Ekran System Blog

News, opinions, and industry insights

Is employee online communication monitoring legal in Europe? ECHR says yes


A number of European employers are concerned about monitoring of employee activity during working hours as it may be considered as violation of the workers' data and correspondence privacy. Meanwhile, insider threats remain the growing danger to the corporate data and operation security and employees are frequently the most privileged and numerous insiders.


Ekran System already made a professional legal study about European norms, laws, official recommendations, and legal risks related to employee monitoring. This research provides a set of practical recommendations about how to organize worker activity monitoring process minimizing all potential collisions.


Now we have the official statement of the European Court of Human Rights (ECHR) regarding the question: Is employee online communication monitoring legal or not? Earlier today, it was made public that ECHR ruled an employer can monitor online communications when considering the case of a Romanian employee fired from his company in 2007 when it was discovered that he had used Yahoo Messenger to communicate not only with his professional contacts but also his family. In particular, the ex-employee insisted that the company had violated his right to confidential correspondence. The official statement of the judges is that it was not "unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours".


Moreover, the Strasbourg's court defended the decision to allow transcripts of the employee's communications be used against him in court, saying "it proved that he had used the company’s computer for his own private purposes during working hours".


This precedent, we believe, will help companies to organize insider threat detection and monitoring processes more efficiently and protect corporate assets and business processes while respecting human rights and dignity. Besides protecting enterprises from security risks, user activity monitoring is required by a number of compliance norms - see for example, Cyber security compliance for financial institutions.


Read also about the IT security tips to follow .