Pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media

Risks and best prac­ti­ces for companies

Fai­ling to set clear rules for the pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media can have far-reaching con­se­quen­ces for both employ­ers and employees ali­ke. For exam­p­le, if employ­ers moni­tor employees’ e‑mails wit­hout their know­ledge and then fire them for enga­ging in pri­va­te use wit­hout having express­ly pro­hi­bi­ted it, they may be vio­la­ting data pro­tec­tion law. In the worst case, they may not only face claims for dama­ges, but would also be pre­ven­ted from using the e‑mails as evi­dence. Com­pa­nies should the­r­e­fo­re con­sider the following:

When is pri­va­te use allowed?

Pri­va­te may use may be con­side­red to be allo­wed in all cases whe­re it is not express­ly pro­hi­bi­ted. In some cases, courts have even ruled that, if employ­ers allow or tole­ra­te pri­va­te use of one com­mu­ni­ca­ti­ons medi­um, employees are entit­led to assu­me that other com­mu­ni­ca­ti­ons media may also be used for pri­va­te pur­po­ses. For exam­p­le, allo­wing pri­va­te use of com­pa­ny cell pho­nes may result in allo­wing pri­va­te use of com­pa­ny e‑mail, or vice versa.

May com­pa­nies moni­tor pri­va­te use regard­less of whe­ther they suspect an offense?

In accordance with the case law, com­pa­nies which allow pri­va­te use gene­ral­ly can­not moni­tor employees’ com­mu­ni­ca­ti­ons regard­less of sus­pi­ci­on unless they announ­ce their moni­to­ring action in advan­ce and give employees an oppor­tu­ni­ty to pro­tect their pri­va­te com­mu­ni­ca­ti­ons from being acces­sed by the com­pa­ny. Very strict requi­re­ments app­ly with respect to the pro­por­tio­na­li­ty of such measures.

Does tele­com­mu­ni­ca­ti­ons sec­re­cy app­ly for com­pa­ny communications?

The ques­ti­on as to whe­ther tele­com­mu­ni­ca­ti­ons sec­re­cy appli­es in accordance with §§ 88 of the old Tele­com­mu­ni­ca­ti­ons Act and § 3 of the Tele­com­mu­ni­ca­ti­ons and Tele­me­dia Data Pro­tec­tion Act, as amen­ded, is dis­pu­ted. For­t­u­na­te­ly, opi­ni­on in both the case law and the legal lite­ra­tu­re is incre­asing­ly tren­ding towards the view that employ­ers are not obli­ga­ted to main­tain tele­com­mu­ni­ca­ti­ons sec­re­cy. If pri­va­te use is allo­wed, howe­ver, moni­to­ring employee com­mu­ni­ca­ti­ons is sub­ject to stric­ter requi­re­ments in data pro­tec­tion law. 

Should pri­va­te use be prohibited?

Pro­hi­bi­ting pri­va­te use is the simp­lest cour­se of action from a legal view­point, and one which con­forms to recom­men­da­ti­ons from the data pro­tec­tion aut­ho­ri­ties. But here as well, the­re are some things to con­sider. Name­ly, com­pa­nies which pro­hi­bit pri­va­te use must ensu­re that they actual­ly moni­tor employee com­mu­ni­ca­ti­ons and enforce this pro­hi­bi­ti­on. If they fail to do so, their effec­ti­ve tole­ra­ti­on of pri­va­te use may estab­lish a com­pa­ny prac­ti­ce con­tra­ry to the actu­al pro­hi­bi­ti­on. Moni­to­ring may be per­for­med e.g. by kee­ping a log of employees’ inter­net use. Com­pa­nies would also be well-advised to estab­lish rules for the hand­ling of minor cases and vio­la­ti­ons. The com­pany’s working envi­ron­ment should also be taken into account. It should be kept in mind that, even though no spe­ci­fic stan­dards have been estab­lished in this regard in the case law, not every case of pro­hi­bi­ted pri­va­te use jus­ti­fies a dis­mis­sal. If pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media is pro­hi­bi­ted, a “bring your own device” (BYOD) rule could make life easier for employees. But here as well, clear rules need to be established.

Is a pro­hi­bi­ti­on of pri­va­te use abso­lut­e­ly necessary?

Each com­pa­ny can deci­de for its­elf how it wants to hand­le pri­va­te use. The­re are argu­ments both in favour of pri­va­te use (e.g. the bene­fits for employees) and against it (e.g. hig­her risk of cyber­at­tack). Regard­less of what the com­pa­ny deci­des, clear rules must be estab­lished and tho­se rules must actual­ly be enforced. Allo­wing pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media to get out of the con­trol is not only toxic for IT com­pli­ance, but will quick­ly result in vio­la­ti­ons of data pro­tec­tion law.

What should employ­ers keep in mind? 

Com­pa­nies which have not yet estab­lished clear rules for the pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media should abso­lut­e­ly do so now, as this is the only way to avo­id detri­men­tal con­se­quen­ces in data pro­tec­tion and labour law. For exam­p­le, by Judgment of 27 Janu­ary 2023 (Case No. 12 Sa 65/21), the Dis­trict Labour Court of Baden-Württemberg orde­red an employ­er to pay dama­ges in the amount of 3,000 Euros for impro­per­ly moni­to­ring pri­va­te com­mu­ni­ca­ti­ons, as well as pre­ven­ting the employ­er from using tho­se com­mu­ni­ca­ti­ons as evi­dence in the ongo­ing pro­cee­dings for pro­tec­tion against unfair dis­mis­sal. Com­pa­nies also should not for­get that pri­va­te use of com­pa­ny com­mu­ni­ca­ti­ons media can have a far-reaching impact on cyber­se­cu­ri­ty, in that it increa­ses vul­nerabi­li­ty to attack while at the same time limi­ting the com­pany’s abili­ty to moni­tor com­mu­ni­ca­ti­ons due to stric­ter requi­re­ments in data pro­tec­tion law.

back

Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.