Recently, an employer was reported to the police for having violated s. 263 of the Danish Criminal Code on the confidentiality of correspondence because he had read messages sent by 24 former and three existing employees on their employer-provided cell phones.
Three employees were dismissed when the employer discovered information in the text messages which he could not tolerate. The cell phones were handed in because they were to be replaced, and the employer discovered information discrediting a colleague, defamatory remarks about the management and disloyal acts during a dispute at the workplace.
The employer is of the opinion that he was entitled to read the messages on the employer-provided cell phones.
What are the employer's rights?
As a general rule, an employer is entitled to monitor and check employees by reviewing e.g. e-mails and employer-provided cell phones.
In these situations, it is, however, important that the employer makes sure:
- That the rules on consent in the Danish Data Protection Act are observed;
- That the control is proportionate to the purpose it intends to achieve;
- That the control has an objective basis;
- That the employee is given advance notice of the review.
The Data Protection Act does not entitle the employer to read the employee's private e-mails. Therefore, employers are not allowed to open e-mails where the e-mail subject or the sender/receiver appears to be private. If an e-mail does not immediately appear as private, but nevertheless proves to be private, the employer must stop reading it immediately.
An employer who has not given advance notice that he intends or is entitled to review or read e-mails with private content, risks fines of DKK 30,000 from the Danish Data Protection Agency.
What about text messages?
If one assumes that the same principles apply to text messages, the employer will generally be able to check an employee's text messages if their content is not of a private nature. But as text messages have no subject field etc., where one can write "private", it is, however, difficult for the employer to determine in advance whether a message is private or work-related.
Most people with employer-provided cell phones also use their cell phones for private purposes. It is difficult to draw the line between private and non-private. In these situations, the case will probably depend on how the employer usually communicates with its customers.
If it is standard practice that the employees use text messages to communicate with the employer's customers, it will probably be easier for the employer to justify monitoring/checking the cell phone. At workplaces where the employees generally only use messages for private purposes, the employer will probably violate the Danish Data Protection Act if he monitors or checks the text messages.
The rules on confidentiality of correspondence
In addition to the Data Protection Act, the provisions of the Danish Criminal Code on confidentiality of correspondence may also be relevant to the situation where an employer reads the private e-mails or text messages of his employees. The courts have not yet decided whether an employer's opening of private e-mails or text messages would constitute a violation of the Danish Criminal Code. According to the legislative history behind the Criminal Code, the opening of electronic messages will generally be subject to the statutory provision on the confidentiality of correspondence.
The question is, however, whether an employer's opening of e-mails and text messages on an employer-provided cell phone may be deemed to correspond to the opening of a "closed message". This question is widely debated in theory, but has not yet been clarified in practice. There is, however, some agreement that a clear signal from the employer that such message will be opened can disprove the employee's expectations about secretiveness.
iuno's opinion
It is important that the employer issues general and clear guidelines for the use of an employer-provided cell phone. If the employer has agreed to the phone being used for private purposes, there should be a clear policy which gives the employees information about the employer's right to monitor and check text messages and that the employees cannot expect text messages to remain private. By having a clear policy on the area, employers can, in our opinion, avoid potential criminal liability.
The Danish Data Protection Agency will, however, still be of the opinion that the employer may not read messages which are clearly private. Finally, the general requirements in the Data Protection Act must always be met, and the employer should therefore assess the need for a clear policy. In the absence of a specific suspicion or business reasons, the reading of the messages will, however, be contrary to the Act, even with a clear policy on the area.
It is not always sufficient to hand out the employer's policy on the area. Consequently, iuno recommends that the employees receive a copy of the policy and that they sign a consent form or an addendum to their contract which meets the statutory requirements to consents.
[The Danish Criminal Code, Consolidated Act 2012-10-24 no. 1007, the Danish Data Protection Act, A 2000-05-31 no 429, the Danish Data Protection Agency's guidance on control of employees' browser and e-mails]