EU Companies Can Monitor Employees' Private Conversations While At Work

An anonymous reader writes: A recent ruling of the European Court of Human Rights has granted EU companies the right to monitor and log private conversations that employees have at work while using the employer's devices. The ruling came after a Romanian was fired for using Yahoo Messenger back in 2007, while at work, to have private conversations with his girlfriend. He argued that his employer was breaking his right for privacy and correspondence. Both Romanian and European courts disagreed.

It's your company's equipment

If you want to argue with your girlfriend, use your own cellphone. Jesus.

Re:It's your company's equipment

[greenfruitsalad]

warning: may seem sexist but it's my experience

in my experience, it was always the women who used company email for private communication. as a former admin of such things, it annoyed the hell out of me. whenever a new employee took over an old mailbox (with a new name alias), they had to (for years) deal with stupid emails about - Mindy's wedding, Georgina's ugly baby, meet me for coffee beautiful, my period is late, etc. i never understood why they did it. they were always told to keep their mailboxes in a condition that would allow other people to use them in their absence, yet without exception, they treated their mailboxes like personal property and cursed me to hell for letting other people access their emails. i hated that job. people... what a bunch of bastards.

Re:It's your company's equipment

[tnk1]

Shouldn't changing the alias to the mailbox have kept anyone from the previous user from being able to reach that inbox? Or were your employees stupid enough to give out their email to their friends as "support@evil.org"?

Re:It's your company's equipment

Interesting. And would you feel the same way about someone who was fired for having AIDS because they were talking with their doctor on the only phone available to them, the one in the office?

Re:It's your company's equipment

That's not quite the same as using a completely separate service on the same physical device... that's a bit more invasive, not a matter of logical administrative and organisational decisions... is it reasonable to require access to all private services an employee ever uses on company owned devices?

Re:It's your company's equipment

[Carewolf]

If you want to argue with your girlfriend, use your own cellphone. Jesus.

Funny enough. Contrary to the misreported article. Using company email and telephone for private affairs is legal in most EU countries, and the company is NOT allowed to intercept or snoop on it in any way. But apparently not in Romania, and the non-EU human rights court does not think it needs to override Romanian law on the issue.

Re:It's your company's equipment

They wouldn't be fired for having AIDS. They would have been fired for using company equipment. Not being able to use a phone for medical reasons means the employer is a cunt OR there is a real security reason why you have to be cut off from the outside world whilst as work.

In the 80s and 90s being fired for having AIDS was an issue; but I really hope it isn't now.

Good luck with the living with the AIDS.

Re: It's your company's equipment

In my experience it's been us guys that send jokes through company email. Maybe it's just because I'm not as chummy with all the girls.

Re:It's your company's equipment

Why do you alias boxes to new names instead of just giving the new names their own boxes and retiring the old names?

Re:It's your company's equipment

[luis_a_espinal]

Why do you alias boxes to new names instead of just giving the new names their own boxes and retiring the old names?

Exactly my thoughts. I'm like WTF does what the OP describes?

Re:It's your company's equipment

[ultranova]

they were always told to keep their mailboxes in a condition that would allow other people to use them in their absence, yet without exception, they treated their mailboxes like personal property and cursed me to hell for letting other people access their emails.

So make everyone's "personal" work mailbox visible to everyone in the same team. Don't be subtle about it, make them show up as folders in the mail client. In other words, make public spaces public, not private-ish.

This could be integrated into - or be a primitive form of - the "workplace social networks" which are apparently becoming fashionable.

i hated that job. people... what a bunch of bastards.

Inability to accurately balance short-term convenience against distant future or rare events is a well known and near universal human cognitive shortcoming. A policy that fails to take it into account is irrational because it's not going to achieve its goal. The solution is to debug the policy, not get angry at the wetware running it.

Re:It's your company's equipment

[luis_a_espinal]

Interesting. And would you feel the same way about someone who was fired for having AIDS because they were talking with their doctor on the only phone available to them, the one in the office?

Well, that's kind of a ridiculous argument, a non-sequitur. Employers by and large do not care if you use office equipment to do a call to your wife or doctor, or to do online banking during your lunch break at your cubicle. They care when people continuously abuse it - constantly chatting with your girlfriend, or for watching pr0n, or using the printer constantly to print brochures for your on-the-side job.

Things like that. That is what both rulings are about. But hey, feel free to believe your slippery-slope hypothetical of one person not having a cell phone and having to use the one and only office phone for a life-n-death event intercepted by the mythical pointy-haired chupacabra boss actually applies to this case.

Re:It's your company's equipment

Shouldn't changing the alias to the mailbox have kept anyone from the previous user from being able to reach that inbox? Or were your employees stupid enough to give out their email to their friends as "support@evil.org"?

you need to keep the old mailbox alias so that people that were communicating with the old mailbox owner will not find his e-mail bouncing back just because the person left and the person who replaces it and does the exact same job isn't on everyone's mailing list...

Re:It's your company's equipment

Sorry, but most of your post is sheer idiocy. I won't tell you my company is perfect, far from it. Your email address should be based off of your name and a number. E.g. novau1, or novau2, etc. When someone gets your message/mail, it will identify your exact name. If you quit, then there will be a novau3, if your replacement is named Ultranova. If your company does not do this, then that piece of their email policy is fucking pathetic.

Re:It's your company's equipment

[greenfruitsalad]

because logic. if email bounces and potential customer has to take additional steps to reach us, they are likely to open up a browser and research alternatives.

instead, email will reach us anyway (old aliases are still in place) and a new person will respond and introduce her/himself as their new account manager.

Re: It's your company's equipment

[greenfruitsalad]

that escalated quickly

Re:It's your company's equipment

[greenfruitsalad]

isn't it obvious? (in case it isn't, see above)

Re:It's your company's equipment

Why doesn't the organization just use job function specific alias so that when an employee leaves, the personal address can be deleted?

Personally, I've never used a company email address unless I'm covering my ass or dealing with vendors. Internal email with my coworkers I always handle via personal address to personal address.

Re:It's your company's equipment

And then when your customer sends a query to novau2 and it bounces because novau2 retired, they go find a different supplier.

Re:It's your company's equipment

Yeah, the headline sets you up for outrage and then you actually read the summary and think "Oh, he was having a personal conversation on the phone his employer owns and has lent to him? Yes, of course he's in the wrong."

The thing your employer owns that they are letting you borrow is for work. Use your own thing for your own stuff (or at least get explicit confirmation from the employer that they don't mind you using their thing for your stuff).

Re:It's your company's equipment

[GrumpySteen]

In the 80s and 90s being fired for having AIDS was an issue; but I really hope it isn't now.

Let me crush those hopes for you.

Re:It's your company's equipment

It's easy. Customers never reply to support@evil.org because invariably the people who receive those mails will respond with sally@evil.org right off the bat, thus defeating the purpose. (And hence, the problem.)

Re:It's your company's equipment

[tnk1]

That does make sense from a support perspective. Although, I'd probably slap an autoresponder on that mailbox that this person is no longer there and to contact support@evil.org. Maybe to ensure continuity of service, I'd manually monitor the mailbox for a few weeks and then delete it. You don't want to be responding to mails sent to sally@evil.org forever, even if they are proper support mails.

However, the person did say that they changed (not added) an alias to the mailbox, so I simply presumed that they only had one alias to the mailbox which led to the original question. Its not really that important, I was just curious about how that was happening.

Re:It's your company's equipment

[mjwx]

warning: may seem sexist but it's my experience

in my experience, it was always the women who used company email for private communication. as a former admin of such things, it annoyed the hell out of me. whenever a new employee took over an old mailbox (with a new name alias), they had to (for years) deal with stupid emails about - Mindy's wedding, Georgina's ugly baby, meet me for coffee beautiful, my period is late, etc. i never understood why they did it. they were always told to keep their mailboxes in a condition that would allow other people to use them in their absence, yet without exception, they treated their mailboxes like personal property and cursed me to hell for letting other people access their emails. i hated that job. people... what a bunch of bastards.

Its not sexist because I've seen the same thing with mailboxes owned by men who dont care. Emails from lads mags, alerts from carsales, pics of some minging celebrity (OK, I'm pretty sure this kind of bollocks is unisex), sporting scores, betting sites, lotteries, so on and so forth.

Vain, vapid and idiotic men are just as annoying as vain, vapid, idiotic women.

Some people just dont get that when you use your companies services (phone, email and what not) there is no expectation to privacy. I'd go as far to say as conversations you have in the office or at client sites on company time have no expectation to privacy.

Re:It's your company's equipment

[CAPSLOCK2000]

[quote] Some people just dont get that when you use your companies services (phone, email and what not) there is no expectation to privacy. [/quote] That may be true in the US but not in Europe. In Europe employee's do have a legally recognized expectation of privacy. You shouldn't expect as much privacy as in your own home but there is some privacy nevertheless. There is always some expectation of privacy. I'm sure everybody expects privacy when visiting the loo, even at work. There are borders, it's just a matter of where you draw the line. I expect privacy when I'm working in my office with the door closed and I expect my boss to knock before entering.

Re:It's your company's equipment

[KGIII]

Yes. You use work equipment for work. You use your equipment for non-work. This is not complicated. If you do it on an employers system then can (and probably will) know this. The options are many. I dealt with it by simply giving unfettered access to the web, locked down systems (security), least permissions, and didn't give a shit unless there was an issue that popped up. Then again, by the grace of FSM, I didn't hire idiots.

Re:It's your company's equipment

[KGIII]

In the 1990s I was paying programmers (very specific subset) well in the 6 figure range. At that same time, my copy room cost more than a single programmer - not counting our separate plotter room. We used rented/managed/supplied/maintained services (fuck Xerox). We also needed to publish high quality material.

I don't think I ever fired anyone (ever) but I did get a few to turn in their resignations. I'd have been right pissed if someone was hiding their using the copy room to do their own projects. On the other hand, if they'd come to me and asked, I'd have helped them. If it was huge, I'd have asked them to chip in and buy the next month's coffee and Friday "snacks" (which included copious amounts of beer for after 4:00 (read - lunch at noon))

I'd have been pissed if they were hiding it. I'd have been fine if they told me. Fortunately, I'm not always an asshole. They were well aware of my policies. It was, literally, never an issue. I don't think people realize how much that shit costs. A small booklet's five dollars or so in ink and specialty paper. If it's glued then it's a little less expensive. If it's stapled it's more expensive. With foldouts and things? Heh... The equipment rental was probably about 200k per year and double that for repairs and cleaning contract, a quarter of that for paper, half that for toner. Yeah, that doesn't even *tough* the plotter room.

Well Duh!

[thechemic]

9 years later, we have a court ruling on common sense.

Re:Well Duh!

[Nutria]

Europeans are slow like that... LOL

Re:Well Duh!

Drinking coffee often increases productivity. People use the caffeine to stay alert and focused.

Re:Well Duh!

[killkillkill]

If they liked the guy's work they wouldn't have fired him. It was probably only a contributing factor and a convenient reason to put on the HR form.

Re:Well Duh!

[alex67500]

Probably just an excuse to fire a worker that wasn't doing his job...

Re:Well Duh!

[I'm+New+Around+Here]

You can't even be bothered to read the submission above?

The court case wasn't if he was fired for "wasting time", it was whether the company has the right to monitor what happens on their own computer systems.

As for how much time he wasted, for all you know he spent half the day talking to his girlfriend. I doubt it was simply a quick 5-minute chat during a mid-morning break.

Re:Well Duh!

[phishybongwaters]

Because you agreed to an acceptable use policy when using that companies equipment and services, this includes but is not limited to, your workstation and NETWORK. Sorry, you already agreed to whatever terms they decide to implement. You don't watch porn on your work machine and network, do you? You don't pirate software on your companies computer do you? Why? Because it's morally objectionable, or more to the point, because you know it's wrong and an improper use of the equipment and services. The only person complaining about this is the person wanting to get paid to sext and snapchat.

Re:Well Duh!

It is the company's business to monitor company's resources. Your use of company's resources to conduct personal work is your stupidity.

At my workplace, we have WebSense to ensure compliance on what employees are (not) allowed to go on the Internet. Monitoring what they visit is a side effect.

Re:Well Duh!

[Tukz]

How is it common sense that it's allowed to record and log a private conversation without prior consent?
Even call centers have to let you know you are being recorded, why can an employer do it without consent?

Company equipment or not, I don't think it's ok to record my conversation without my consent or knowledge.

If it's in my contract, fine. I signed that and it's now with my consent.

If my employer doesn't want me to use the equipment for private conversations, let me know or fire me.
Don't just violate my rights.

Court or not, this is unacceptable in my opinion.

Re:Well Duh!

[kelemvor4]

Nonsense.

Don't like my work? Fire me.

If I get the work done, it's none of your business whether I am wasting time chatting with my girlfriend or drinking coffee or smoking. Why is it okay to fire people for the former but not for the latter? I don't drink coffee or smoke, and every day I watch people waste almost a full hour doing the latter.

If you use company equipment to chat with your girlfriend, it is the companies' business. Didn't you read the summary?

That said, you're right. If what you say is true, you should be fired. Save them the trouble and quit.

Re:Well Duh!

[kelemvor4]

How is it common sense that it's allowed to record and log a private conversation without prior consent? Even call centers have to let you know you are being recorded, why can an employer do it without consent?

Company equipment or not, I don't think it's ok to record my conversation without my consent or knowledge.

If it's in my contract, fine. I signed that and it's now with my consent.

If my employer doesn't want me to use the equipment for private conversations, let me know or fire me. Don't just violate my rights.

Court or not, this is unacceptable in my opinion.

The call center isn't notifying their employee that the conversation is being monitored. That's a given. They're notifying the "customer" on the other end of the line that the conversation is being monitored. It's not forced on you, you can find another job where you are not provided computers and telephones. Then you won't have to worry about it. For example, if you get a job digging ditches, they probably won't be monitoring your shovel.

Re:Well Duh!

[prunus.avium]

It's about expectation of privacy.

Let's take the equipment out of the equation and make it a face-to-face conversation. If you are in a public place like a store, or restaurant, or a company's office, there is no "expectation of privacy" since you are in a location that other people can access and any conversation could be overheard or recorded. This is why the police can record conversations that happen in the street but need a warrant to plant a bug or tap your phone line.

Re:Well Duh!

[Tukz]

I would find another job if I found out my employer logged my private conversation without my knowledge.

If you are going to record and log all my activities, include it on my contract.
I'll happily sign it, I understand the reason behind.

But don't do it without my knowledge or consent.
That's a violation of my right, in my opinion.

Re:Well Duh!

[jaseuk]

And it wasn't that either..

It was more like, we "accidentally" found out some information about an employee, can we use it in a disciplinary. - Answer yes.
It sounds like some chat logs or similar were saved on the work PC and came up in an investigation, seems fair enough.

This isn't the mega ruling it seems.

Jason.

Re:Well Duh!

[tnk1]

Three things.

First, internal networks are managed by your company and their network admins. The network admins will inspect traffic to ensure that the network is working properly and there are no attacks or other bad behavior going on which reduces the usefulness of their network resources. You have zero expectation of privacy over a corporate network because there is no way that they can afford to give you any. If the network admins are trying to do their jobs and you have a "private" conversation on their equipment, then they could get in trouble for accidentally coming across your "private conversation" if that was not allowable. That's ridiculous.

Second, having these sorts of conversations over company networks opens the company to intrusion by law enforcement and other groups who may decide to force your company into supporting their investigation, thus tying up valuable administrator time in fetching logs and other fun hassles. Did your employee threaten his girlfriend which resulted in abuse complaints?

Third, and more directly job related. In certain jobs, no one cares what you do, as long as you get your tasks done in a certain amount of time.

However, what if I had an employee who told me that he absolutely could not do two tasks because those tasks just took way too much time to do, so he could only do one? Then what happens when I discover he spends four hours a day chatting and arguing with his girlfriend? And what if I discovered he was not only not doing his job, but being an asshole to his girlfriend? Sure, I don't get to make decisions on his personal life, but if he's a) not doing his work and b) an asshole to boot, then I don't care to have this person work for me. He's irresponsible and an asshole. And he clearly has no boundaries.

Trust me, I know people have personal conversations at work. I have as well, although I have strongly encouraged my friends and family to not call me to make chit chat at work. However, there has to be a limit, and there are jobs where your time at work is actually money. Keep it to a minimum and keep it on your personal devices.

Re:Well Duh!

You're not completely right. The court decided whether it is a violation of basic human rights that the company monitored the communication, it could still very well be disallowed by another law. This particular court does not have any other mandate than to decide if something violates human rights or not

Re:Well Duh!

[Teun]

Such a factor was when asked he lied about it.

Re:Well Duh!

[jandersen]

Company equipment or not, I don't think it's ok to record my conversation without my consent or knowledge.

Privacy is something you have a right to in your own home, really. Not that I necessarily agree, but that's he way it is - the employers argument is that you are not only using their resources to do it, but any communications can, in principle, be traced back to the company, so in the extreme case the company could end up somehow being associated with something they do not agree with. A bit like using company letterhead for your private letters. No, I don't like it either.

Re:Well Duh!

they probably won't be monitoring your shovel.

Are you kidding me? Not only do they monitor my shovel, but they make me change the batteries!

Re:Well Duh!

[Tukz]

I agree with you on a fundamental level, but then include it in the work contract.
"Your activity on company equipment MAY be logged and recorded ....".

Done, bases covered.

I object against the non-consensual part of it.

Re:Well Duh!

[Tukz]

Replying to myself, after discovering some key information:

From TFA: "The ruling also said that, from now onwards, companies should also explain and notify employees if they monitor and log all their Internet activities, and they should also get consent from the employee in writing."

So they can't do it without consent, which was my initial concern.

Alright then :)

Re:Well Duh!

[gstoddart]

How is it common sense that it's allowed to record and log a private conversation without prior consent?

If you want private, use your own device. Do it from home. Or use encryption they can't bypass.

But I haven't seen a company in years which didn't say "we can and will monitor what happens on OUR equipment, and if you don't like it TOO BAD".

It has been upheld in a lot of places already that when you use your employer's equipment, you play by their rules.

Re:Well Duh!

[Tukz]

"prior consent" is the key thing here.
And I've already discovered that the ruling included that.
Prior consent is required from now on.

So entire thing is moot.

Re:Well Duh!

It's not forced on you, you can find another job where you are not provided computers and telephones. Then you won't have to worry about it. For example, if you get a job digging ditches, they probably won't be monitoring your shovel.

They could track your work car using GPS to see if it happens to be parked at the pub or at home during work hours. It's not without reason. I know of a case where a plumber went on vacation and his boss used his car in his absence. The fuel economy got much better and when it got bad when the employee returned. The boss then spied on him and learned that when he was to refuel the car, he called his wife, who showed up with their private diesel car and then he filled both and billed it as refueling the company car only. When confronted, he signed something saying he would quit and repay everything as refusing would make the boss call the police.

Bus drivers are monitored with GPS (at least some). The union went bananas when it was introduced, but after a while it turned out that in 9 out of 10 complains about the bus leaving early, the GPS could verify the bus to be on time and the complains were rejected, hence causing no problems for the drivers. Suddenly the union wasn't as negative about GPS. One has to wonder why people complain about a bus being on time.

We are being monitored on the job, like it or not. It's a sad fact of life that quite a number of people will look at cat videos, social media, poker and so on instead of working if they knew that they could not be caught doing so. Companies would go broke if everybody does that, hence they need to do something to prevent it.

Re:Well Duh!

[tnk1]

I believe it should absolutely be spelled out, if only because as a boss, I don't hire people to fire them, I want them to be successful so all of us are successful. That is more than enough reason to spell it out.

However, I just think that making the company bear the burden by default isn't really fair. There's too many ways to get sued out there and a company is a much juicer target than just about any private individual. I also have a low tolerance for people who aren't making the effort to be aware of their surroundings and or who lack boundaries, so perhaps that is showing through as well.

Re:Well Duh!

[thegarbz]

How is it common sense that it's allowed to record and log a private conversation without prior consent?

Company equipment on company time for company business it stands to reason that it is being recorded. In case you didn't know your internet access is logged too.

Even call centers have to let you know you are being recorded, why can an employer do it without consent?

When you get called by a call centre or call one, it's not your personal equipment doing the monitoring. You aren't borrowing someone else's equipment doing stuff for them on their time.

Re:Well Duh!

At my workplace, we have WebSense to ensure compliance on what employees are (not) allowed to go on the Internet. Monitoring what they visit is a side effect.

WebSense and other filtering proxies are fun.
I am working as consultant. Sometimes I have a problem at client network and I am sending from our company network link to description what it could be and how to check/solve it. Funny situation even admins cannot check the link because it is classified at web proxy as blog/personal site. :-)

Mental exercise - explain author of those stupid rules that ftp://mirrors.playboy.com is legit, business related site. It is.

Re:Well Duh!

How is it common sense that it's allowed to record and log a private conversation without prior consent?

You gave your consent by accepting work and signing that you read and accept work policies.
Changes in policies or new policies usually have clause if you do not accept (contact HR dept and fill resignation forms).
Use your own equipment for private purposes, and do not get cheated and do not BYOD. Company does not have hooks in your devices, you are not using their devices for private purposes. Electronics is cheap. I have 3 private phones for different activities. And I am helping 3 letter institutions too - less billings to analyze for them. :-P

Re:Well Duh!

[jabuzz]

The case in question from which the ruling refers to, the employer used a "work" account for personal messages. Anyone who thinks they would have any right to privacy in that case is a moron.

See the following for a case summary in fairly easy to read English.

http://us6.campaign-archive2.c...

Basics are use my work account for personal correspondence and your employer is entitled to look at anything and everything in that work account. If you want your correspondence to be private then use a private account don't use a work account.

Re:Well Duh!

If they liked the guy's work they wouldn't have fired him. It was probably only a contributing factor and a convenient reason to put on the HR form.

That might be the case, but the onus should be on the company to prove the individual was a bad worker without compromising their privacy. You don't have to snoop on someone's communication to prove whether he delivered a project on time.

Re:Well Duh!

[ultranova]

If it's in my contract, fine. I signed that and it's now with my consent.

You sign the contract or you live on the streets. That kind of "consent" is utterly worthless. That's why it was the Human Rights court which decided the issue.

Re:Well Duh!

[Rinikusu]

I've worked at several companies that provided equipment and I always had to sign a document stating that 1) it's not my equipment 2) the equipment is not to be used for non-work purposes (although in practice, everyone checks their gmail, facebook, etc on it), and i"m sure there's a disclaimer that there's no expectation of privacy using their equipment and that you should use your own for anything you deem sensitive. I think that's fair; it *is* their equipment. But with BYOD becoming more prevalent, I can see this becoming hairy.

Re:Well Duh!

Read the court ruling.
The employee agreed with a code of conduct which stated:

“It is strictly forbidden to disturb order and discipline within the company’s premises and especially ... to use computers, photocopiers, telephones, telex and fax machines for personal purposes.”

The employee did use company equipment, during company time while getting paid for personal use and when confronted even lied about it.

Europe has very strict laws regarding to privacy. The company launched an internal investigation into this employee according to all applicable laws. If you are rightfully being investigated for misuse/misconduct, your privacy is always invaded.

Re:Well Duh!

[suutar]

actually, while emphasis is one thing that can be interpreted as, it seems valid to interpret it as "I'm going to use the term customer to indicate one use case but it doesn't have to be a customer, but I just don't feel like using 'person' instead".

Re:Well Duh!

[bluefoxlucid]

That would be a wildly incorrect usage of quotes. Instead, you would use the appositive particle, "e.g.".

Re:Well Duh!

[suutar]

True, but it's a different wildly incorrect usage of quotes :) Quotes for emphasis are a pet peeve of mine, but this didn't trip my breaker and I'm just explaining why :)

Re:Well Duh!

[mjwx]

If they liked the guy's work they wouldn't have fired him. It was probably only a contributing factor and a convenient reason to put on the HR form.

This.

Anyone who thinks it's impossible to fire someone in the EU (or Australia) is living in LaLa land.

If a company wants to dismiss you for any reason (I.E. pissing off the boss or just trying to downsize without redundancy) all they have to do is start putting you under the microscope. Even if they cant pin something on you, they'll just give you new tasks with difficult to impossible deadlines and each missed deadline becomes a written warning. Three warnings and it's out the door. We call this process "being managed out". Smart people get new jobs before getting managed out as a middle finger to their bosses.

I've been managed out before and pretty much got a new job straight away (and a better paying job) and to be honest, that month I spent between handing in my notice and leaving was the best time I've ever had working. I literally did nothing. If I wanted a sleep-in, I rocked up somewhere around 10am, 2 hour lunches, pretty much spending the entire work day browsing the internet. My manager didn't care as he knew the company wanted me gone (they were trimming the workforce before a merger) and they had gotten what they wanted.

In retrospect, it was a good thing. It was a shitty job with shitty pay and the one I went to had more opportunities and was a lot more prestigious. I understand that after the merger, the company was in court with Fair Work Australia over problems before the merger. I wasn't a part of that though.

Monitor

[Thanshin]

Is it enough to RTFA to discover whether he was fired for the having non work related conversations during work or for the actual content of those conversations?

Because I see some difference between monitoring the activity and monitoring the content.

Re:Monitor

[I'm+New+Around+Here]

I just read the first link above, and it seems to be just the activity itself, not specifically any "inappropriate" content such as phone-sex.

But it also didn't say how much of the workday he spent talking to his girlfriend. I would assume it was quite a bit, since he went out of his way to avoid the employer's messenger account, and used his own which he figured was safe from monitoring. If it was simply a message here and there, why fire him? It was probably dozens of messages all day long.

Re:Monitor

[jandersen]

If it was simply a message here and there, why fire him? It was probably dozens of messages all day long.

OTOH, if it was because of his performance, they would not have to refer to his use of company resources as an issue; to me, it smells more of him expressing some views or intents that were sufficiently alarming to warrant firing him. In Europe - at least where I have worked - an employer can't just fire you on a whim; unless there are very serious, disciplinary problems, you have to go through a procedure where you essentially try to rectify the problems, and only if that fails can you fire the employee.

Re:Monitor

[pijokela]

I don't know about Romania, but at least here in Finland, you cannot really fire a single employee for bad performance. If the guy cannot do his job at all, then maybe, but just for being the bottom of the barrel is not cause for firing. On the other hand, if the company does not need the employees work any more, they can fire him, but then they cannot immediate hire someone else to do it.

All this means is that when a company wants someone to leave, they 1) sometimes offer money if you resign or 2) try to find something actionable, like being at work drunk.

Re:Monitor

[AmiMoJo]

He was using a company provided email account to discuss his STDs with his girlfriend. The company policy was not to use the company email account for personal business, and it was in his contract. They asked him if he was using it for private use, he said no, they checked and found he was so fired him. He complained that it was an intrusion on his right to privacy (which is a human right in the EU), but the court felt that as it was a company computer and email account he couldn't expect privacy.

It's all down to the use of his employer's property.

Re:Monitor

[jabuzz]

He was fired for using a work related account that should have been used exclusively for work related activities for personal communication. He was fired because the firm felt he should not be using a company account for private messages.

He tried to argue that the company should not have been looking at the contents of a work account, and the ECHR has ruled that argument is nonsense.

Oh and by the way the ECHR has *NOTHING WHATSOEVER* to do with the EU. I see Slashdot editors are as bad as the Daily Mail.

Time?

I have no problem with some using work equipment for talking to his girlfriend, but if your employer shows a 45-page report of your conversations I think they were trying to say "get off Yahoo Messenger and do some work dammit!" It depends on the time you waste IMHO

Re:Time?

[Nutria]

There's no indication that this was a single conversation. It might have been 40,

Wait...

[EmeraldBot]

Before everybody gets in a big huff, this applies only to devices the employer owns and lets employees use, not personal devices employees bring to work. The title here is slanted and a little misleading...

Re:Wait...

[cfalcon]

"No personal electronics beyond this point"

I mean, it's not a common thing or anything, but it is a bit frustrating. In the US they've long handled this with a click through screen that says you give consent to monitoring blah blah.

Re:Wait...

[EzInKy]

That too was addressed in the ruling. From TFA:

"The ruling also said that, from now onwards, companies should also explain and notify employees if they monitor and log all their Internet activities, and they should also get consent from the employee in writing."

Re:Wait...

It's common sense. If you are using your employer's network even with your own device, it's monitored and you should have no expectation of privacy. If you have difficulty understanding why businesses monitor their own network, then you may have limited career growth.

Re:Wait...

[phishybongwaters]

Well you could, and I do, argue this extends to the network, so if you are on your personal device but using THEIR network, the ruling still applies. That said, I really doubt this gives them the right to break encryption or demand the keys. It's not the content of the discussion really, it's about the wasted time they got paid for.

Re:Wait...

Yep, and a lot has happened in the mobile arena since 2007. Mobile phones got much cheaper and much smarter.

Re:Wait...

[pla]

Before everybody gets in a big huff, this applies only to devices the employer owns and lets employees use, not personal devices employees bring to work.

My employer has given me a phone, a laptop, a tablet, and a VPN router, all of which I need to care for and feed regularly, outside of normal business hours and (usually) in my own home.

Does it seem reasonable that I need to maintain duplicates of those devices for personal use? And if I pick up the "wrong" iPad while still at home and in private, accidentally visit "www.voteberniesanders2016.com" with it (political preference does not count as a protected class in the US), does it seem reasonable that my employer not only monitor that but could potentially fire me for it?

Before everybody goes all Johnny-Law-And-Order in favor of our corporate masters, keep in mind that the line between "devices the employer owns" and "BYOD" (bought at a discount through my employer's group plan, BTW) has become increasingly blurry, and will continue to blur further.

Re:Wait...

[cdrudge]

Does it seem reasonable that I need to maintain duplicates of those devices for personal use?

Yes, if you want complete privacy in your activities from company oversight.

Re:Wait...

[Triklyn]

i'd say yes, to all, if you're doing something that you don't want others to see, then onus is on you to do it on your own device.

if it is their's then they can do whatever the hell they want with it. If it's yours same thing. in the case of BYOD, depends on who actually owns it, you cede certain considerations and rights when you opt in to a discount in my mind.

the phone, laptop and vpn router, are you caring for these things outside of normal business hours to do business-related activities? or for personal use.

i'm quite sure nobody would be upset with you if you wait until the normal business hours to go about trouble-shooting your business provided devices.

Re:Wait...

[houghi]

Indeed. He used the messenger that was only for business use. He signed for that and used it for personal use.

In a Belgian Newspaper it also was stated that control is possible, but must be reasonable AND people should be warned before AND it should be a clear and transparent policy.

This means still no 100% big brother, but a perfectly humane 'I warned you and made it clear and you disobeyed' thing.

Iyt comes down to 'Do not use company material if they forbid you to do so.' kind of thing. To be honest, this works two ways. Some companies have asked me my phone number and I always told them no. If they need me to be available, they must give me one and pay for the time.

Obviously this varies from company to company and this was to HR. I always gave my number to my N+1 with the explanation that this is given as a private number and not a work number.

Fun fact: I am typing this on company time on a company PC during working hours with my N+1 looking and not caring. So as always YMMV.

It will even depend on job, department and what not.

Re:Wait...

[Teun]

Indeed, companies need to have a written policy that has been read, agreed on and signed for by the employee.
Up north here in The Netherlands that policy has to be vetted and agreed upon by the Works Council and any time the employer has reason to snoop on the covered means of communication he has to inform (not consult!) the Works Council.

In this particular case there was a company policy, the Yahoo Messenger account was set up specifically for client contact and the employee lied when asked if he used it for private conversations.

So yes, in the EU an employer can monitor but only on his equipment and his accounts and after warning the employee this might happen.
This includes things like setting up hidden and publicly visible cameras.

And then there is this other typical European rule, like so many things this invasion of privacy has to be proportional, blanket monitoring is not automatically allowed, there has to be a good reason.

That, and with contractual agreement not to use th

[demon+driver]

The information presented here is, indeed, grossly miseading. There is no such thing as an employer's right to monitor private communications in the EU; on the contrary, at leastmin some European countries, like, say, Germany, illegitimately monitoring an employee's private communocation may actually land someone in jail.

Don't be an idiot.

[penguinoid]

Don't use your company's email or other stuff for personal business. It's unprofessional, and you might get your personal communications subpoenaed should your company be involved in a court case.

Re:Don't be an idiot.

More sane employers will have the "Not for personal use" with the caveat of "except for limited tasks such as coordinating appointments, checking in on family, etc". The issue at hand here is the court confirming that an employee's right to privacy doesn't extend to work when using the employer's equipment for uses expressly prohibited.

Re:Don't be an idiot.

more sane employee's use a personal email account for personal business. I mean you can get any number of accounts for free. just use a gmail account why would you ever use your work email. even if you assume that work is never monitored or they don't care if you ever leave the company there goes your email account.

Re:Alan Rickman Dies at 69

[greenfruitsalad]

what was his favourite IDE?

Alan Rickman Dies at 69

http://www.hollywoodreporter.c...

Welcome to 1990

This was settled long ago in the US. Do your private stuff with your own communication equipment, preferably off company premises.

Duuuuupe!

Come on, timothy. Wake up!

Inaccurate reporting

1. This has nothing to do with the EU.

2. Whether or not your employer can monitor your activity depends upon national laws. The ECHR ruling simply states that Romanian law (or rather, this specific application of it) doesn't violate the convention.

Re:That, and with contractual agreement not to use

[Antique+Geekmeister]

Most international and US domestic employees include clauses in the employee contract that explicitly permit company monitoring of content on work owned or devices, including work owned telephones and networks. There is effectively no "private communication" on your corporate laptop or machines you use for work.

Misreported

[CAPSLOCK2000]

All reports miss an important part.
Nobody went out to look at this guys private messages. During the course of an investigation into his performance at work some private messages were discovered. He argued that this alone was a violation of his privacy. The judge decided that the employer did the right thing. The employer was not intentionally looking for private messages and he did not read them when he discovered they were of a private nature.

This is not a cart-blanche to spy on employee's.

Re:Misreported

Your UID so low, yet you keep reading TFA. WHAT'S WRONG WITH YOU

Re: Misreported

Even more, according a Dutch professor labour law [http://tweakers.net/nieuws/107314/nuance-mag-een-werkgever-priveberichten-van-werknemers-lezen.html] who studied the ruling, this case is not even marginally interesting as the offender used a corporate business channel on Yahoo Messenger to send private messages. Obviously (duh) the employer is allowed to monitor the business chanel.This ruling does not at all limit the right to privacy when using corporate equipment.

Re:That, and with contractual agreement not to use

[I'm+New+Around+Here]

The information presented here is, indeed, grossly miseading. There is no such thing as an employer's right to monitor private communications in the EU; ....

Can you clarify if you mean companies cannot monitor computer and phone usage on their own systems?

Re:That, and with contractual agreement not to use

[EmeraldBot]

The information presented here is, indeed, grossly miseading. There is no such thing as an employer's right to monitor private communications in the EU; on the contrary, at leastmin some European countries, like, say, Germany, illegitimately monitoring an employee's private communocation may actually land someone in jail.

We do, but not on company equipment: The upper court of Berlin and Brandenburg ruled on that, and so did the one in Hamm.

Misleading headline

[Kilobug]

As some already reported, this is a highly misleading headlines.

1. It's not EU, but ECHR, so much wider (it includes non-EU countries such as Russia or Turkey).

2. The ECHR sets a minimal amount of human rights protection, not a maximal one - ECHR saying "we don't have any objection about it" doesn't mean it's legal in all ECHR countries, national government can pass higher levels of protection if they want.

3. The ruling itself doesn't say "it's all fine to spy on employees in general", it said that in that specific case it's fine - it was a work mail account (not a private one), ...

I advise you to read http://modulus.isonomia.net/la... for example, that gives a more detailed analysis on the ruling and reporting of it.

Re:Misleading headline

[cloud.pt]

Amazing legal jurisdiction insight. I actually read this on a Guardian article, and I'm appalled they had no mention on this whatsoever. News papers today.

Re:That, and with contractual agreement not to use

IANAL - they can monitor for diagnostic purposes only. That means they can log the websites you visit (e.g. datetime, URL), but certainly not the content. They can log message traffic (from/to/date/time/size/...) but certainly not message content.

I can only agree that most media, including slashdot, is bringing this story completely wrong. As far as I understood: there is no general right to monitor private communications, not even on corporate equipment. There are exceptions which allow employers to do logging of what could be private communications.

Re:That, and with contractual agreement not to use

[gsnedders]

In short, the court found that the right to privacy (in the European Convention of Human Rights) is not breached by a law that permits companies monitoring communications from their equipment. This means that the Romanian law (that permits such monitoring) complies with the treaty. The German law (which, AIUI, forbids such monitoring) obviously complies with the treaty because it doesn't permit others to read personal correspondence.

Encryption?

Does this give employers the right to perform MitM attacks if the employees use what they think are encrypted links? Slippery slope if your employer is a service provider and owns various public network backbones...

Re:That, and with contractual agreement not to use

[lars_stefan_axelsson]

Most international and US domestic employees include clauses in the employee contract that explicitly permit company monitoring of content on work owned or devices, including work owned telephones and networks. There is effectively no "private communication" on your corporate laptop or machines you use for work.

And in much of Europe the employer would be breaking the law (wiretapping) if they did such monitoring. Ownership of the "thing" the employee is using isn't the issue here. I've worn plenty of work clothes owned by the company, does that mean that the company can ask me to strip? Or perhaps a better analogue, ask me to empty my pockets? Since, after all it's company owned equipment and I can expect any privacy as to the content of my pockets?

I, and fortunately the lawmakers where I live and work, think not.

haha

monitoring an employee's private communocation may actually land someone in jail.

Pure fantasy (what are you, twelve?)

Reality(tm) goes something like this:

Dear Wage Slave,

The purpose of the laws is to control YOU, not to embarrass your owners.

Now get back to work!

Signed,

The Boss.

Ok, Revers It On Them

[JimSadler]

Buy one share of company stock, and bug the management and record all of their conversations and emails. After all, you are an owner of the company and have the right to know what goes on with executives, management and other owners. Let the courts play with why one group has more rights than an owner who also happens to be an employee.

Privacy on company owned assets

[nehumanuscrede]

Dunno about your company, but mine is pretty adamant about letting you know that "The use of this computer system and / or network is subject to monitoring at all times" and that, by utilizing it, you consent to such monitoring. It's pretty much the gist of the login banner every morning. It's also present in every single device I log into throughout the day.

If you want to talk to your $person via IM, do it with your own device. Don't use company assets to do it with. Even if you get clever and encrypt the messages, they won't find it amusing and will probably just fire you. Corporate security doesn't like to come across emails and / or messages they can't read.

Wow

Can they? What is this magic?

Slow Courts

[Etherwalk]

Europeans are slow like that... LOL

Slow courts are not a uniquely European phenomenon.

Re:That, and with contractual agreement not to use

[Carewolf]

Most international and US domestic employees include clauses in the employee contract that explicitly permit company monitoring of content on work owned or devices, including work owned telephones and networks. There is effectively no "private communication" on your corporate laptop or machines you use for work.

And those clauses would in invalid in Germany and many other countries and any company trying to enforce it would be commiting crimes.

Cameras and mics

[HalAtWork]

Such as a closed circuit camera mic? If the employer owns it and an employee gets close, technically they're using it, could be useful for your next employee review especially if they search for key words, facial expressions, body positions, and watch the highlights

Re:That, and with contractual agreement not to use

Most international and US domestic employees include clauses in the employee contract that explicitly permit company monitoring of content on work owned or devices, including work owned telephones and networks. There is effectively no "private communication" on your corporate laptop or machines you use for work.

And those clauses would in invalid in Germany and many other countries and any company trying to enforce it would be commiting crimes.

... unfortunately. Why is "work resources = work-related matters" so unreasonable?

Re:That, and with contractual agreement not to use

So there are no anti-spam solutions or web application firewalls in Germany?

My anecdotal evidence.

[Kartu]

I work for 2 companies. (hired by one, doing projects for another)
One has recently changed the policy and has explicitly forbidden using emails for private needs.
But it can't just go and monitor my emails, what can happen at most is that if employee isn't available (say, ill) yet someone needs to urgently take over hist duties, mailbox could be used by the other person.

There are some funny rules too, it is prohibited to watch porn using your company notebook even if not working/at home. (afraid of viruses?)

This kind of "seeing previous guys emails" thing wasn't possible before, isn't possible now at the other company.

Neither of the two companies is allowed to monitor what employees are doing at work (e.g. watching what's going on on your screen) if management would dare to try to change it, trade unions would start one hell of a shit storm.

Re:That, and with contractual agreement not to use

[Carewolf]

Most international and US domestic employees include clauses in the employee contract that explicitly permit company monitoring of content on work owned or devices, including work owned telephones and networks. There is effectively no "private communication" on your corporate laptop or machines you use for work.

And those clauses would in invalid in Germany and many other countries and any company trying to enforce it would be commiting crimes.

... unfortunately. Why is "work resources = work-related matters" so unreasonable?

Because we are not slaves?

OK, no unpaid overtime, then.

In the UK it was estimated that businesses in the EU lost 3Bn a year due to costs of private use of internet connections at work. However, 4 months earlier, a report showed that businesses in the EU saved 30Bn a year due to unpaid overtime (where they may have to phone up their GF and say "I'm going to be working late today").

So, yes, it's your systems, mr employer. However, it's my life. Hire 10% more people rather than demand I make up for your crap time management.

Reported differently elsewhere

[gnasher719]

In other places, the whole case was reported substantially different. First it must be said that a company will have the right to find out whether the phone calls you make at work are for business or private, but not to find out the contents of the private messages. On the other hand it should be obvious that a company can examine your work related phone calls.

It seems the company was unhappy with his performance and noticed that he made a lot of phone calls during work time. They asked him about it, and he claimed that these phone calls were all work related and not private. So they had the right to examine these calls, because they were all work related (so he said).

When they were done, he was confronted with 48 pages of transcripts of calls in eight days, all private, and was fired. That was 48 pages. That's a lot of time spent not working.

This is not the Europe you are lookig for

[manu0601]

The title is wrong, both in the original article and in Slashdot summary.

The European Court of Human Rights (ECHR) is not a European Union (EU) institution. It stems from the Council of Europe (CoE), a much larger organization that includes 47 states. A lot of them are not part of EU, such as Russia for instance

Re:That, and with contractual agreement not to use

[Antique+Geekmeister]

> And in much of Europe the employer would be breaking the law (wiretapping) if they did such monitoring.

There was a fairly clear recent EU case about just this sort of use of work resources for private communications.

        http://www.telegraph.co.uk/tec...

Quoting the article:

        But on Tuesday the court ruled that it was not "unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours"

I'm afraid that EU privacy laws and practices are widely misunderstood. They are not absolute, and they certainly do not protect employees from workplace monitoring of workpace resources.

Depends on local legislation

We've recently had a case where an employee caused a manufacturing line to shut down for a few hours because he was downloading malware - along with tons of porn. Our legal team decided it is unclear, under EU and local law, to terminate him based on improper use of hardware, and it wasn't clear if we were able to monitor what he was doing with the PC, and whether it was during breaks or working hours. Long story short, he was terminated for a trivial infraction.

Needless to say, a contract between employee and employer can never void any laws stipulated by local legislation. Which, in case of at least some European countries, still favors individual privacy protection over corporate greed. Good for us.

Re:That, and with contractual agreement not to use

[lars_stefan_axelsson]

I'm afraid that EU privacy laws and practices are widely misunderstood.

No argument there. Quoting from your own citation:

"The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate."

Tom De Cordier, a lawyer at CMS DeBacker in Brussels, said the court had taken a "very liberal stance".

He said: "Much of the courtâ(TM)s decision seems to be based on the fact that the employee had claimed that the relevant communications were of a professional nature."

The case in question was one where the company had accessed communications in the belief that they were not private, as the culprit claimed they weren't. The court, when challenged, then said that that was not unreasonable (as I assume most would agree), as that it was reasonable to then take that information into account (which is dodgier but I'll let it slide for now). But as you're taught in the corporate world here in Sweden if you clearly mark something as "private" (say a folder on your networked storage account), the company is in deep doo-doo if they access it. Same as with mail. If it's adressed with my name above, the company name (and adress below), then you'd formally be breaking the law if you opened it and weren't the named person. Doesn't matter one iota if the company has clearly stated that you can't use company resources to send or receive mail. Oh, they can bitch and moan, but they can't open letters that aren't adressed to them, that's a clear violation of the law (and there are cases to prove it).

This case is one where the company reasonably didn't understand that the communication was of a private nature. If they had tried to e.g. listen in on phone calls without that being completely clear beforehand they would be in a completely different situation.

Now, exactly where the line is drawn when it comes to network monitoring, no-one knows, as there aren't many, or even any, cases yet. But that fact alone points to the corporations knowing that they're in a weak position. They always use something else, such as non-performance of duties, when it comes to the court.