Gmail privacy has become an ever increasing issue and topic of conversation. Some employers allow employees to use webmail services, like Gmail? Does an employee have a right to use it? Can an employer monitor their use? Maybe to protect the personal information of their customers. Many employers run into l trouble because they read gmail messages and infringe their employee’s privacy.
Manage email in your organisation properly
Employers can avoid this and others problems by managing emails in their organisations properly. Employers should also not forget to pay attention to privacy and social networking websites, like Facebook, before monitoring their employees’ use of such sites.
The CCMA has made an interesting decision reported under Smith and Partners in Sexual Health (Non-Profit) CCMA (WECT 13711-10). The company (a non-profit organisation) initially created a company Gmail account as it did not have its own domain. The employee, Ms Smith, was employed as the administration assistant. One of her duties was to check the company Gmail account and forward emails to the company’s new email address (which was subsequently created: firstname.lastname@example.org). Smith also had her own personal Gmail account.
The company CEO (Ms de Lora) wanted to log into the company Gmail account to check whether any emails had come in while Ms Smith was on leave. Ms Smith forgot to sign out of her personal Gmail account and the CEO ended up looking at Ms Smith’s personal account instead.
The CEO did not realise that she was looking at the employee’s personal emails at first. However, she worked it out once she tried to look at them again and ended up logging into the business account.
the employee complained about her job
Ms De Lora dismissed Ms Smith because she found emails in her personal account in which the employee complained about her job, complained about Ms De Lora and told people outside of the organisation about its daily activities.
Ms Smith took her employer to the CCMA for unfair dismissal. She argued that her:
- employer had intercepted her private Internet based emails on Gmail unlawfully;
- employer’s actions were not justified by our monitoring law, the Regulation of Interception of Communication and Provision of Communication-Related Information Act, 70 of 2002 (“RICA”), that
- employer’s actions infringed her Constitutional right to privacy; and
- that the emails that her employer sought to rely on were not admissible as evidence.
The Arbitrator held that Ms De Lora had intentionally intercepted the messages when she returned to look at them a second time. The messages were stored on Google’s Gmail servers in terms of a contract between Google and the employee to which Ms De Lora was not party. They could not be used as evidence against the employee because it would unjustifiably infringe her right to privacy.
The email could not be used as evidence against the employee
Ms Smith was awarded R21 600.00 in compensation, because there were no grounds for dismissing her without the emails as evidence.
Our comments on Gmail Privacy
The general position in our law when it comes to monitoring is that all monitoring is prohibited under RICA, unless the monitoring falls within one of the several exceptions allowed by RICA. Three of those exceptions are relevant to this case:
- where you are a party to the communication (the court held that the CEO was not a party to any of the communications taking place via email in the employees Gmail account); or
- where one or more of the parties to that communication have consented in writing (the employee did not consent to the CEO monitoring in writing); or
- where it is for a business purpose and you have gone through some important procedural steps prescribed in RICA (no reliance was placed on this).
If the monitoring and interception falls within one of these three exceptions, the company will be “protected” and the (otherwise unlawful) monitoring and interception by the company, will be lawful. Therefore, the key to implementing RICA is that where a company seeks to rely on a particular exception – invariably ex post facto – it must comply with the provisions contained in that exception. Moreover, each case has to be decided on its own unique facts!
So the court considered all the emails in the employees Gmail account to be private emails that the company could not monitor or intercept.
Based on an analysis of the evidence and argument by the Arbitrator it is clear that the decision might have been different had the private emails been stored on computer hardware owned by the employer. The court in our view seemed to place too much emphasis on whether the employer owned the email server hardware as being a test for who owned the email. This is not correct, as the employer can still own the email without owning the email server hardware. See our article “when is your email “private?”.
It is also noteworthy that neither the Electronic Communications Act 36 of 2005 nor RICA require that the telecommunications system relating to the email or document being monitored be owned or controlled by the employer.
Note that an employer can still only open an absent employee’s email in specific situations.