Feeds

EU court rules monitoring of employee breached human rights

UK gov coughs up £3,000 damages and costs

Choosing a cloud hosting partner with confidence

The monitoring of an employee's email, phone and internet use by a Welsh college was a breach of her human rights, the European Court of Human Rights has ruled. The UK Government must pay £3,000 damages and legal costs in the case.

Lynette Copland said her email traffic, internet activity, and telephone usage were all monitored by the deputy prinicipal of Carmarthenshire College or his staff in a manner that breached her rights to a private life as enshrined in the European Convention on Human Rights.

Copland took a case against the government that the activity breached her rights under Article 8 of the Convention, which says that "everyone has the right to respect for his private and family life, his home and his correspondence". Her case was against the government because Carmarthern College is a publicly funded body.

The government argued that monitoring, which it said was far more limited than Copland claimed, was justified in order to determine whether or not she had been excessively using college resources for personal communication.

"The court is not convinced by the government's submission that the college was authorised under its statutory powers to do 'anything necessary or expedient' for the purposes of providing higher and further education, and finds the argument unpersuasive," said the court's ruling.

The events took place in the 18 months leading up to November 1999, when Copland claims that the deputy principal of the college not only monitored her use of phone, internet and email facilities but contacted some of the people she had communicated with to ask about the nature of the communications and enquired at another campus of the college about a visit she had made there with a male director while she was on holiday.

Copland said that the monitoring was extensive and took place over a period of 18 months. The government admitted that monitoring took place but said that it lasted only a few months. It admitted that the college monitored dates and times of emails. The college had no policy in place at the time informing employees that their communications might be monitored.

"According to the court's case-law, telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of article eight," said the Court's ruling. "It follows logically that emails sent from work should be similarly protected under article eight, as should information derived from the monitoring of personal internet usage.

"The applicant in the present case had been given no warning that her calls would be liable to monitoring, therefore she had a reasonable expectation as to the privacy of calls made from her work telephone. The same expectation should apply in relation to the applicant's e-mail and internet usage," it said.

The court said the monitoring of Copland's activity was an interference with her rights, and that that interference was not "in accordance with the law" as the government had claimed, and that therefore there had been a violation of Copland's rights. The court noted that the Regulation of Investigatory Powers Act (RIPA), passed after these events in 2000, would have given a framework for the regulation of employer monitoring of communications.

"The ruling is important in that it re-inforces the need for a statutory basis for any interference with respect to private use of a telecommunications system by an employee," said Dr Chris Pounder, a privacy specialist at Pinsent Masons, the law firm behind OUT-LAW.COM. "The lawful business practice regulations [part of RIPA] allow an employer to monitor and intercept business communications, so the Court is implying that private use of a telecommunications system, assuming it is authorised via an acceptable use policy, can be protected."

Copland was awarded £3,000 in damages and £6,000 in costs.

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Business security measures using SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.