SAC on limits for monitoring employees’ electronic communication

In its judgment 6 Ads 21/2026, the SAC considered whether an employer may monitor the content of an employee’s electronic communications and use the findings as evidence in disciplinary proceedings. Although the case concerned public service, the SAC’s conclusions can also be applied to private-law employers and their employees.

According to the SAC, monitoring an employee’s electronic communications is permissible only if several conditions are met. Key factors include the existence of a serious reason stemming from the specific nature of the employer’s activities, the proportionality of the monitoring, and compliance with the duty to inform the employee. The SAC compared these requirements with the case law of the European Court of Human Rights, in particular the Grand Chamber judgment in Bărbulescu v Romania (no. 61496/08), which set out key criteria for the permissibility of monitoring workplace communications.

In its assessment, the SAC relied on the so called Bărbulescu test, under which it is necessary to examine whether the employee was informed in advance about the possibility of monitoring, what its scope was, whether there were legitimate reasons for monitoring, whether less intrusive measures could have been used, and how the results of the monitoring were used. In the case at hand, the SAC found that the monitoring was limited in time and subject matter, responded to specific suspicions of a personal data leak, and pursued the legitimate aim of protecting the rights of third parties and maintaining trust in the public authority’s activities.

The SAC’s judgment thus confirms that monitoring an employee’s electronic communications is not impermissible; however, it must remain an exceptional tool subject to a strict test of proportionality and transparency.
 

Limits to monitoring according to the SAC

1. Existence of a serious reason
Monitoring is permissible only where there is a serious reason arising from the specific nature of the employer’s activities. A general interest in supervising employees is not sufficient – the aim must be, for example, to protect personal data, prevent the leak of sensitive information, or safeguard trust in the activities of a public authority.

2. Specific and well-founded suspicion
Any interference with privacy should be a response to a specific situation, not blanket or preventive surveillance. Ad hoc monitoring may be acceptable provided it is preceded by a genuine suspicion of a breach of duties.

3. Prior notice to the employee
The employee must be informed in advance, clearly and comprehensibly, that monitoring may take place, in what scope, and in what manner.

In the case at issue, the claimant challenged whether the duty to inform had been sufficiently fulfilled through an internal policy; however, the SAC agreed with the respondent. What matters is that the duty to inform is met in substance, and it may be fulfilled through the employer’s internal policy. Covert monitoring is, as a rule, impermissible.

4. Proportionate scope of monitoring
The monitoring must be limited in time and subject matter and focused only on relevant communications. The SAC expressly rejects “screening” an employee’s entire personal correspondence without a link to the pursued aim.

In the case at issue, the respondent carried out the monitoring within a three day window, which the SAC considered proportionate.

5. Subsidiarity (whether less intrusive measures can be used)
Accessing the content of communications is a measure of last resort. The court must always examine whether the objective could have been achieved in a less intrusive way and whether reviewing the content was truly necessary.

6. Legitimate use of the results
The information obtained may be used only for the purpose for which the monitoring was carried out (e.g., disciplinary proceedings). Misuse or secondary use would be impermissible.

7. Proportionality of the interference
Even where all conditions are met, the SAC assesses whether the infringement was disproportionate in light of its consequences, especially if it led to the most severe sanctions.
 

What does this mean for employers?

For employers, the SAC’s judgment is an important reminder that business emails and other work-related communications cannot be monitored without limits. It is crucial that there must be a specific reason for interfering with the employee’s privacy and that the interference must be proportionate in both scope and purpose.

This will determine whether the monitoring results can stand, for example, as evidence, or whether they will very quickly turn into an impermissible infringement on the employee’s privacy.