December 20, 2016
On 30 November 2016, the Grand Chamber of the European Court of Human Rights (ECtHR) heard oral arguments in Bărbulescu v. Romania. The case was referred to the Grand Chamber on 6 June 2016, after a Chamber judgment delivered on 12 January 2016. The applicant sent private communications on his workplace Yahoo Messenger account, which were monitored by his employer in accordance with company policy that no private communications were to be sent from workplace devices. The majority in the Chamber judgment held that this surveillance did not violate the applicant’s right to respect for private life under Article 8 ECHR, which immediately provoked critics to claim that privacy in the European workplace was officially dead.
Why Did the Grand Chamber Accept the Referral?
There are three likely explanations for the Grand Chamber’s acceptance of the referral. Firstly, the existing case law on surveillance of private correspondence in the workplace is not adequately tailored to the facts in Bărbulescu: in Halford v. United Kingdom, the workplace surveillance was predicated upon suspicions of criminal activity, and in Copland v. United Kingdom, the applicant had been monitored without any warning or acquiescence. Bărbulescu therefore presents a unique opportunity for the Grand Chamber to expand its jurisprudence in this field, and to articulate the scope of a person’s reasonable expectation of privacy.
In addition, in his dissent in the Chamber judgment, Judge Pinto de Albuquerque highlighted novel factual elements of Bărbulescu which had been overlooked by the majority. These included
the non-existence of an Internet surveillance policy, duly implemented and enforced by the employer, the personal and sensitive nature of the employee’s communications that were accessed by his employer, and the wide scope of disclosure of these communications during the disciplinary proceedings brought against the employee (para. 2).
Thirdly, Judge Pinto de Albuquerque also emphasised the majority’s failure to consider European Union regulations and directives which protect against the collection of private information without the explicit consent of an individual. The decision to accept the referral may therefore have been motivated by the ECtHR’s desire to address the interface between Article 8 of the ECHR and prevailing EU law on data privacy.
At the Hearing: Arguments on Behalf of the Applicant
The applicant’s counsel, Messrs. Domokos and Juverdeanu, advanced three noteworthy arguments to support their claims that the applicant’s Article 8 rights had been violated.
Firstly, they argued that the Chamber majority overlooked emerging academic consensus that internet access constitutes a fundamental human right. Such consensus should, they argued, lead to the conclusion that any employee should have an expectation of privacy of correspondence as a corollary right within Article 8.
Secondly, the counsel contended that the Chamber majority had disregarded Romania’s failure to fairly balance the competing rights and interests of the applicant and his employer. Although he was subject to an internal workplace internet policy, the applicant’s right to respect for private life and correspondence was neither extinguished nor relinquished upon entering his workplace. Furthermore, his use of his office Yahoo Messenger account for private communications was not sufficiently damaging or detrimental to his employer to justify the intrusion into his privacy.
Thirdly, the applicant’s counsel argued that Romania failed to discharge the burden of proof in establishing whether or not the applicant had acquiesced to being bound by the workplace internet policy. They further argued that the Chamber majority had misinterpreted the facts and ignored that the applicant had not consented to the policy, and had disregarded the extent to which the policy’s application curtailed the applicant’s Article 8 rights.
At the Hearing: Arguments on Behalf of the State of Romania
The Romanian agents, Ms. Brumar and Mr. Gavrila, challenged the applicant’s complaints of Article 8 violations in three strands.
Ms. Brumar commenced by challenging claims that the applicant had not consented to having his communications monitored through the workplace internet policy, pointing to a document which bore his signature. This automatically distinguishes Bărbulescu from the aforementioned cases of Halford and Copland, where the applicants were monitored without their knowledge. Unlike Mr. Bărbulescu, who had waived his right to privacy over workplace communications by signing the policy, the applicants in Halford and Copland enjoyed a reasonable expectation of privacy.
In addition, the agents challenged the applicability of Article 8 to the instant case. They argued that the applicant had misled his employer by claiming all of his communications were work-related, and thus fell outside the scope of Article 8’s protection: had the employer known that some of the messages contained highly personal information, he would have treated the communications entirely differently.
Thirdly, and most significantly, the agents queried the admissibility of the complaint by asserting that domestic remedies had not been fully exhausted. This assertion was questioned by both Judges Lemmens and Dedov after the hearing. The applicant launched parallel civil and criminal proceedings in Romania, and exhausted the domestic appeal process for the former but not the latter. Owing to the adequate safeguards surrounding data privacy in Romania’s criminal law, as well as its related remedies, the applicant’s decision to desist in the criminal proceedings amounted to a rejection of effective measures of redress available domestically. The agents further emphasised the certain margin of appreciation enjoyed by Romania in complying with its obligations under Article 8.
At the Hearing: Questions Posed by the Grand Chamber Judges and Parties’ Responses
In addition to the aforementioned question by Judge Lemmens regarding the admissibility of the complaint, the Grand Chamber judges raised four noteworthy questions.
Firstly, Judge Trajkovska sought clarification on the scope of the workplace internet policy banning the use of office hardware and software for private communications. When she asked about the extent to which deviations from this policy were tolerated, counsel for the applicant merely emphasised the brief nature of the communications, and the fact that none of them had ever been initiated by the applicant.
Further, Judge Potoski identified three conceptual levels of surveillance to which an employer could subject an employee: first, the detection of flows (the duration of instant messaging conversations, the amount of data thereby consumed, the dates and times of messages); second, the interception of communications without accessing their content, and; third, the interception and subsequent viewing of communications. He asked the Romanian agents which of these levels applied to the applicant’s messages, who responded that workplace surveillance of the applicant only began after abnormally high levels of data usage were observed by his employer without a corresponding increase in efficiency.
In addition, Judge Nußberger questioned the way in which the applicant consented to the workplace policy, asking if there had been company-wide notification of the policy, and whether both paper and electronic versions of the policy were circulated to employees.
Finally, Judge Dedov asked whether it was Romania’s argument that, in light of the workplace internet policy, the applicant had a reasonable expectation that his right to privacy would be limited. He also enquired whether the interference, if any, by the applicant’s employer, had been necessary and proportionate. The agents responded by highlighting that the applicant had consented to having his communications monitored by signing the policy, and that any intrusions upon his privacy were proportionate and necessary in light of his employer’s legitimate interest in ensuring that workplace tasks were duly carried out by employees.
The applicant’s counsel presented this case as a valuable opportunity for the Grand Chamber to clearly demarcate the extent to which workplace surveillance of private communications is compatible with the rights found in Article 8. In light of Judge Nußberger’s question about the specific nature of the way in which the applicant consented to the workplace internet policy, and the way in which he was informed of its content, it is foreseeable that the Grand Chamber could articulate a coherent set of conditions which such workplace policies would need to abide by in order for them not to infringe individual rights to privacy. Such conditions would define the degree of information with which an individual would need to be provided before relinquishing the right to privacy over workplace communications, the contractual nature of such consent, and the requirements of necessity and proportionality in encroaching upon Article 8 rights.
A high degree of awareness of the level of privacy one enjoys is important, particularly in light of Judge Trajkovska’s question. If an individual works somewhere with a comparable internet policy, which is hardly uncommon, and this individual receives an email containing sensitive personal information from a friend or family member who is unaware of the policy, it is vital for that individual to know his or her whether privacy over the content of the message has been pre-emptively waived.
Following on from pronouncements of the death of workplace privacy, it remains to be seen whether the Grand Chamber will decide to resuscitate the right to privacy of electronic communications sent in the workplace. Given that Article 35(4) of the ECHR allows a complaint to be ruled inadmissible at any point, and the significant arguments and questions surrounding admissibility, it may well be that the Grand Chamber postpones this resuscitation for another day.
 Gaurav Mukherjee is a lawyer and LL.M. Candidate in Comparative Constitutional Law at the Central European University, Budapest.
 James Wookey is a lawyer and LL.M. Candidate in Human Rights at the Central European University, Budapest.
 Steve Peers, ‘Is Workplace Privacy Dead? Comments on the Bărbulescu Judgment’, EU Law Analysis (14 January 2016), http://eulawanalysis.blogspot.hu/2016/01/is-workplace-privacy-dead-comments-on.html.