Business mail
As an employer, do you have the right to access employees' mail? This question comes up, for example, at the time when an employee is sick and the employer needs information in that employee's mailbox. So we are talking about a business mailbox. As a result, both employees and employers argue that this is precisely why it will be allowed. Under Article 8 ECHR, however, an employee has the right to privacy, even within his business mail environment. The employer must respect this. However, this right is not absolute. But what does that mean?
Case law of the ECHR
The European Court of Human Rights (ECHR) confirmed in a ruling that the right to privacy also applies at work. (Application 61496/08; Bărbulescu v. Romania)
Workers do not abandon their right to privacy and data protection every morning at the doors of the workplace. New technologies make prying into the employee's private life both easier for the employer and harder for the employee to detect, the risk being aggravated by the connatural inequality of the employment relationship. A human-rights centred approach to Internet usage in the workplace warrants a transparent internal regulatory framework, a consistent implementation policy and a proportionate enforcement strategy by employers (...)
An employer may not simply infringe on an employee's privacy rights. Any infringement must be justified by a compelling interest that outweighs employee privacy.
Justified invasion of privacy law
Thus, there are circumstances under which an infringement of this privacy right may be justified. For example, there was a Supreme Court ruling on this in 2007. It ruled that an invasion of an employee's privacy can be justified if the criteria of necessity, subsidiarity and proportionality are met. What is meant here (translated to this case regarding business mailboxes)? The invasion of privacy rights must serve a legitimate purpose and opening the mailbox is the most appropriate means to achieve that purpose. In addition, the invasion of privacy rights must be proportionate to the employer's interest and the employer has no possibility of achieving the goal in a less intrusive way.
A fourth criterion has been added to these three criteria. Employees should be aware that their e-mail messages may be viewed. This is reflected, among other things, in a ruling from 2014 by the Arnhem-Leeuwarden Court of Appeal.
(...) The employer may monitor his employee's e-mail messages only if it is or may be known to the employee that his e-mail messages may be monitored by the employer (e.g., through personnel regulations or pursuant to the employment contract), (...)
By the way, when these criteria are met, it is still not permissible to go into (and read) email messages that are clearly private.
Privacy in dismissal cases
The employer's unauthorized retrieval of mail from employee mailboxes also occurs in dismissal cases. When this happens, the judge may conclude that the employee's privacy rights have been violated. The judge may still consider this evidence in his assessment. Unlawfully obtained evidence, does not automatically entail its exclusion in civil proceedings. Thus, this evidence can lead to the termination of employment. The invasion of privacy may, however, lead to higher culpability on the part of the employer and result in higher severance pay for the employee.
Make known
Employers are increasingly using company regulations or employee handbooks that specify how employees should handle the use of the Internet and mail. More and more often I see that these stipulate that the employer can check an employee's e-mail messages. In this way it is known to the employee that the employer can check the e-mail messages. This satisfies one criterion. But then still there must be a legitimate purpose for reading the mail messages. It must also be shown that no other and less burdensome method is available.
As Analyst ICT, we cannot judge f or whether a purpose is justified. Therefore, we appeal to the board/management of the organization in question. If they approve, we record this and can then grant the request employee.
