The Employer’s Right to Read Employees’ Emails
Email enjoys the same constitutional protection of the confidentiality of communications as traditional letter-post, which is why the employer must primarily strive to ensure that no need to examine the messages arises. The Act on the Protection of Privacy in Working Life regulates the employer’s right to read an employee’s email without the employee’s consent. An employer may only read messages addressed to it if the employer has first fulfilled the duty of care imposed by the Act. The duty of care requires the employer to provide the employee with one of the following options for organizing email services when the employee is away:
Automatic out-of-office notification. (The goal is to reduce the number of messages sent to the employee when they are away, and the employer, therefore, does not need to read said messages.)
Re-directing messages to another address. (The employee can direct the messages to another address of their or another employee. However, the address has to be approved by the employer.)
Consent for another person to read the messages. (To establish whether the messages sent to the employee are clearly meant for the employer.)
By imposing a duty of care the goal is that no need arises for the employer to read the employees’ emails when the employee is out of the office.
In the employee’s absence, the employer’s right to retrieve messages meant for the employer, based on the sender, receiver and subject lines, as well as the right to open a specified message, is conditional on the following:
the employee manages tasks independently on behalf of the employer;
it is evident, on account of the employee’s tasks and matters pending, that messages belonging to the employer have been sent or received;
the employee is temporarily prevented from performing their duties; and
the employee’s consent cannot be obtained within a reasonable time and the investigation of the matter cannot be delayed.
In addition, the employer must have a necessary reason to be informed of the messages to serve its customers or otherwise secure its operations. A person authorized by the information system administrator must be present when retrieving messages.
As described above, the employer has the right to open the retrieved message if it is obvious, for example from the subject of the message, that the message belongs to the employer and the employer does not reach the sender of the message to find out its content. A person having administrative rights to the information system and another person in addition to the employer must be present when the message is opened.
A statement signed by the persons who participated in the retrieval or opening of the message, stating why the message was retrieved or opened, the time of retrieval or opening, and those who performed the retrieval or reading. The report must be sent to the employee immediately.