Slashdot Mirror

← Back to Stories (view on slashdot.org)

In EU, Internet Use From Work May Be Protected

Posted by Zonk on from the just-because-they-can-see-you dept.

athloi wrote with a link to an Ars Technica article on a case involving the right to privacy on the internet. "A Welsh university employee has successfully sued the UK government in the EU court of human rights over monitoring of her personal internet use from work. According to the complaint, the woman's e-mail, phone, Internet, and fax usage were all monitored by the Deputy Principal (DP) of the college, who appears to have taken a sharp dislike to her. The woman claimed that her human rights were being abused, and pointed specifically to Article 8 of the European Convention on Human Rights, which governs private and family life." The courts agreed; despite a lack of a notion of 'privacy' in English law, the EU convention forced their hand. The ruling doesn't try to dissuade employers from monitoring employees, but does encourage them to inform employees about surveillance.

14 of 146 comments (clear)

  1. What companies don't tell you they are watching? by Realistic_Dragon · · Score: 4, Insightful

    I have never worked at a place that didn't have an AUP that wen't roughly along the lines of:

    Do anything that would get us sued and you will be fired. Don't do your job and you will be fired.

    Since the former covers porn (respect at work acts) and the latter covers goofing off all day, unless you happen to be so good at your job that you can still manage to get everything done *and* goof off, then all eventualities are covered.

    --
    Beep beep.
  2. Different society, same problem by redelm · · Score: 4, Insightful
    The Eu directives are quite stark and member nations can't easily bypass them. Or at least, not without consequences of appearing to throw out the whole union.

    In this case, the snooping would appear to be more than warrented by employee productivity or asset/network integrity. Very targetted, and unarguably an abuse of employer power. Something dreaded in the EU and prohibited by a whole host of laws.

    I would hope that even in the US this sort of inter-personal grudge nursing would be similarly identified as malfeasance. The snoopers boss ought to fire her for abuse of company assets and damage to reputation. Snooping is never free.

  3. Trolling headline by Red+Flayer · · Score: 4, Insightful
    FTA:

    Because the woman had not been warned that she might be monitored at work, she had a "reasonable expectation as to the privacy of calls made from her work telephone." Internet usage received the same protection. In 2000, the UK did pass legislation that gave businesses certain rights with which they could monitor the e-mail and phone usage of their employees, but the law had not come into force when the surveillance in question took place.

    Sure, getting people to read article/comments is important, but perhaps a little accuracy in headlines is appropriate?

    It is still quite legal for an employer in the EU to declare that its computers, phones, etc are for business use only, and that correspondence will be monitored. This does not contravene Article 8, since only *private* correspondence is protected by Article 8; use of company machines for correspondence therefore makes such correspondence not private.
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    1. Re:Trolling headline by Red+Flayer · · Score: 4, Insightful

      I wondered how many dorks were going to pick up on the fact that what she was doing isn't private given that everything she's using is the company's.
      Actually, at the time of the monitoring, the court found she did have a reasonable expectation of privacy, since then-current law and lack of disclosure of monitoring gave her no reason to believe that private correspondence was not allowed.
      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    2. Re:Trolling headline by jez9999 · · Score: 3, Interesting

      You shouldn't really need to monitor their browsing/e-mail unless they're not getting the results required. I'm a strong believe that employees should be judged on what they achieve, not how they achieve it. If they can view port 80% of the day and be acceptably productive, so be it.

      --
      == Jez ==
      Do you miss Firefox? Try Pale Moon.
  4. Re:Hmmm by HomelessInLaJolla · · Score: 4, Insightful

    The point is that, if a person in a priveleged position takes an interest (with whatever motive) in a subordinate employee, the very ability to monitor their computer usage at a near moment-by-moment screencap level is separated from aggravated stalking by nothing more than the definition of the law with respect to employer-employee relationships. Being able to spy on an employee, even if they know you are spying on them, gives the aggressor an enormous advantage should they have an interest in manipulating the target--for love, money, lu5t, political position, social control, or whatever other motive.

    I have no problem with my employer monitoring internet usage to make certain that I'm not sabotaging the business. At the same time I think there is a reasonable expectation that no one employee is monitored any more closely or hounded any more severely than any other employee. With the way AUPs and employee agreements are currently written (completely one-sided) one can be working in an environment where 4 hours of casual use/day is allowed but woe to the one employee who is targetted should they check their e-mail even once.

    Giving free reign to employers to selectively enforce a zero-tolerance policy justified by any arbitrary excuse is a recipe, an open invitation even, for abuse--to the level which would be considered aggravated stalking in any other environment.

    --
    the NPG electrode was replaced with carbon blac
  5. Why is there no policy covering this? by RESPAWN · · Score: 4, Informative

    What I don't understand is why this university doesn't have a policy to cover this sort of monitoring. Most places that I have worked have had a policy that specifically states that the employee's use of corporate communication assets can and will be monitored, and the employee has to sign stating he read this policy. Basically, it's the company's way of covering their arses. Granted, the actions supposedly took place in 1999 and I am too young to comment on the state of corporate communication policies in 1999, but I would think it would have been naieve for any business entity not to have covered themselves legally with some sort of "you might be watched" policy.

    That said, if the university didn't have such a policy, then I don't see a problem with the woman suing. Especially in light of the fact that the person monitoring her actions went so far as to call back numbers she had previously called to see who she was calling.

    Anyway, lawsuits like these are why companies today have aceptable use policies.

    --

    If Murphy's Law can go wrong, it will.

  6. This is not an EU convention by Husgaard · · Score: 3, Informative
    Just to set things straight: The European Convention on Human Rights is not an EU convention as the summary says. The European Convention on Human Rights is a lot older than the EU, and a lot of non-EU countries are bound by it.

    And in case you wonder why we have a special european human rights convention when we already have the UN Universal Declaration of Human Rights: This is similar, but goes a bit further in the areas where it was impossible to gain international concensus in the UN in 1948. For example, see article 8 in the european human rights

    Article 8 - Right to respect for private and family life1
    1. Everyone has the right to respect for his private and family life, his home and his correspondence.
    2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
    and compare this to the corresponding article in the UN human rights:

    Article 12. No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
  7. Re:What companies don't tell you they are watching by afidel · · Score: 3, Insightful

    Not only that but Slashdot is actually work related for many of us. I know I was ready for the recent ANI fix because of the article here at slashdot. The MS site didn't really have anything until after the patch was already released.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  8. Re:What companies don't tell you they are watching by Anonymous Coward · · Score: 5, Funny

    Not only that but Slashdot is actually work related for many of us. I know I was ready for the recent ANI fix because of the article here at slashdot.
    Reading slashdot for the vunerability announcements is like buying playboy for the articles.

  9. Re:What companies don't tell you they are watching by spun · · Score: 4, Funny

    Yes, but telling your boss you read slashdot for the vulnerability announcements is in no way like telling your wife you read Playboy for the articles. Your boss will probably believe you.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  10. Collective monitoring makes more sense anyway by Toe,+The · · Score: 3, Insightful

    As an IT director, I am responsible for ensuring connectivity and bandwidth for my company. As part of this job function, from time to time, I turn on "monitoring" on my firewall. This doesn't tell me who is doing what... it just tells me what sites are being hit.

    This is a great way to do statistical monitoring without intruding on one particular person's privacy. If I notice that more than a little of our traffic is going to MySpace or the porn flavor of the day, I re-send out a reminder of the AUP to all staff. (I also remind people that, with VNC, I can observe their screen directly (not that I would, except for tech support-related issues, but I want them to know that anyone in IT could)). After that, the non-work traffic dwindles to next to nil.

    Isn't that a better way of doing it all around?

    P.S. FWIW, my firewall is a ZyXel, and that behavior is the default functionality. I would have to install separate software to log what each individual is doing, and... why would I want to? The real issue (at least from an IT perspective) isn't who is abusing company resources... only that the abuse stop.

    --
    Government of, by, and for ALL the people.

    1. Re:Collective monitoring makes more sense anyway by scottv67 · · Score: 3, Interesting

      There are so many annoying restrictions at work, that a few people I know just take their own laptops.

      And if you bring your own laptop, how do you access resources on the corporate network? Please tell me that you're not connecting your network cable to your laptop while your wifi connection is enabled.

      Every time that Internet usage monitoring comes up on Slashdot, all the k00l kidz post their solutions for getting around tools like Websense and restrictive firewall policies on outbound traffic. As fun as "pulling one over on The Man" can be, violating the AUP is grounds for termination. Complain all you want about being fired but at the end of the day, you'll still be unemployed.

      To head-off the "Oh yeah, I'm tool l33t to work at a square company with draconian fw admins like that dude!" comments, please know that we can't afford to have people like you on the payroll. Your methods of skirting URL filtering and/or firewall policies will get the organization sued, get us into the newspaper or both. We can't afford to have that happen.

      I've been there and seen it happen. Once your organization is in the newspaper for something unsavory, that kind of damage to the credibility of the organization is hard to repair. The old saying goes "There's no such thing as bad publicity." Well, there *is* bad publicity and it can be quite costly.

  11. Re:What companies don't tell you they are watching by acidosmosis · · Score: 3, Interesting

    I'm one of those ;-). Although corporate is starting to filter out message boards and sites of that nature. In most of those cases all I have do is hit "continue" to view the site anyway.

    I work in IT as a Network Administrator and most of the time I am able to fix what goes wrong in five to 10 minutes while in charge of rougly 200 computers, five server rooms, application servers, support about 160 employees...a lot of the free time I have I spend reading articles online (mainly RSS feeds).