In EU, Internet Use From Work May Be Protected

athloi wrote with a link to an Ars Technica article on a case involving the right to privacy on the internet. "A Welsh university employee has successfully sued the UK government in the EU court of human rights over monitoring of her personal internet use from work. According to the complaint, the woman's e-mail, phone, Internet, and fax usage were all monitored by the Deputy Principal (DP) of the college, who appears to have taken a sharp dislike to her. The woman claimed that her human rights were being abused, and pointed specifically to Article 8 of the European Convention on Human Rights, which governs private and family life." The courts agreed; despite a lack of a notion of 'privacy' in English law, the EU convention forced their hand. The ruling doesn't try to dissuade employers from monitoring employees, but does encourage them to inform employees about surveillance.

What companies don't tell you they are watching?

[Realistic_Dragon]

I have never worked at a place that didn't have an AUP that wen't roughly along the lines of:

Do anything that would get us sued and you will be fired. Don't do your job and you will be fired.

Since the former covers porn (respect at work acts) and the latter covers goofing off all day, unless you happen to be so good at your job that you can still manage to get everything done *and* goof off, then all eventualities are covered.

Different society, same problem

[redelm]

The Eu directives are quite stark and member nations can't easily bypass them. Or at least, not without consequences of appearing to throw out the whole union.

In this case, the snooping would appear to be more than warrented by employee productivity or asset/network integrity. Very targetted, and unarguably an abuse of employer power. Something dreaded in the EU and prohibited by a whole host of laws.

I would hope that even in the US this sort of inter-personal grudge nursing would be similarly identified as malfeasance. The snoopers boss ought to fire her for abuse of company assets and damage to reputation. Snooping is never free.

Trolling headline

[Red Flayer]

FTA:

Because the woman had not been warned that she might be monitored at work, she had a "reasonable expectation as to the privacy of calls made from her work telephone." Internet usage received the same protection. In 2000, the UK did pass legislation that gave businesses certain rights with which they could monitor the e-mail and phone usage of their employees, but the law had not come into force when the surveillance in question took place.

Sure, getting people to read article/comments is important, but perhaps a little accuracy in headlines is appropriate?

It is still quite legal for an employer in the EU to declare that its computers, phones, etc are for business use only, and that correspondence will be monitored. This does not contravene Article 8, since only *private* correspondence is protected by Article 8; use of company machines for correspondence therefore makes such correspondence not private.

Re:What companies don't tell you they are watching

[gurps_npc]

Note, I, and many of us here, are in fact so good that we can still manage to get everything done and still goof off.

Otherwise, we would not have time to post at Slashdot during the day.

Re:Hmmm

[HomelessInLaJolla]

The point is that, if a person in a priveleged position takes an interest (with whatever motive) in a subordinate employee, the very ability to monitor their computer usage at a near moment-by-moment screencap level is separated from aggravated stalking by nothing more than the definition of the law with respect to employer-employee relationships. Being able to spy on an employee, even if they know you are spying on them, gives the aggressor an enormous advantage should they have an interest in manipulating the target--for love, money, lu5t, political position, social control, or whatever other motive.

I have no problem with my employer monitoring internet usage to make certain that I'm not sabotaging the business. At the same time I think there is a reasonable expectation that no one employee is monitored any more closely or hounded any more severely than any other employee. With the way AUPs and employee agreements are currently written (completely one-sided) one can be working in an environment where 4 hours of casual use/day is allowed but woe to the one employee who is targetted should they check their e-mail even once.

Giving free reign to employers to selectively enforce a zero-tolerance policy justified by any arbitrary excuse is a recipe, an open invitation even, for abuse--to the level which would be considered aggravated stalking in any other environment.

Privacy in the workplace?

[Anonymous Coward]

Isn't this more of a case of a woman being harassed or stalked rather than having her "privacy" invaded?

How can you have any expectation of privacy when using company resources to have your private communications? Just step out of the work place, use your private cell phone, and conduct your private business.

Re:What companies don't tell you they are watching

[afidel]

Not only that but Slashdot is actually work related for many of us. I know I was ready for the recent ANI fix because of the article here at slashdot. The MS site didn't really have anything until after the patch was already released.

Re:What companies don't tell you they are watching

[ookabooka]

I have never worked at a place that didn't have an AUP that wen't roughly along the lines of:

Do anything that would get us sued and you will be fired. Don't do your job and you will be fired.

You didn't say anything about them watching you. It's one thing for a company to make that statement, its another for them to monitor every single resource you use (without notifying you) to ensure you are complying with that statement.

Re:Hmmm

[gideon85]

The whole issue being brought forth by this posting is private rights versus public rights specifically business and job related. When you are at work what you do, say, and how you act all impact you. Without businesses being able to monitor employees they couldn't protect their rights properly and since your supposed to be a fundamentally good employee anyways you should want your business to be able to protect itself. I have worked for a huge corporation and everything I did at my workstation was monitored and stored and I was aware of this. However, it never bothered me or made me give my work a second thought because I WAS ALWAYS DOING MY JOB. The people that worry about these things are the people surfing porn 8 hours a day and getting payed for it. I do agree that monitoring of peoples home and personal use of the internet is a bit much. Just look at some things that have happened; the teacher that had nude pics posted got fired from her job (pics were posted publicly for all to see though), the man who sent his video resume and it got e-mailed all around the big law firms for a joke and he sued (this still applies because it is an issue of privacy), and finally the man who had the facebook account and got fired for some inappropriate material displayed on his account. All these acts make you question how much of you is actually judged by work? The anwser is every part of you. These people want to know what you do in your spare time, sometimes those things speak to people's character. Bottom line sum up is when your at work you should act accordingly, when at home you should still maintain some restraint for your sakes, however if someone is attempting to blackmail or "force your hand" with this information that is illegal; and you can simply take the offensive, unless you were doing something you shouldn't have in the first place.

Re:Why is there no policy covering this?

[Husgaard]

Please note that the ruling here is based on human rights. For some reason (left as an exercise to the reader), you cannot sign away your human rights.

So a "you might be watched" policy would not help here, even if signed by the employee. The European Court of Human Rights would simply throw out suct a contract as illegal.

But it might be possible to have a policy saying that the employee must not have private communications or do anything private on the employer's computers and network. This way the employer can monitor under the assumption that nothing private will be found. I would however be very surprised if such a policy could be implemented at an university.

Re:Trolling headline

[Red Flayer]

I wondered how many dorks were going to pick up on the fact that what she was doing isn't private given that everything she's using is the company's.

Actually, at the time of the monitoring, the court found she did have a reasonable expectation of privacy, since then-current law and lack of disclosure of monitoring gave her no reason to believe that private correspondence was not allowed.

Re:Trolling headline

[Anonymous Brave Guy]

It is still quite legal for an employer in the EU to declare that its computers, phones, etc are for business use only, and that correspondence will be monitored.

That's a very bold statement. Care to back it up with sources?

We should also note that there is a difference between monitoring and intercepting communications. In essence, the former is looking at things like where an e-mail going from and to or the addresses of web sites visited, while the latter involves observing the content. This ruling seems to refer only to monitoring communications.

For those who are interested in the UK, the Information Commissioner's Office publish a rather detailed Employment Practices Code [ico.gov.uk] (caution: large PDF) that gives a lot of guidance to employers on the relevant laws and guidelines. The topic of intercepting electronic communications such as phones and e-mail is covered in a fair bit of detail.

Collective monitoring makes more sense anyway

[Toe, The]

As an IT director, I am responsible for ensuring connectivity and bandwidth for my company. As part of this job function, from time to time, I turn on "monitoring" on my firewall. This doesn't tell me who is doing what... it just tells me what sites are being hit.

This is a great way to do statistical monitoring without intruding on one particular person's privacy. If I notice that more than a little of our traffic is going to MySpace or the porn flavor of the day, I re-send out a reminder of the AUP to all staff. (I also remind people that, with VNC, I can observe their screen directly (not that I would, except for tech support-related issues, but I want them to know that anyone in IT could)). After that, the non-work traffic dwindles to next to nil.

Isn't that a better way of doing it all around?

P.S. FWIW, my firewall is a ZyXel, and that behavior is the default functionality. I would have to install separate software to log what each individual is doing, and... why would I want to? The real issue (at least from an IT perspective) isn't who is abusing company resources... only that the abuse stop.

--
Government of, by, and for ALL the people. [metagovernment.org]

Re:This is not an EU convention

[arivanov]

You missed to state one more point.

The current UK government loves to wave articles of the convention at random so you cannot rely on this convention as being useable. Oh we do not like this one, that one and that one. We shall not be bound by them regardless of the fact that we have ratified it. Human rights Antonio Bliar style at your service.

Not that the Tories are any better as there was a point where they had leaving the convention as a part of their pre-election propaganda (not that this helped them with getting anywhere).

So unfortunately this convention is used in the UK where it does not really matter that much. Where it matters and where it sets the actual moral standard of what is right and what is wrong the current UK govt has roughly the level of respect to it that the talebans had to historical monuments and human rights.

Re:What companies don't tell you they are watching

[johansalk]

unless you happen to be so good at your job that you can still manage to get everything done *and* goof off, then all eventualities are covered.

Ahhh. I wish it was that easy. The matter of the fact is that everybody goofs off and then they have to stay in late to finish the work they should've done during the day, and then they don't even finish it and act all stressed out and such bullshit. You, Mr "so good at your job" on the other hand, who gets everything done and dusted on time, will get the trouble because you'll "appear" to not actually be working! You'll soon hear complaints about you from colleagues whom you'd thoughts were friends and you'll hear management having issues with you 'cos you're not appearing serious about your work, you're not seeming to care about it, you're not seeming stressed out by it, you're not being inefficient enough so that you'd have to stay in late in the office, and so on. The matter of fact is that if you're good, everyone around you will conspire to shoot you down. Either through deliberate bitchiness or sheer natural unconscious bitchiness. Leave this fucking loser company you say; well, sure, but good luck getting references from them, or, in fact, this tends to be the situation wherever you go. Corporate culture just doesn't seem to encourage you to be good at your job, but, instead, to keep up appearances, just like executives keep up appearances that they actually matter when most of what they do in fact consists of somehow gutting the company any way they could for a little extra cash they could get away with.