Emails have become a vital part of everyday life in companies. And most companies at least tolerate it when members of staff use their business email accounts for private purposes; at least to a certain degree. But many companies are not aware of the legal consequences of this.
Email accounts provided by the employer make the employer a TC provider
Common jurisprudence assumes that an employer who provides an employee with an email account, puts themselves in an equivalent position to a TC provider. Thus they are subject to the same laws. In other words, the employer is forbidden from accessing the employee’s email account without written permission from the employee, and may be charged if they do; unless they are doing it to arrange holiday cover. Or if the person in question has left the company and information is urgently required. Incoming messages must also not be forwarded, and the account cannot be deleted. It becomes bizarre and counter-productive when you realise that: The employer is not permitted to filter spam and messages containing viruses.
One law stipulates what the other law forbids
But the current legal situation leads to even more bizarre blunders: For, on the one hand, companies are instructed to archive business mail in an audit-proof way. Emails are business mail – so long as they are not private emails. In order to fulfil the legally defined storage obligations, companies must save emails and store them so that they can be accessed at a future date. Yet there is a conflict of laws with the Telecommunications Law and the Data Protection Law: the employer is not authorised to do this. Even if the employer wishes to archive items selectively; they cannot take a look within an employee’s email account to differentiate between private and business mails.
Conflicting laws need revising
As such, there is an urgent need for the current legal situation to be addressed. It can be assumed that both employers and employees agree upon the operational necessities concerning illness cover, archiving etc. But those who want to stay on the safe side, should ask their employees to sign a declaration of consent that clearly states in which cases their email accounts may be accessed – and that they agree to archiving.