‘Private emails’ – fact or fantasy? Do Google snoop on messages?

The media has been awash with sensationalist headlines recently about the veritable evils of Gmail, and how they are sneakily checking all your correspondence. There is outrage from journalists who are disgusted and appalled by this betrayal at the hands of the dastardly Google. I must admit, a few of the headlines caught my eye (difficult to avoid given the high-octane level of drama). As a gMail user myself, I am a little concerned that emails I was sending were not private and were in fact screened, read, dissected and no doubt mocked by a little team of nasty Google elves somewhere (allegedly).

This ‘scandal’ has been sparked by a motion which was lodged against Gmail in June of this year which, among other things, accuses them of breaching various ‘wiretap’ statutes. In its motion to dismiss, Gmail say “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” This was specifically in reference to non-Gmail users, and goes to the point that email systems have to process emails and route them properly, in much the same way as a postie has to check addresses on the snail mail.  It is my understanding that this argument follows a long line of pre-existing US case law. Anyone accessing Gmail is beholden to its terms (as you would probably expect), including the fact that automated scanning does take place and that this information is used to target you with advertising.  One commentator notes that if you have been emailing a lot of people about, for example, your impending nuptials, you will suddenly start to notice ads popping up for wedding cakes and dresses, alongside those for couples’ therapy and divorce lawyers. Charming.

So, irritating adverts about your love life aside, maybe we need to take a step back. Our personal emails may be subject to screening by Google and security systems, which is clearly not ideal. However, it seems to be unavoidable and, in reality, does not seem to be stopping us using Gmail and other similar free email providers. But we wouldn’t really be keen on other people snooping around, would we? What if (shock horror) your employer was reading every word you send to your other half (or your mum, if aforementioned love life is not so successful) in the course of your working day?

It’s worth knowing that it is a fundamental requirement of data protection law that workers are aware of any monitoring of their communications. You also do have a legitimate expectation of being able to keep your personal life private in the workplace, and you are entitled to a degree of privacy in your working environment. Cue big sighs of relief all round. However, that is not to say that monitoring cannot take place.

In the first giddy few days of a new job, you may well have signed an electronic communications policy (and like most of us, probably didn’t read it in any great detail, if at all). This policy is likely to set out circumstances in which you may or may not use your work email for private use. There may also be restrictions on the size of attachment you can receive, and advice as to when you can expect confidentiality (e.g. if you are communicating with a company doctor, it may be that confidentiality can only be guaranteed by using the post). Any monitoring which does take place should be explained in full in the policy, setting out the extent and the means used. It may be, depending on the policy in place, that you can have a greater expectation of privacy if the email in question is marked ‘Private’ or ‘Personal’ (although usually there are still no guarantees). Much will depend on what the policy says (seriously…read it) but an employer may reserve rights for monitoring of communications for training purposes, for example.

To access personal emails on your work email account, unlike the nasty Google elves, your employer must have a ‘pressing business need’ to do so. The Information Commissioner suggests in the Employment Practices Code that such a need could arise if, for example, your employer suspects you of work-related criminal activity. This need must be sufficient to justify the intrusion involved and there must be no reasonable less intrusive alternative. So unless you are a bona-fide baddie (or your employer reasonably believes you to be) you’re probably ok.  Your personal email account can only be monitored in ‘exceptional circumstances’, although it is not quite clear what will be deemed to be ‘exceptional’. In any event, before you go crazy on the Gmail/Hotmail/Yahoo, do bear in mind that spending copious amounts of time on your personal email during the working day may well get you into hot water anyway, given that you’re probably not doing any work….

For employers, there are a few pieces of key legislation that need to be borne in mind, namely the Regulation of Investigatory Powers Act (RIPA) and the Lawful Business Practice Regulations. An impact assessment should be undertaken, and employers should, where practicable, limit monitoring of e-communications to that which is necessary to ensure the security of their system, e.g. protection from intrusion and from malicious code such as viruses or big bad Trojans, or for the detection of the misuse of passwords. There is a very handy guide set out at page 57 in the Supplementary Guidance to the Employment Practices Code, provided by the Information Commissioner, with a table entitled “How intrusive is your monitoring?” which may serve as a useful touchstone if you happen to be an employer considering doing a bit of snooping…

On balance, you can probably assume that Google see more of your email content than your employer does, which to be honest is probably a relief for most of us. But, there are no guarantees of anything being completely private in this technological, everything-out-there-for-everyone-to-see world. So, if you want something to be properly on the down low, it’s probably worth abandoning the technology altogether (yes, it can be done!) and whispering those sweet nothings into your other half’s (or your mum’s) ear…

Jenny Kerr specialises in employment and partnership law at CM Murray LLP. She has a particular interest in (but cannot yet claim to fully understand) all things technological.

Follow @cmhrtech for regular updates on #tech, #ukemplaw and #hr

Email: jenny.kerr@cm-murray.com

Direct Dial: 0207 718 0128