Privacy & Information Security Law Blog

Reporting from Israel, legal consultant Dr. Omer Tene writes:

In a sweeping, 91-page decision issued last week, the Israeli National Labor Court severely restricted employers’ ability to monitor employee emails.  In its opinion, the Court made strong statements concerning the suspect nature of employee consent and mandated the implementation of principles of legitimacy, transparency, proportionality, purpose limitation, access, accuracy, confidentiality and security.  The Court stated that, given the constitutional status of the right to privacy, exemptions to the Privacy Protection Act, 1981, must be interpreted narrowly.

The Court held that an employer must (1) set forth a clear policy with respect to employee use of computers and communications systems in the workplace, (2) convey the policy to employees, and (3) integrate the policy’s terms into employment contracts.  In the absence of a computer use policy, employees may form a reasonable expectation of privacy with respect to their use of employer systems.  Employee consent to any monitoring of communications must be freely given, explicit and informed; and in writing in most cases.  The Court expressed strong reservations concerning the acceptance of employee consent as a basis for monitoring, given doubts as to its free and voluntary nature.

The Court distinguished between the monitoring of email accounts which may be used by employees strictly for business, “mixed accounts” provided to employees for both business and personal use, and personal accounts such as Gmail or Hotmail.

• Although business accounts may be monitored routinely, an employer may not review the contents of any personal message sent on a business account, even in violation of company policy, without employee consent.
• Mixed accounts may be monitored only where there is suspicion of wrongdoing, and the monitoring must be based on employee consent both to company policy and to each specific instance of monitoring.
• Personal accounts may not be monitored, even with employee consent, absent a court order.
• In all cases, monitoring must be based on a legitimate interest of an employer, implemented as a last resort after exhausting all other available means, and not used for any purpose beyond that which was conveyed to, and envisaged by, employees.

Companies operating in Israel should take account of the decision to ensure compliance with privacy and labor legislation.  Infringement of the detailed rules set forth in the decision may constitute a criminal offense as well as a civil tort.

The full decision is available (in Hebrew) on the Court’s website.