April 12, 2007 8:31 AM PDT
E-mail monitoring may violate European laws
- Related Stories
Police blotter: No privacy in home PC brought to workApril 5, 2007
Real ID is bad? Compared to what?April 5, 2007
FCC imposes rules designed to prevent pretextingApril 2, 2007
E.U. official: Now isn't time for RFID regulationsApril 2, 2007
FBI chief blames computers for privacy flapMarch 27, 2007
Senators skeptical of Real ID Act rulesMarch 26, 2007
Senators won't take away FBI surveillance powerMarch 21, 2007
Europe to develop guidelines on RFIDMarch 16, 2007
The case involved a public-sector employee who won $5,910 in damages and $11,820 in court costs and expenses after her communications were intercepted by her employer, Carmarthenshire College, based in South Wales. Lynette Copland successfully took the U.K. government to court after her personal Internet usage and telephone calls were monitored by one of her bosses in 1999.
The ruling means that the private use of company telecommunications equipment and Internet access may be protected under European human rights legislation, if the company has an acceptable personal-use policy and fails to inform employees that their communications may be monitored. Employee communications are also covered by human rights legislation if the organization has no explicit acceptable-use policy and fails to inform employees of the monitoring of personal e-mail.
Privacy experts at law firm Pinsent Masons, based in London, said that although businesses now have clear guidance for monitoring work communications under the Regulation of Investigatory Powers Act 2000, personal communications at work may be protected by the European Convention on Human Rights, and the Human Rights Act 1998.
"The lawful business practice regulations allow an employer to monitor and intercept business communications, so the court is implying that private use of a telecommunications system, assuming it is authorized via an acceptable-use policy, can be protected (by human rights legislation)," said Chris Pounder, a privacy specialist.
"The ruling is important in that it reinforces the need for a statutory basis for any interference with respect to private use of a telecommunications system by an employee," Pounder added.
Copland brought the case against the government after her communications were intercepted by the deputy principal of Carmarthenshire College, a publicly funded body, where she was employed as a personal assistant to the college principal.
Her lawyers successfully argued that the activity breached her rights under Article 8 of the Convention on Human Rights, which says that "everyone has the right to respect for his private and family life, his home and his correspondence."
The government admitted there had been monitoring of dates, times and participants in Copland's e-mail and telephone conversations, and of her Internet usage. The college had no policy in place at the time informing employees that their communications might be monitored.
"According to the court's case-law, telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of Article 8," said the court's ruling. "It follows logically that e-mails sent from work should be similarly protected under Article 8, as should information derived from the monitoring of personal Internet usage. The applicant in the present case had been given no warning that her calls would be liable to monitoring, therefore she had a reasonable expectation as to the privacy of calls made from her work telephone. The same expectation should apply in relation to the applicant's e-mail and Internet usage."
Copland's damages and costs will be borne by U.K. taxpayers. She remains in her post at the college.
In the United States, monitoring of employees' e-mail and other Internet communications is commonplace. Some surveys have suggested that over half of large U.S. corporations currently monitor outbound e-mail or plan to do so. Certain securities firms are subject to rules requiring them to save e-mail and instant messages and perhaps monitor a sampling of them.
Even in the U.S., though, the law isn't always that straightforward. If a company does not have a clear policy warning its employees that e-mail messages are subject to surveillance, courts may take a dim view of the legality of monitoring. And a bill was proposed in Congress in 2000--which ultimately did not become law--that would have required employers to "provide notice" of electronic monitoring.
Tom Espiner of ZDNet UK reported from London.
6 commentsJoin the conversation! Add your comment