Privacy: A guide for employers

Employers must respect privacy, and can only access private emails and messages of their staff in limited circumstances.

Employee right to privacy

The European Convention on Human Rights, which is incorporated into UK law, states that everyone has the right to respect for their private and family life, their home and their correspondence. There should be a balance between the general interest of the community and the individual’s fundamental freedoms. Although only public bodies must expressly comply with this right, it is relevant to all employers (including the private sector) as courts and tribunals must interpret, as far as possible, all legislation consistently with the right.

In most instances, therefore, emails and messages received and sent through private accounts outside work would be considered private, and employers would have no justification in scrutinising them. But there could be exceptions.


Misconduct/damage to reputation

Employers can dismiss fairly for misconduct and the misconduct may be inside or outside work. Damage to reputation could also provide a valid reason.

For conduct outside work, a key question would be whether the actions affect or could affect the employee’s work in some way or whether there is or could be reputational damage to the employer. Sending emails or posting messages outside work could fall within scope.

There have been a number of cases where employees have posted inappropriate messages on Facebook that could have damaged the reputation of the employer, and have led to fair dismissals.



Another question is whether employers have the legal right to snoop on employees and monitor emails and messages at work.

Data protection law requires employers to provide detailed information to their employees about their monitoring activities. Employers should also have legitimate grounds for the monitoring and avoid unjustified intrusions into employees’ private lives. The monitoring of email content from private accounts, for example, would be seen as one of the most intrusive forms of monitoring – and could be very difficult to justify.


In September 2017 the Grand Chamber of the European Court of Human Rights (ECHR)  considered whether an employer acted lawfully by accessing an employee’s private messages on a business Yahoo Messenger account, where the employer’s rules banned use of the company’s IT systems for private purposes.

Overturning an earlier decision, the ECHR held that the right to privacy was breached on the basis that, among other things, the Romanian domestic courts had failed to determine whether the employee had received prior notice from his employer of the possibility of monitoring, which was a relevant factor to be taken into account.The ECHR set out useful guidance in its judgment.

This guide is intended for guidance only and should not be relied upon for specific advice.

If you need any advice on privacy issues or have queries relating to other employment law matters please call 0203 797 1264.


Download PDF
Share This