does not extend the scope of permissible employee monitoring in the UK.
"It is worth emphasising that the heart of the judgment is that the Romanian domestic authorities acted appropriately in striking a fair balance between the rights of the individual to respect for his private life and the interests of his employer.
"In this case, the employer's policy stated that its systems could only be used for professional purposes. It consequently expected it would only be accessing client-related communications."
You can read the full judgement here:
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith