Yesterday’s ECHR ruling (BBC News Item) has been recognised as having wide implications for employees, despite the caution of the judges in the language of their ruling – effectively dealing only with the specifics of the case before them and generally avoiding clear references to wider application.
However, the flurry of analysis of implications for employee being “spied” on by their employers obscures potentially significant – and perhaps unwelcome – considerations for businesses. The ability of an employer – subject to notification and reasonableness tests – to retrieve, secure and review their employees messages needs to be looked at in conjunction with employers’ obligations, for example under the UK Bribery Act to monitor the effectiveness of their anti-bribery programmes, or under the FCA’s Senior Managers Regime.
The ruling has to be taken together with other challenging trends as set out in the DOJ’s Yates Memo and other source, including:
- The more onerous requirements for “cooperation” with the DOJ and other agencies;
- Increasing intolerance of data privacy arguments as a justification to withhold data despite the failure of the “safe harbour” regime.
The ruling makes clear that private messages on work devices (subject to limitations which are not altogether clear) could be accessed by businesses with justification – and therefore potentially creates an expectation that investigations will review, evaluate and report private message data within the limited timelines permitted for “cooperation”.
Overall many businesses may find more to regret in this ruling, not just employee fears of being spied upon but also adding yet more cost and complexity to financial crime monitoring and investigation requirements.