Employees’ privacy in the Czech Republic

Right to privacy vs. the protection of business interests. The Czech Privacy Office's position.

May the employees' e-mails be monitored? How can right to privacy be reconciled with productivity and the protection of the employer's assets and business secrets? The issue is so sensitive that it has been brought to the attention of the European Court of Human Rights. While the Czech legal system does protect privacy, it takes the employers' interests into account, too.

Privacy is protected by several provisions of Czech law. The Charter of Fundamental Rights and Freedoms mandates that the privacy of letters not be violated. The Civil Code rules protect the privacy of certain "personal" documents, which may be reproduced only upon permission. The Labour Code explicitly prohibits the monitoring of employees' phone conversations and business e-mails, unless it is justifiable in the light of the nature of the employer's business. If so, the employee must be informed (e.g., through the work rules).

The starting point of the Czech Office for Personal Data Protection ("Office") is that "the employer is entitled to request that the employer, at the workplace and during working hours, attend his / her personal business only in adequate and necessary limits". Monitoring is tolerated only as an exception. According to the Office, the employer may "eventually" monitor the number of sent and received e-mails; if the employer suspects that the employee misuses the company's resources, also the message's heading (i.e. "to" and "from" fields) may be monitored. It follows that monitoring is permitted insofar it purports to discover unlawful employees' activities. (The Italian courts talk of "protective control" in these situations).

Reading e-mail's content is permitted only in "exceptional cases". For the Office, an example of "exceptional case" is a message which is delivered to the mailbox of an employee on a long-term sickness leave, and the late knowledge of the content may cause harm to the employer. In this contingency, the employer has the authority to read the content of the e-mail, provided that it can be reasonably concluded from the heading that the message does not concern personal matters of the employee.

Any monitoring or data collection (also monitoring how many e-mails an employee sends and receives) must comply with personal data protection regulations: the employee must be informed and give consent.

This provides developers of employee monitoring solutions with sufficient leeway for their software.

Massimiliano Pastore