The European Union has taken a substantially different approach than the United States to employee online privacy rights. Upcoming ePrivacy regulations promise to limit employers’ ability to monitor employee electronic communications. Even prior to the issuance of these new rules, the European High Court of Human Rights recently concluded that an employer could not review during the course of an internal investigation an employee’s personal emails sent using the company server.
The case involved a Romanian employee whose email messages were uncovered by his employer without his knowledge or consent. The court concluded that the European Convention on Human Rights’ privacy guarantees prohibit such monitoring, even when the employee sends such messages on the company server during working time. While the court did not rule out all such monitoring, it held that the employer must have in place adequate procedures to safeguard privacy and to limit the review to essential business needs.
No U.S. jurisdiction has gone this far to limit companies’ ability to monitor use of their own electronic communications systems. Even where the employer does not place employees on notice of this possibility, most states have concluded that the servers are the employer’s property, giving it the right to determine how they are being used. U.S. employers with European operations should consult with local legal counsel to make sure that their policies meet evolving EU standards, even when the server is physically located in the U.S. Over time, privacy advocates may look to these European developments for inspiration in order to seek similar restrictions in the U.S.