[JURIST] The European Court of Human Rights (ECHR) [official website] ruled [judgment] Tuesday that an employer may monitor an employee’s private communications when the communications are transmitted with the employer’s Internet and hardware. The applicant, Bogdan Barbulescu, was employed as an engineer in charge of sales at a private company in Romania. Barbulescu created a Yahoo Messenger account at the employer’s request to communicate with clients. Over the course of a week in July 2007, Barbulescu was informed by his employer that his communications were monitored and he had violated the company’s internal policies that forbid the use of the employer’s computer resources for personal purposes. This violation of company policy resulted in his termination in August 2007. Barbulescu challenged the termination in Romanian courts and eventually filed a challenge with the ECHR, arguing that his e-mails were protected by Article 8 of the European Convention on Human Rights [text, PDF], which provides a right to respect for private and family life. The ECHR ruled that the essential purpose of Article 8 is “to protect an individual against arbitrary interference by the public authorities.” While Barbulescu was allowed to raise an argument under Article 8, the ECHR determined that the employer acted within its disciplinary authority and the domestic authorities in Romania struck a fair balance regarding any invasion into his private life.
Online privacy has become a matter of increasing concern around the world. In October Australia’s Telecommunications (Interception and Access) Amendment (Data Retention) Act of 2015 went into effect [JURIST report]. The new data retention law requires telecommunications providers to maintain records of account holders, sources of communications, destinations of communications, date and time of communications, and types of communications sent. Earlier in October California Governor Jerry Brown signed [JURIST report] the California Electronic Communications Act (CECA) into law. CECA bars any state’s law enforcement agency or other investigative entity from requesting sensitive metadata from persons or businesses without a warrant. Also in October the European Court of Justice ruled [JURIST report] that EU user data transferred to the US by various technology companies is not sufficiently protected. In June the Belgian Privacy Commission sued Facebook for alleged violations [JURIST report] of Belgian and European privacy laws.