It will as useful as EU's cookie law. Every employee on joining any company will be notified that corporate emails are monitored, similar to 'CCTV in operation' signs. It will be another checkbox on the contract.
"Under the General Data Protection Regulation (GDPR), the requirements for valid consent have been made much stricter. Consent must be freely-given, specific, informed and revocable. The GDPR expressly states that, where there is an imbalance of power between the party giving consent and the party receiving it, consent will not be valid. In the employment context, it has long been acknowledged that there is such an imbalance between employer and employee. This means that it will be very difficult indeed for employers to rely on consent to process employees’ personal data under the GDPR."
Mind you that the GDPR is EU law, whereas the judgement here is an ECHR ruling, and these are separate institutions. All EU countries are in the ECHR, but not vice-versa.
One must also keep in mind that the treaty about the European Convention on Human Rights in itself is very weak so ECtHR rulings can easily be ignored in practice. The EU with its very similar fundamental rights framework strong arms it in some way so EU members have a very hard time to ignore such rulings. So while the ECtHR is not an EU institution and has broader coverage it's rulings mostly come to full effect inside the EU and maybe countries closely tied the the EU.
This is true, although it does vary from country to country, as beyond being EU members, some have entrenched it in their legal systems. The UK, for example, requires its judges to, so far as possible, interpret laws so as to be compliant with the ECHR, though they can't directly strike them down. The UK also allows human rights claims to be taken to UK courts first, rather than having to go to Strasbourg straight away.
Exactly. Actually suing someone for a human rights violation is very, very hard. It's expensive and the court can (and often does) just refuse to take cases.
This probably means the end of Europeans commenting on web forums, then. Can't imagine Hacker News, open source mailing lists, or any random guy with a phpBB/VBulletin interest group forum is going to appoint a compliance officer and fork over millions of dollars for consulting and legal services to become compliant.
Most random guys with vBulletins probably aren’t compliant with some internet law or another anyway. Quite simply, there is no reason for the EU to care.
Not really. It all depends under what reason you have decided you are collecting the data in the first place in your Data Protection Impact Assessment (e.g your lawful basis). Consent is only one of them. Consent is problematic because it can be withdrawn.
No. It is not how law works: An employer “cannot reduce private social life in the workplace to zero. Respect for private life and for the privacy of correspondence continues to exist, even if these may be restricted in so far as necessary,” the ECHR grand chamber judgment said.*
"as necessary" is the important part. In fact, it is bad for a company to have a clause that says "we own all your email". Such a clause is invalid and it will be invalidated in court. A more reasonable and justified clause in the contract will hold in court.
do they have to allow you access to the internet across the company's network? I can understand their not having access to my personal email but any mail using their address is not mine
Yeah, I find it impossible to believe that the person in question could have avoided being fired by NOT messaging his family using his employer's email/IM. They simply would have found another way to get rid him.
Except in the most comically draconian workplaces does anyone _really_ care if an employee sends an email to his wife using a work email address (eg, "Forgot phone, do you want me to pick up pizza on the way home, honey?").
Aren't these rules just conveniences for HR departments so they can get rid of someone using the nearest available broken-rule that can be documented?
> what kind of company would fire me for "Alright love, you want a pizza..."
Virtually no company would do it just for that.
Many companies use those kind of rules, however, to fire people that are already in their cross-hairs. If a server logs the message, and employee handbooks says, "personal email blah, blah, blah"... it is pretty cut-and-dried from an HR-drone point of view and much easier than firing someone for the things they _really_ did.
The case in question was 10 years ago in Romania, which was only just becoming an EU member that year. I have no idea what sort of laws applied at that time in that country.
But generally, employment in most european countries is not as tenuous as you suggest. You need valid reasons to get rid of someone, and usually you need to give the employee fair warning and a reasonable opportunity to improve or correct the issue that led to the warning. Nobody gets fired for sending a single email even if it's in violation of a clear company policy.
If it's about groceries it is harmless, but what if you share a joke with a friend, or comment a current event? Depending on where you work, your email may be very likely to being investigated and your all mailbox to be made public in court, taken out of context, etc. So best practice is keep personal stuff for your personal email and keep your professional stuff for your pro email and also keep it boring.
I'm not sure if these still exist but Iran (reportedly) had "halal" brothels at one point. They would marry the "couple," do the deed, then divorce. The cookie law was like that.
Legislators started with a real world goal, protecting users privacy from certain violations. They looked through their legal lens to determine the specific rights bein violated.
But, the fix never left the legal realm. The lawyers got to work making sure that users rights are not violated, but without actually giving them any more privacy. Somehow, this absurd interpretation of "informed consent" held water.
Six or seven years ago, South Park made fun of Apple's 47 page terms, updated meticulously. Today, we probably "sign" a thousand pages of pseudo-contracts per week. The cookie law normalized it. Regulators of regulated industries demand more of it.
This is so absurd! The legal profession (including legislators & regulators) just go on with their method of keeping society free of prostitution by making sure everyone gets married and divorced at the correct time.
Yes that's correct, any right that you can waive essentially does not exist in a capitalist economic system -- if you can waive it, the poor will inevitably be forced to waive it. However it's encouraging when compared to the situation in the US. It's definitely better that people know than not know.
In my experience, employee contracts are negotiable in practice. I negotiated limiting or removing 'non-compete' clauses several times in different companies. If email checks were important for me (they're not) I would negotiate this term as well.
I've gotten non-disparagement clauses removed from a company with a legal team. If you're going to work for a company and they aren't willing to negotiate when things are the best between you two, you're likely not going to enjoy working there.
In some European countries the union does this kind of negotiating in a sector/framework agreement, which can make pushing back against those kinds of blanket terms more effective, at least to the extent of reducing how broad the rights waivers are.
Having enough clout to negotiate that stuff away isn't universal. I suspect you could also have walked away from a job with terms you didn't like. Many people can't do that without risking financial ruin.
The cookie law didn't kill cookies but it did inform people about them. It's responsibility for bring the discussion about tracking and cookies into popular discourse was greater than zero. This law and the new checkbox may have a similar affect.
I don't see this as having been particularly effective, though. It just made a slew of websites add an annoying pop-up or info bar to their site that says "we use cookies", and the reason given is usually one of a few boilerplate, content-free reasons like "to improve your experience". It's just an annoyance to have to click through, and doesn't provide much in the way of useful information anyway.
Completely agree, despite the implementation of it being somewhat of a joke I believe it brought some needed awareness about the spread of user tracking or at least it existence to non-tech people.
Yes, it informed me about them to the extent that I've installed a uBlock list to specifically avoid being informed about them. I don't even live in the EU...
I disagree. Firstly, it will set a precedent for personal privacy over pure business interests and, secondly, CCTV can monitor physical locations where privacy is not to be expected but your private communications cannot be made public without your consent on a case by case basis.
I'm quite convinced that you cannot sign away your legal rights on an employment contract and even if you were coerced to do so, the contract becomes illegal by definition. I'm not a lawyer though.
> Although it does not generally prohibit such monitoring, it sets high thresholds for its justification
The article doesn't give details as to which thresholds the ruling sets, though.
I guess they might be an improvement over Romanian law for example, but below French law (and probably other EU countries as well) where what is sent or received on nominative work email addresses is private communication and can not be monitored.
The evidence so far doesn't agree. In many EU countries the rules have been stricter than this for a long time, and this routine hasn't widely happened in the countries I know about.
In order for a company to be allowed to monitor, they would need to pass some kind of audit, they would need to prove that they don’t store, for example, sensitive personal data, etc.
> Why should an employee have the right to store sensitive personal data on my computer.
Because your employees are human beings and not machines. They have a life, they have needs, etc.
> Are you suggesting a framework where I could be prosecuted for running "cat /var/log/mail" on my own computer?
Yes. That's exactly it. The court ruled that employees have an expectation of privacy, even that can be limited by the company when there are reasons to do so. When you give an employee a computer, it is the company property but it's the employee's computer.
People have rights, even while working for an employer. They are employees, they are not slaves.
> > Why should an employee have the right to store sensitive personal data on my computer.
> Because your employees are human beings and not machines. They have a life, they have needs, etc.
They are free to satisfy those needs when not at work. We already have things like lunch breaks and rest break; surely we could have communications breaks were it that important.
> When you give an employee a computer, it is the company property but it's the employee's computer.
Which is nonsense. I cannot comprehend the sort of mindset which believes that an employee must (not may: must) be permitted to use his employer's equipment for personal ends. Must a machinist be permitted to make gears for his car at the factory? Must a soldier be permitted to take his mortar home? Must a racecar driver be permitted to borrow his car for groceries?
I think it's eminently fine from a business perspective to permit incidental use of equipment (although even incidental use of IT resources does expose the firm to malware vectors it would otherwise not encounter). I can even understand others who choose to take advantage of their employers' personal-use permissions. But I personally would never be comfortable doing anything personal on a system I myself don't control.
Among other things, that's why I don't want a laptop running Windows 10 or macOS.
The corporation has no inherent right to protection. It has no inherent right to exist as a legal entity.
For most of human history they have not been a thing. They were created by society by law as a means to an end, and in doing so we gave corporations a bunch of rights that restrict our rights, by allowing corporations to e.g. continue to hold on to legal rights pasts the death of the person running it for example, and giving them special tax treatment.
As such, these corporations exists at our leisure. It's up to us to set the terms, as If you don't like those terms you're free to not set up a corporation, and instead rely on e.g. doing business as a sole trader and see how much fun that is.
The entitlement when people think that a corporation should be free to treat people however they like is astounding - society made them possible and created them, and we can shut them down if we deem they don't benefit society sufficiently.
So when society says there is an expectation of privacy of communication at work: Tough. It's our right to determine the rules for what a corporation must accept in order to be allowed to exist.
(and yes, we can go to far an mess up our economies in the process, so that we can do it does not mean that we always should do it, but in this case I fully agree with the court)
are corporations the only entities which employ people in europe, besides the governments? can pierre not just rent a building and start employing some people himself? do these rules not effect pierre, in his capacity as an employer?
While it is true that is possible to directly employ people most places, it is extremely uncommon as it creates personal liabilities that a company would shield you from. So while it theoretically could affect your hypothetical pierre, in practice that's an extreme outlier.
Of course not, and it's a bit disingenuous to suggest that's what the parent believes.
It's pretty far fetched to suggest that an employer has a legitimate business purpose in collecting cookies for their employees' personal accounts that they happen to access on their work computer.
However, I think it's pretty easy to make the case that there's a legit business purpose in monitoring employee email (that is, email sent or received through an employer-issued email address), or at least in having access to it.
I can assure you that you won't have access to Gmail, or any other messaging service, when you work for a financial institutions.
The reason being that all official bank communications need to be stored and there are strict regulatory requirements that mandate that.
That does not mean that they have the right to read your email (at least in most European countries). Exceptions apply if dodgy dealings are suspected, but that's quite restricted and limited.
In any case and even with a relatively lenient internet policy any service, which can be used to exchange messages will be blocked by a bank.
> Are you suggesting a framework where I could be prosecuted for running "cat /var/log/mail" on my own computer?
That is already now illegal in some (most?) European countries. For example, in Finland employer can never read the contents of employee emails, and even reading email metadata such as recipient requires prior notifications both to users and the data protection ombudsman.
Some societies did not let the digitalization to erode the basic rights.
> in Finland employer can never read the contents of employee emails, and even reading email metadata such as recipient requires prior notifications both to users and the data protection ombudsman
That seems.... insane. (thought about changing that, but really, the above seems so disconnected from reality that perhaps it is an appropriate term)
(at 9AM)
"Hey Bob, my email's not going through. Can you check the logs for errors?"
"Sure George, just let me send a notification to all employees and the data protection ombudsman that I'll be accessing the mail logs at 2PM so there's enough time for any objections first."
"....Never mind, I'll just print it out and fax it."
edit: Thinking about it, these days it's just as likely to end up with "I'll share it via cloud storage and just text a link."
more edit: Also, do those restrictions apply to entities subject to audit and investigation? I'm thinking financial industry, etc. where records and audit logs may have to be kept for years but I'm sure there are all sorts of regulated industries I'm not factoring in.
I was referring to the company (the employer), not the employee. From the article: ”The company had presented him with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use.“
The judgement highlights the balancing of "respect for his private life, on the one hand, and his employer’s right to take measures in order to ensure the smooth running of the company, on the other".
While it is fair to expect that one "follows the rules", breach should not imply that your private life is something that the employer can do with what they wish, Especially, as the court decision notes, when the risks (e.g. damage and liability) are theoretical.
Occasionally my wife will send me an email to my work address, because she thinks I may see it quicker. Does this use of company resources mean that the contents of the email can be used by the company, or is there an expectation that it is still private?
It seems that the judgement is less about the monitoring and notification thereof, but whether or not you have an expectation for private things to remain private at work.
> Occasionally my wife will send me an email to my work address, because she thinks I may see it quicker. Does this use of company resources mean that the contents of the email can be used by the company, or is there an expectation that it is still private?
I think that any expectation of privacy when using work resources to communicate is unreasonable — IOW, I believe it's illogical to expect that the company will not be aware of the fact that one has communicated.
The question of whether the company may use the contents of such messages for its own purposes is a bit trickier, and I can see arguments in either direction. The best course of action is don't use an employer's resources for private purposes; then one cannot go astray.
It's important to note that a lot of these privacy rules from a time when mobile phones and computers were not common. As such, pretty much the only way to contact an employee inside a workplace (for medical, personal, family, etc.) reasons was via company owned equipment. If your wife had to tell you she has cancer, she HAD to use the company equipment. As such, the stance was that it's resonable that workers can expect privacy even when phoning their family between breaks with company hardware. This is important to prevent employers abusing this information to gain leverage over workers (and if I recall, even in USA certain information is protected).
And this is STILL the case in many industries - you're not allowed to carry your phone with you on a factory floor, so when something important happens, your personal communication MUST go through company owned equipment. In those cases, ensuring that employers don't needlessly invade employee privacy is rather reasonable.
Remember, most of the world's workers aren't rockstar developers sitting in an office with their phones in the pocket.
> I think that any expectation of privacy when using work resources to communicate is unreasonable
I assume this must be depend on the society, as I have a very strong expectation in the contrary. I already mentioned this in another thread; here the employer may never read e-mail contents, and reading metadata requires very specific legal steps to be taken.
A spam filter is usually a computer program. As far as I know, they are never employers. If your company's "spam filter" tells your employer what your sexual orientation is, whether you or your wife are picking the kids up from school, or when you're looking for a new job, I suggest you stop calling it a "spam filter" and start looking for a better job.
It is like saying because Google mail goes through the text of the mail to guess whether a message is spam, it no longer matters that they don't use the contents of the message for targeted ads. This is clearly not true assuming Google keeps the spam training data and the ad serving days separate. Am I missing something?
They aren't equivalent. But they are both examples of processing data about a person. The GDPR doesn't say anything about advertising vs. security and network management purposes.
Is it useful to compare a similar situation in the analog world? If the email addressed to you@yourcompany.com was a letter addressed to your company, attn: you what would the expectations of privacy be? Are the 2 situations even legally comparable?
> ...whether or not you have an expectation for private things to remain private at work
Or to frame that question another way, if you have an expectation of privacy when you have taken no steps to ensure it and other privacy-protecting options abound. To extend your example, your wife could simply email your work address to say "you've got mail".
Everything about this is fine and dandy, but I don't understand why anyone would use their work email for personal use. An email address isn't a difficult to obtain resource. Anyone can make a hundred email addresses and use all of them for different things.
I guess the guy just never thought of it as an issue even if he was being monitored until it became an issue. I don't know.
I'd go further, I think I might disagree with the ruling. When you write under my.name@company.com, you are representing the company to some degree. Things you write are things the company could be called to answer for, if not in the court of law then certainly in that of public opinion. I think the company has an implicit right to know what gets written under those email addresses.
(This is different from, say, browsing the Internet from a work computer, in which case I don't think the company has any non-security reasons to monitor which pages you visit.)
One exception is can see is answering private emails - if my wife or a friend writes to my work address, I can't see any problem with replying from that same address, and it would feel a little silly to require employees to copy-paste the email to a different account.
I don't know if that was the reason this Romanian employee was fired. And now that I think about it, firing an employee over this offence seems comically draconian to me, which makes me wonder if:
a) the employer wanted to fire the guy for unrelated but hard-to-prove reasons, and the personal emails were a convenient and easily documented excuse
and/or
b) the Court aren't actually worried about the right to personal privacy in your work email account, but they are very worried about potentially handing employers a convenient way to fire an employee at any time for the IT equivalent of jaywalking, even years after the fact
If it's (b) I would consider the Court's decision very wise.
edit: just read the PDF linked below. This part stood out to me:
> On 13 July 2007 Mr Bărbulescu was summoned by his employer to give an explanation. He was
informed that his Yahoo Messenger communications had been monitored and that there was
evidence that he had used the internet for personal purposes. Mr Bărbulescu replied in writing that he had only used the service for professional purposes. He was then presented with a transcript of 45 pages of his communications from 5 to 12 July 2007 [..] On 1 August 2007 the employer terminated Mr Bărbulescu’s employment contract for breach of the company’s internal regulations that prohibited the use of company resources for personal purposes.
All potential of abuse aside - If I were an employer, and an employee brazenly lied to my face like that, I would consider it a strong reason for firing him even if the matter at hand were wholly trivial.
> One exception is can see is answering private emails - if my wife or a friend writes to my work address, I can't see any problem with replying from that same address, and it would feel a little silly to require employees to copy-paste the email to a different account.
From the excerpts of the verdict I've read, this is pretty much what they're saying. That is, employers should exercise some discretion when they start reading employee's emails and shouldn't do so on a whim. Seems pretty reasonable to me.
if i send a private letter with a return address of my office, i am not representing the company, even though the company name appears on the envelope. An email domain is no different than a street address.
I'm not sure. The return address is printed on the back of an envelope, whereas the sender's email address is prominently displayed at the top of everything you send.
It's a subtle difference, but IMO a relevant one. I think it's closer to writing a letter on the company's stationery, letterhead and all. Particulary since, in my experience, company email accounts normally add a signature with company's contact information and the sender's position in it.
I'm finding them harder and harder to obtain privately. I wanted a free throw away email address recently, so I tried a few of the big names - yahoo, hotmail, outlook, gmail. I couldn't see a way to sign up for any one of these without giving out an existing email address to them. If I wanted something unconnected to anything else, I had no way to do that. I'm not sure how someone getting on the internet for the first time would do it with any free service. I'm not opposed to paying for an email account, but it does create a barrier to entry.
The number one reason I've seen is for things that need visibility during the work day. For example, if my girlfriend needs to email me something I need to take action on during the work day, she knows to email my work email. Same with people who are doing time sensitive things for me (e.g. my realtor during a recent home purchase). Sure, I could start monitoring my personal email just as closely as my work email, but it's preferable for me (and probably preferable for my company) that I use my work email for work & time sensitive personal items, and use my personal email only outside of work for non-time sensitive personal matters.
Hmmm... I am pretty pro-privacy, but I am unsure that an employee's corporate email account should qualify, particularly given that anything said by it could be construed as a statement by the company itself. If the employee was not notified email monitoring could happen when they were hired, I suppose that's a problem, but I almost feel like that should even be common sense.
The article suggests more employees are using their work email for personal purposes, and that is really the problem, I think. Particularly because it places your personal data inside your employer's control, and your employer can terminate that account at any time. It would be much more preferred if you connect your personal account to your work devices as well, so that you still have a clearly denoted personal/corporate firewall in your communications, but can still access both from work.
I don't think employers which heavily monitor their employee's corporate email are... good employers, persay, but I'd question any suggestion they shouldn't have the right to.
IT seems the employer needs to tell you if they spy/monitor your emails and this should extend if they spy on your screen or activity. If the worker is informed all should be fine then,it seems a very logical solution.
Edit I used the wrong email address in the past by mistake, it can happen if you have a few email addresses setup in Thunderbird and similar, after I done the mistake I made sure to double check the email address I used(I worked remote from my own PC).
The other aspect I see here is that the ability to get into a former employee's email account may be important for business continuity. Employee dies or leaves suddenly? They may have access to online accounts or information in their email that didn't quite make it onto the corporate wiki or that no one else had access to (although a good company would minimize that). Important to be able to get in there and just get stuff done.
On the other hand - just the other day I was looking at "Blind" (because it got advertized on my Instagram feed) that claims to be a "private"-ish social network for employees of a company to share information. Many of the reviews claim there are ulterior motives, etc. but the chief complaint seems to be that it requires verification through work email, and obviously that's begging for your employer to find out about your involvement in these back channels. Online employer verification that doesn't give yourself away, and isn't as easy to spoof as LinkedIn? That seems like a hard problem to solve...
Not being able to read dead employee's emails seems like a really tiny inconvenience (especially since there are so many ways an employee can effectively delete mails that you're doing something catastrophically wrong if your business continuity is dependant upon a mail account access) in comparison of constant monitoring of peoples private communication.
And "we may need to occasionally access your account on company-run email servers" is also a really different thing in contrast with "constant monitoring of peoples private communication". I doubt any company really gets a positive ROI on constantly monitoring people's chats, so it's their loss. I think other commenters have made a sufficiently good case for your work email not being considered private communication anyway.
I mean, you're also doing something catastrophically wrong personally if your privacy is dependent on a company wanting to read company-related data on their own infrastructure but thinking, "Oh, no... a European court might frown on this..."
> given that anything said by it could be construed as a statement by the company itself.
I don't think this reasoning holds up in this case, given that it was a Yahoo! messenger account with private messages to the employee's brother and fiancee that were in question.
That aside, there are different standards in Europe, IIRC, for things like using work email and network resources for personal use. Most employers I'm aware of don't mind occasional personal use, even while at work, within reasonable parameters (e.g. browsing porn at work probably would not fly at most places, possibly even if it's only on the work network after hours). Many of us posting here now are probably posting from work. Another commenter mentioned that his wife occasionally sends him mail at his work email because she thinks it would be faster or something. All of these would probably be broadly acceptable outside of places like finance or defense contracting that heavily monitor and regulate their networks. I don't think such things are generally considered acceptable in Europe. (I am happy to be proven wrong, if anyone has firsthand knowledge, however.)
I expect my work email to be monitored, because that's how US corporations work. I would never use my work email address to sign up for anything personal and important. I've got a device in my pocket that's linked to my personal email if I want to access something like that at work, anyway.
In spite of my expectation that I'll be monitored using work accounts and on the work network, I still believe people should be told so explicitly. Not only should they be told that monitoring will occur, but they should be fully notified of what is and is not acceptable. This just seems basic to me.
The distinction is understood, but should it be necessary for employers to explicitly express that the use of company resources may be monitored?
Then again, I get the impression that I was brought up in a very different way from most people since I regularly have to explain seemingly minor details to coworkers. To explain how these seemingly petty policies are there to avoid problems that may rarely pop-up on small scales, yet are tangible costs/risks when a business has hundreds or thousands of employees.
> but should it be necessary for employers to explicitly express that the use of company resources may be monitored?
Yes. Legally, in Europe, the expectation is that communication is private, and if you want to listen in, you need to get permission. Owning and operating telecommunication equipment does not give you the right to listen to its users.
In one of my previous jobs I was specificly encouraged (during introductory employee training) to use my work email for personal stuff, as all access to private email boxes was cut off by proxy servers. I wonder how many people fell for that.
If they are blocking access to private email, it probably because of a regulatory requirement (common in finance) that they absolute must monitor and record everything going in and out. If that the case, and they didn't make that clear, then that's of course bad.
The ruling itself is at [1]. It's a long slog at approx 200 paragraphs of legalese. The conclusions were that Article 8 [2] had been violated, and that as a result some of the applicant’s legal costs should be paid (EUR 1,365) but dismissed the applicant’s claim for substantial damages (loss of earnings and social standing, fiancée terminating their relationship).
[2] Any person shall be enabled:
(a) to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;
(b) to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;
...
(d) to have a remedy if a request for confirmation or, as the case may be, communication, rectification or erasure as referred to in paragraphs b and c of this article is not complied with.”
I don't understand why this is even remotely controversial. I am as jealous a guard of my personal privacy as anyone, but I would expect my employer to be able to monitor my work-related email. The resolution is simple: conduct your personal correspondence through a separate email account that is not owned by your employer.
In fact, I keep strictly segregated work and personal email, and I run my own company!
And I expect my employer to leave all my communication unmonitored, be it e-mail, snail mail or private face-to-face discussions. Here, controversy created.
That's what the law says in Finland. Also, I personally believe the confidentiality of communication should never depend on the used medium or the ownership of the equipment used for the communication.
It's not about the ownership of the equipment, it's about whether the communications are official actions performed by an employee on behalf of the company. If they are, then the employer obviously (IMHO) has a right to know about them. And the best way to keep things from getting complicated (again IMHO) is to segregate work email (which the employer can read) from personal email (which no one but the user can read) in separate accounts.
I really don't see how any reasonable person could disagree with that.
This case is confused. The title and some of the editorial say "email" but the messages were sent via Yahoo Messenger, which isn't email.
> The company had presented him with printouts of his private messages to his brother and fiancée on Yahoo Messenger as evidence of his breach of a company ban on such personal use.
I know the distinction is a fine one, but it is still a difference.
They didn't need to produce a message, just having a non-business contact would have sufficed.
I get there is a different tradition in Europe than compared to what I'm used to and that's cool.
For me my company email is a company provided resource that they own and it belongs to them entirely. That includes their ability to monitor, read, or do most anything.
No matter what the legal protections it seems like mixing personal life with work resources / tools carries an infinite number of possible issues and complications.
While I have no desire to read an employees private correspondance, am even less desirous of paying money to store data I will get prosecuted for looking at!
It happens all the time. Say that Adam handles technical support for some of your best customers, but he's out with pneumonia, or some other serious illness. He's not going to be responding to that urgent request for help with a new API feature, so you need to assign his inbox to Brian.
Yes, if Adam had notice he was going to be out there'd be a controlled handoff, but that didn't happen, so you have to just open up his email and move onwards.
I have never in my life seen this happen. Typically we use mailing distributions where I work to avoid this issue. We also can only respond to clients using specific email addresses, like the one tied to the mailbox that multiple people have access to.
2. Get a second pair of eyes to oversee you reading the said employee's email; and
3. Locate the communication that is needed, and leave others be.
I'm not kidding in the slightest. This may be more than people in the US are used to, but I absolutely do expect my employer to follow this or similar procedure if they are to read any of my private communication.
Yay, another useless piece of information, like the "we use cookies" and "this entire building contains chemicals known to the state of California to cause cancer".
Yeah.. I can't really find anything wrong or onerous with requiring a disclosure. Everyone should know, but just in case they don't, a piece of paper explaining this during onboarding isn't a huge deal.
You yourself just said that everyone should know. Rather than creating needless paperwork for everybody they'd be better served with a public relations campaign by the government to teach people that your work email is owned by your company which means they can read and monitor it.
I'd guess it would end pretty quickly if they just stated everything you do through or on company property will be monitored as the company owns that work. While the company will often not be too concerned about the occasional personal use of their property, they aren't obligated to allow it. It gets murkier when they require access to your personal device, which I am firmly against.
Somewhere around where the slippery slope fallacy starts.
Snark aside, there's no real downside to mandating something in an employment contract that is probably already in most employment contracts anyways. This catches the stragglers.
Why don't governments produce standard draft employment contacts? They already do so for many things (e.g. buying/renting property).
Employer could ignore the standard or modify it and the employee could still amend it but it would help small companies get this sort of thing right and help with protecting both parties (which is the point of an employment contract).
In practice, lawyers will produce/modify standard contracts for extremely cheap, and as a bonus, if something goes wrong, you now have a relationship with a lawyer. If you're really cheap, in my country, you can literally go to the local book store and pick a model contract off the shelf.
I don't think this is a problem that needs solving by the Government, since these contracts are essentially a commodity and have wound up being priced as such.
