View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 14, 2016updated 31 Aug 2016 10:11am

ECHR workplace privacy ruling: How it affects BYOD and COPE

News: Just because you can snoop, doesn't mean you should.

By Alexander Sword

A ruling this week by the European Convention on Human Rights found that it was lawful for companies to read the private communications of their workers during working hours.

The Romanian worker had been sacked by his employer in 2007 for using a work Yahoo Messenger to converse with personal contacts as well as work contacts.

However, it is worth questioning how relevant the ruling is to today’s workplace. For one thing, the employee’s sacking took place in 2007. The first model of the iPhone, widely recognised as the key device in the enterprise mobility revolution of recent years, only came out that year. The first generation of the iPad was around three years away.

Both devices were notable for blending user experience with high-level functionality that made it suitable for both work and personal use.

The point is that the unprecedented blending of work and personal lives on these devices and those like them has made employee communications inherently more private anyway.

As Ojas Rege, VP Strategy at MobileIron, says: "Mobile technology has come a long way in the last eight to 10 years, and legislation is yet to catch up."

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

As mobile devices are now an acceptable component of the tools staff use to complete their work, the ruling throws up the issue of how employers approach monitoring corporate-owned but personally enabled devices.

With bring your own device (BYOD), the boundaries are clear-cut, but what if the mobile device is issued by the company?

Rege says that "just because this monitoring is permitted does not mean companies should do it.

"We know from our Trust Gap 2015 survey that 61% of mobile workers expect and trust their employer to keep the personal information on their mobile devices private. And regardless of whether the device is owned by the company or by the individual, it will almost certainly be used for both business and personal tasks."

The negative impacts, according to Rege, go beyond the intangible issue of trust to actual productivity of workers:

"The value of mobile devices is that they increase productivity. The minute employees think that their employer is monitoring their personal activities they will stop using mobile tools and that productivity goes out the window. If they are truly focused on enabling and accelerating their businesses, CIOs must protect employee privacy as fiercely as they protect corporate data."

Rege also said that the murkiness around this issue required employees to ensure employees are properly informed.

"On top of this, privacy legislation differs from region to region," he said. "To combat this, employers need to get better at providing transparency around these legal and privacy issues."

It is also worth noting that in the UK, according to Sally Annereau, data protection analyst at Taylor Wessing, rules to allow this are already in place:

"UK law allows employers to conduct minimal and proportionate monitoring of communications sent using an employer’s electronic communications system during business hours for specified business purposes such as checking that employees are complying with internet usage policies (and subject to various safeguards).

"In certain circumstances this may also include access to the content of those communications where necessary."

Anna McCaffrey, Senior Associate in the Employment, Pensions & Mobility group at Taylor Wessing, said:

"It can equally be necessary for an employer to monitor employee mobile devices used for work purposes, where these are devices operated as part of a BYOD policy.

"Employers may have a legitimate need to monitor dual-use devices to the extent to which they can be used for work purposes over the employers network. However there must be a recognition that there will be periods where such devices will be used by employees for personal purposes.

"Employers must be clear about the purpose of any monitoring of devices and bear in mind that any monitoring must be limited and in proportion to the specific objective.

"This may mean maintaining clear Chinese walls between the personal and the work related use. The employer’s approach to monitoring in these cases should also be clear so that employees can understand what the consequences of any monitoring means for them in practice."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.