PRIVACY I(N)T CONTEXT
doc. dr. Jasna Cosabic
right to privacy, or the right to respect for private life, as the
European Convention on Human Rights guarantees it, has been affected
by the IT growth era. Privacy has long been protected, but will face
a new dimension of protection for the generations to come. The right
to respect for private life is not an absolute one, and may have a
different feature in different context.
By Niemitz v.
Germany judgment (1992) the European Court on Human Rights ('the
ECtHR') included the right to connect with other individuals into
the notion of private life, saying that it would be too restrictive
to limit the notion of an 'inner circle' to personal life and
exclude therefrom entirely the outside world not encompassed within
that circle. The right to communicate was thus inscerted into the
the privacy context.
But the extent of communication and
technologies which enable it signifficantly changed since.
Few decades ago, it mainly consisted of personal communication,
communication by conventional letters and phone communication. At
the time the Convention was adopted in the mid last century, there
was no internet, not even mobile/cell phones, nor personal
computers. The feature of privacy protection was much more simple
Now, when we approach the rule of IoT (internet
of things) communication, not only do people communicate, but
'things' as well. The subject of that 'non-human' communication may
also be private data of individuals. At the same time, the
individual, human communication became more simple, available at any
time, and versatile by its means.
New society digital
evolution becomes a special challenge when speaking of the
protection of privacy. Availability of every person not only in
physical life but in cyber life as well, upgrades the privacy to a
new sphere. If we do ourselves chose to use social networking,
Skype, Instagram, Twitter, Yahoo Messenger, Linkedin, Facebook, the
later being ‘the most powerful database of persons ever on internet’
as rightfully noted by prof. Bajrektareviæ, in his book ‘Is there
life after Facebook?’ as well as other internet features, we must be
aware that our privacy may come into the open. If we add to that
e-context a physical surrounding of a working place, under certain
conditions, the feature of privacy changes, i.e. it becomes less
protected then in the context of an earthbound private circle, the
surrounding which was in mind of lawmakers when adopting for
instance the European Convention on Human Rights in 1950.
Recently, at the table of the ECtHR was the case of Barbulescu v.
Romania (judgment enacted in January 2016), where the question arose
of whether an employer is entitled to look into his employer’s
private messages at Yahoo Messenger. The messages were written by
the employee during the working time, at the computer owned by the
employer. The employer monitored and made transcript of messages
made at the Yahoo Messenger account that was created at the
employer’s request for the purposes of contacts with clients, but
the transcript also contained five short messages that Mr.
Barbulescu exchanged with his fiancée using a personal Yahoo
The ECtHR found no violation of the right
to respect the private life by such actions of the employer.
The ECtHR noted that the employer did not warn the employee of
the possibility of checks of the Yahoo Messenger. However, the
company where Mr. Barbulescu worked did adopt internal rules
according to which it was strictly forbidden to use computers,
photocopiers, telephones, telex and fax machines for personal
purposes. Can that be seen as a warning? Does it give an employer a
right to monitor personal messages of an employee?
wonder if the ECtHR gave the advantage to a market economy and
profit growth, versus privacy? Did it give to employer the right to
control the employee even if that would mean invading his privacy?
This, under certain conditions, like internal policy rules or
warning, gives the employers the right to rule the employees space,
of course, during work hours, and their right to monitor the job
done by his employees may be stronger then their right to privacy.
However one should be careful in concluding that all employers
may now freely snoop into their employees’ e-mails, tweets, messages
The ECtHR took into consideration the ‘expectation of
privacy’, which Mr. Barbulescu, the employee, had regarding his
communications. The internal rules of the employer which strictly
prohibited the use of computers for private purposes, made the
decisive shift towards ruling in favor of non violation. He probably
should not have expected to have his privacy respected in such
circumstances. But in the absence of such rules and in the absence
of warning, any such intruding into employees’ private communication
would rise an issue of privacy protection.
With the fast
development of society and technology, the privacy is much more
vulnerable, and it apparently affects its legal protection.
Almost two decades ago in the case of Halford v. UK the same ECtHR
decided that tapping of Ms. Halford’s phone at the office did
constitute a violation of her right to respect of her private life.
Without being warned that one's calls would be liable to monitoring
the person would have reasonable expectation that his privacy is
protected (Halford v. UK 1997). In Amann v. Switzerland ECtHR
judgment (2000) telephone calls from business premises pursue to be
clearly covered by 'private life' notion.
The ECtHR further
spread the privacy protection to e-mails sent from work in the
Copland v. United Kingdom judgment (2007). In this case it also
decided that monitoring of telephone usage in the way of analysis of
business telephone bills, telephone numbers called, the dates and
times of the calls, duration and cost, constituted “integral element
of the communications made by telephone”, and made an interference
into the privacy. Moreover, the ECtHR was of the view that the
storing of personal data relating to the private life of an
individual also fell under the protection of the Article 8, being
irrelevant whether it was or was not disclosed or used against the
person. It further held that that 'e-mails sent from work should be
similarly protected under Article 8, as should information derived
from the monitoring of personal Internet usage' like analysing the
In Halford and Copland case the personal
use of an office telephone or e-mail or was either expressly or
tacitly allowed by the employer. Accordingly the ECtHR found a
violation of privacy when the employer intruded therein. In
Barbulescu, on the other hand, due to the internal regulations that
forbid the private use of computers, the ECtHR did not consider a
monitoring by employer to be a violation of his privacy, although
the intrudment happened in the form of making the transcript of
employee's messages and keeping that transcript. The ECtHR
considered that ‘broad reading of Article 8 does not mean, however,
that it protects every activity a person might seek to engage in
with other human beings in order to establish and develop such
relationships' (Barbulescu para 35)
We can see that the
position of employer towards allowing or non allowing phone, e-mail,
or internet usage, made a difference as to the employee’s
expectation of privacy. But can we add to that the more open
communication, as a reason of lowering the level of the ‘expectation
It still remains up to the individual how
he/she shall expose his/her privacy. The means of multiple
communication, are now in everyone’s pocket, and a person does not
have to use a land phone line, in order to call home. By simple
touching the screen he/she may communicate, share, like, tweet,
comment. If it is done during working hours, it gives, under certain
conditions, a possibility to employers to look into that ‘share’,
‘like’, ‘tweet’, ‘comment’ and still not to invade anyone’s privacy.
The more open the conversation is, its protection gets more
demanding and complicated. So the protection of privacy remains a
big test for the future.
The European Commission has launched
an EU Data Protection Reform in 2012, in order to 'make the Europe
fit for the digital age.' Strenghtening citizens' fundamental
rights, Digital Single Market, are the areas that need special
attention. Currently in force Directive 95/46/EC of the European
Parliament and of the Council of the EU of 1995, provides that
personal data is 'any information relating to an identified or
identifiable natural person'.
Article 29 Data Protection Working
Party ('DPWP'), in 2002 adopted a Working Document on the
Surveillance and the Monitoring of Electronic Communications in the
workplace. According to that Document the mere fact that monitoring
serves an employer's interest could not justify an intrusion into
workers' privacy. Monitoring, according to the DPWP, must pass four
tests: transparency, necessity, fairness and proportionality.
'Workers do not abandon their right to privacy and data
protection every morning at the doors of the workplace' provides the
Document, however, 'this right must be balanced with other
legitimate rights and interests of the employer, in particular the
employer's right to run his business efficiently to a certain
Under Directive 2002/58/EC concerning the
processing of personal data and the protection of privacy in the
electronic communications sector (Directive on Privacy and
Electronic Communications) of 2002 'Member States shall ensure the
confidentiality of communications and the related traffic data by
means of a public communications network and publicly available
electronic communications services, through national legislation.'
It provides for the prohibition of 'listening, tapping, storage or
other kinds of interception or surveillance of communications and
the related traffic data by persons other then users without the
consent of the users concerned'. Exceptions may be made, inter
alia, for the interests of national security, prevention of
criminal offences or of unauthorized use of the electronic
communication system etc.
Data protection of citizens will be
a big challenge in future. The judge Pinto de Albuquerque in his
partly dissenting opinion in Barbulescu case has criticized the
ECtHR's majority in missing the chance to develop its case-law in
the field of protection of privacy with regard to Internet
communications and for overlooking, inter alia, some
important features like sensitivity of the employee's communication
and non-existence of Internet surveillance policy duly followed by
the employer (apart from the above mentioned internal regulations
forbidding the use of computers).
On one hand there is a
request for privacy protection, while on the other hand, there is a
request from the market economy/employers that the job be done. The
interests of the two must always be fairly balanced, but with the
speedy development of technology and the internet interaction, the
danger of exposing private data rises. That is why the legal
creators have a big responsibility to act ahead of time, which, in
the IT context, is running at the light speed.
doc. dr. Jasna Čošabić
professor of IT law and EU law
at Banja Luka College,
Bosnia and Herzegovina
OPEN PAGES FOR ALL PROBLEMS - BLACK ON WHITE ABOUT ALL OPPRESSION
OTVORENE STRANICE ZA SVE PROBLEME - CRNO PO BIJELOM O SVEMU ŠTO TIŠTI
Tekstovi koji vulgarno vrijeđaju: neku vjeru, navode na rasnu diskriminaciju i slično, ne dolaze u obzir.
Vaše priloge šaljite u
TEXT ili HTML formatu na email:
- Last modified: