Photo of Victoria Gilbert
Follow: Email

On January 12, 2016, the European Court of Human Rights (ECtHR) ruled that an employer who had monitored an employee’s private communications during working hours had not breached the employee’s right to privacy (under Article 8 of the European Convention on Human Rights).

This judgment will influence how other European national courts and regulators view similar cases involving employer monitoring of employee private communications. However, the full scope of the judgement remains somewhat unclear; in particular, it remains unclear whether the ECtHR would apply similar logic if the monitored communications had been carried out through a personal account, rather than a professional one.  Employers should also take note that the judgment emphasizes the need for employer monitoring policies to be reasonable and proportionate.  The judgment is available in full here.
Continue Reading European Court of Human Rights Rules That Employers Can Monitor Employee Private Communications

On December 7, 2015, the European institutions reached an informal agreement on the EU Network and Information Security (NIS) Directive — dubbed the Cybersecurity Directive (see press release from the Council).  Among other things, the NIS Directive imposes security and incident reporting obligations on operators of essential services in critical sectors and on some digital service providers.

As we reported in the summer, the scope of the NIS Directive has been controversial since the Commission published its original proposal back in February 2013.  Several stakeholders, including some Member States, have expressed reservations about subjecting online companies to the same obligations as operators of essential services in the energy, transport and other critical sectors.  Following many months of negotiations, a compromise has now been reached by introducing a lighter-touch regime for certain digital service providers that fall within the scope of the Directive.
Continue Reading European Institutions Reach Agreement on EU Cybersecurity Rules