THIRD SECTION

Application no. 61496/08 Bogdan-Mihai B Ä‚ RBULESCU against Romania lodged on 15 December 2008

STATEMENT OF FACTS

T he applicant, Mr Bogdan-Mihai Bă rbulescu , is a Romanian national, who was born in 1979 and lives in Bucharest.

A. The circumstances of the case

The facts of the case, as submitted by the applicant, may be summarised as follows.

From 1 August 2004 to 6 August 2007, the applicant was employed by a private company (“the employer”) as an engineer in char ge with the sales. He created a Yahoo messenger account with the purpose of responding to clients ’ enquiries.

On 13 July 2007 the employer informed the applicant that his Yahoo messenger communications had been monitored from 5 to 13 July 2007 and that he had used the company ’ s Internet connection for personal purposes, contrary to the internal regulations. The applicant replied in writing that he had only used Yahoo messenger for professional pur poses. When presented with a 45 pages transcript of his personal Yahoo communications, the applicant notified his employer that, by violating his correspondence, they were accountable under the Criminal code.

On 1 August 2007 the employer ended the applicant ’ s employment contract for breach of the company ’ s internal regulations that provided among others that:

“It is strictly forbidden to disturb order and discipline within the company ’ s premises and especially [ ... ] to use the computers, copying machines, telephones, telex and fax for personal purposes.”

The applicant challenged his employer ’ s decis ion before the Bucharest County Court. He complained that this decision was a result of a violation of his right to correspon dence protected by the Romanian Constitution and the Criminal Code.

In a judgement of 7 December 2007, the county court dismis sed his complaint on the ground that the employer had complied with the dismissal proceedings provided for by the Labour Code. It considered that interception of his communications was the only manner in which the employer could verify observance of the in ternal regulations. The county court noted that the applicant had been duly informed of these regulations and concluded that:

“Internet at the work place must remain a tool at the employee ’ s disposal. It was granted by the employer for professional use and it is undisputable that the employer by virtue of his right to control the employees ’ activity has the prerogative to keep personal use of Internet under surveillance.

Some of the reasons that make the employer ’ s control necessary are the possibility that by using the Internet services, the employees may damage the company ’ s IT systems, the possibility to engage the company ’ s responsibility for illicit activities in the virtual space or the possibility to reveal the company ’ s commercial secrets.”

The applicant appealed against this judgment. He claimed that e ‑ mails were also protected by Article 8 of the Convention as pertaining to “private life” and “correspondence”. He also complained that the court did not allow him to call witnesses to prove that the employer did not suffer any prejudice as a result of his actions.

In a final decision of 17 Ju ne 2008, the Bucharest Court of Appeal dismissed his appeal and upheld the judgment rendered by the county court. Relying on EU Directive 95/46/EC, t he Court of Appeal ruled that the employer ’ s conduct had been reasonable and that monitoring the applicant ’ s communications was the only manner to establish the disciplinary breach. With regard to his defence rights, the Court of Appeal dismissed the applicant ’ s arguments on account that the evidence already adduced before it was sufficient. It maintained that the serious breach of internal regulations justified the applicant ’ s dismissal.

B. Relevant domestic law

The Romanian Constitution guarantees the right to the protection of intimate, private and family life (Article 26) as well as of the secret of the correspondence (Article 28).

Article 195 of the Criminal Code provides that:

“Anyone who unlawfully opens somebody else ’ s correspondence or intercepts somebody else ’ s conversation or communication by te lephone, by telegraph or by any other long distance means of transmission shall be liable to imprisonment for between six months to three years.”

The Labour Code in force at the tim e of events provided in Article 40 § 2 ( i ) that the employer was under the duty to guarantee the confidentiality of the employees ’ personal data.

Law no . 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of personal data transposes the provisions of EU Directive 95/46/EC (see below). It defines “personal data” as “any data related to an identified or id entifiable individual” (Article 3 a). It provides that data processing can only be done if the person concerned consented to it and sets out a list of exceptions when consent is not necessary. Exceptions refer, among other situations, to the necessity to perform a contract to which the concerned individual is a party to or to secure a legitimate interes t of the data operator (Article 5 § 2 (a) and (e). It also provides that when processing data, public authorities remain under the obligation to protect the individuals ’ intimate, p rivate and family life (Article 5 § 3).

C. Relevant European Union law

Directive 95/46/EC of the European Parliament a nd of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data provides that the object of national laws on the processing of personal data is notably to protect the right to privac y as recognised both in Article 8 of the European Convention and in the general principles of EU law. A Data Protection Working Part y was established under Article 29 of the directive in order to examine the issue of surveillance of electronic communications in the workplace and to evaluate the implications of data privacy for employees and employers. It is an independent EU advisory body.

The Working Party i ssued in September 2001 Opinion 8/2001 on the processing of personal data in the employment context which summarises the fundamental data protection principles: finality, transparency, legitimacy, proportionality, accuracy, security and awareness of the staff. With regard to employees ’ monitoring, it suggested that it should be:

“ a proportionate response by an employer to the risks it faces taking into account the legitimate privacy and other interests of workers”.

In May 2002 the Working Party produced a Working Document on surveillance and monitoring of electronic communications in the workplace. This working document asserts that the simple fact that a monitoring activity or surveillance is considered convenient to serve the employer ’ s interest could not justify an intrusion into the workers ’ privacy”. The document suggests that any monitoring measure must pass a list of four tests: transparency, necessity, fairness and proportionality.

From a technical point of view, the working document indicates that:

“Prompt information can be easily delivered by software such as warning windows, which pop up and alert the worker that the system has detected and/or has taken steps to prevent an unauthorised use of the network.”

More specifically, with regard to the question of opening the employee ’ s e-mails, the working document holds that:

“opening an employee ’ s e-mail may also be necessary for reasons other than monitoring or surveillance, for example in order to maintain correspondence in case the employee is out of office (e.g. sickness or holidays) and correspondence cannot be guaranteed otherwise (e.g. via auto reply or automatic forwarding).”

COMPLAINTS

1. The ap plicant complains under Article 6 § 1 of the Convention that the proceedings before the domestic courts were unfair, in particular as he was not allowed to present witnesses in his defence.

2. He also complains under Article 8 of the Convention that there was an interference with his right to respect for his private life and correspondence and that the domestic courts did not effectively protect his right.

QUESTION TO THE PARTIES

Have the State authorities complied with their positive obligation to protect the applicant ’ s right to respect for his private life and correspondence as guaranteed by Article 8 of the Convention?