In the modern business environment, digital communication has become the primary way of working – emails, chats, internal messages, and other forms of electronic correspondence are used daily. At the same time, this raises an important dilemma: to what extent may an employer monitor such communication without infringing upon employees’ right to privacy?
Legal Framework and Fundamental Principles
The right to privacy and correspondence is regulated through international standards applied by Serbia as a signatory to the European Convention on Human Rights. In practice, this means that any interference with employee communications must be lawful, transparent, justified, and proportionate to the legitimate objective pursued.
At the national level, the Labor Law and the Law on Personal Data Protection set clear boundaries: employers may monitor employee activities only in compliance with legal provisions and prescribed procedures, and this must always be assessed on a case-by-case basis. Otherwise, such monitoring may constitute a violation of the right to privacy and expose companies to significant legal risks.
When Is Monitoring Employee Communications Allowed?
There are situations in which monitoring employee correspondence may be lawful, for example, in cases involving:
- Security risks – when there is a serious suspicion of confidential information leakage or other security incidents;
- Violation of internal policies – where employees repeatedly breach rules regarding the use of company equipment or services (for example, using corporate email accounts for private purposes when this is prohibited or using company phones contrary to established policies).
However, one of the most common misconceptions among employers is that simply having a rule such as “do not use company email or chat for private purposes” automatically gives them the right to read the content of employee messages. This is not the correct approach. Even in such circumstances, monitoring must be limited and conducted in accordance with the law.
Rules of Conduct and Employee Notification
For monitoring employee communications to be lawful, according to the case law of the European Court of Human Rights, employers must take several key steps, including:
- Clearly informing employees about the possibility and method of monitoring;
- Defining the scope of monitoring – whether it concerns only communication flow (for example, whether an email was sent) or also its content;
- Establishing legitimate reasons for monitoring and considering whether less intrusive measures could achieve the same purpose;
- Introducing internal procedures describing what happens if employee rights are violated, including measures for data protection.
These measures must be transparent and accessible to employees.
Balancing Employer and Employee Rights
The most important principle is maintaining a balance between the legitimate interests of the employer and the employee’s right to privacy. Employers have a legitimate interest in protecting their business operations and information, but this cannot serve as a reason for unjustified interference with employee privacy.
In practice, this means that monitoring cannot be arbitrary; it must be justified and limited to what is strictly necessary.
FAQs
Can Employers in Serbia Monitor Employee Communications?
The permissibility of monitoring employee correspondence must be assessed in each individual case. In principle, monitoring may be allowed if it is:
- in accordance with the law,
- pursuing a legitimate objective (e.g., protection of confidential business information),
- proportionate to the objective pursued, and
- employees have been clearly informed in advance about such monitoring practices.
Any monitoring that is secret, arbitrary, or disproportionate is unlawful and constitutes a violation of the right to privacy.
Must Employers Inform Employees About Monitoring?
Yes, one of the key conditions for lawful monitoring is informing employees about such practices. Employees must be:
- informed in advance,
- clearly notified about the scope and purpose of monitoring, and
- informed about how their data will be processed.
Hidden surveillance is unlawful and constitutes a violation of employee rights.
Is Employee Consent Required for Monitoring?
Another common misconception among employers is that if an employee consents to monitoring, this alone is sufficient to make it lawful. In employment relationships, however, consent is generally not considered a valid legal basis because of the imbalance of power between employer and employee.
Therefore, employee consent alone is not sufficient to introduce monitoring of correspondence.
Is an Internal Policy Enough to Make Monitoring Lawful?
In short: no. Internal policies are necessary but not sufficient on their own. Employers must also:
- clearly inform employees about the possibility and method of monitoring;
- precisely define the scope and purpose of monitoring;
- comply with procedures prescribed by the Law on Personal Data Protection;
- ensure that monitoring measures are proportionate and justified.
The mere existence of a rule such as “private use of company email is prohibited” does not automatically grant the employer the right to read message content.
Do Employees Have a Right to Privacy When Using Company Email?
Yes, to a certain extent. Although the corporate email system is owned by the employer, employees retain a certain degree of privacy, particularly if:
- the employer has not clearly prohibited private use; or
- monitoring has not been transparently announced.
How Can Employers Properly Introduce a Monitoring System?
Recommended steps include:
- Identifying a legitimate interest (e.g., protection of trade secrets);
- Conducting a data protection impact assessment (DPIA) where necessary;
- Adopting a clear and transparent internal policy accessible to employees;
- Informing employees before monitoring begins;
- Limiting monitoring to what is strictly necessary (principle of necessity and proportionality);
- Establishing clear procedures for data storage and protection.
What Does the Principle of Proportionality Mean in Practice?
Monitoring must pursue a legitimate objective and must not be broader than necessary. Less intrusive methods should always be considered first. For example, a less intrusive method may involve monitoring metadata (who sent an email, when, and to whom), while a more intrusive method involves accessing the actual content of messages. Mass and continuous monitoring without a concrete need may be unlawful.
What Are the Consequences of Unlawful Monitoring?
Unlawful monitoring may result in misdemeanor liability for the employer and responsible persons; monetary fines of up to 2 million RSD; employee lawsuits seeking damages; as well as reputational risks and deterioration of workplace trust.
Additionally, the admissibility of such evidence in court proceedings may be questioned. For example, if an employee is dismissed for breach of confidentiality, but the employer obtained evidence by unlawfully monitoring the employee’s emails (for instance, where the employee had not been properly informed that email content would be monitored), a court may consider such evidence inadmissible and declare the dismissal unlawful.
You can read more about the consequences of unlawful personal data processing in our blog: “Law on Personal Data Protection (LPDP) – 5 Dangerous Consequences of Non-Compliance.”
Conclusion
The permissibility of monitoring employee correspondence depends on the circumstances of each individual case and may only be implemented under specific conditions while strictly respecting the right to privacy. Employers planning to introduce monitoring systems must understand that such activities constitute processing of personal data. They must therefore comply with the principles of necessity and proportionality, clearly define internal rules, inform employees in advance, and ensure that monitoring measures are justified and limited. Only such an approach allows for a proper balance between legitimate business interests and the protection of employees’ fundamental rights.
