Back to Insights

Turkish Constitutional Court Makes New Whatsapp Decision: Can Employers Monitor Employees’ Communication Tools?

18.03.2022

In an employment contract, an employer and employee have mutual rights and obligations. In line with these rights and obligations, the employer's authority to supervise the worker is among the rights deemed reasonable and necessary.[1] Inspecting and examining the content of employee communications made using tools supplied by employers are among the methods frequently used as evidence in workplace internal investigations, and termination proceedings or disputes brought to the judiciary. However, it is obvious that there are fundamental rights and freedoms at the other end of the scale in response to the employer’s actions, and that these actions must be carried out using certain criteria and with checks and balances.

In its decision dated 28 December 2021 published in the Official Gazette dated February 11, 2022, and numbered 31747, the Constitutional Court determined concrete criteria for keeping a fair balance in employer and employee interests regarding the inspection of employees’ communication tools. In the said decision, the Constitutional Court decided that an employee whose employment contract was terminated pursuant to subparagraph (b) of Article 25/II of the Labor Law due to WhatsApp correspondence violated the right to respect for private life and freedom of communication. This decision determined the concrete criteria required for the restriction of fundamental rights and freedoms and emphasized the general principles that an employer should pay attention to when processing personal data in order to control an employee's communication tools, the obligations regulated for the data controller, and the data processing conditions.

The Turkish Constitutional Court’s New Decision

In this decision (the Samet Ayyıldız Application), a manager at the applicant's workplace, who is a private company employee, somehow saw WhatsApp correspondence on a computer allocated to the applicant for his duties and read the content of the correspondence. Subsequently, based on insults and similar expressions made about the managers in the correspondence, the manager terminated the applicant’s employment contract in accordance with subparagraph (b) of Article 25/II of the Labor Law. In its evaluation, the Constitutional Court has clearly revealed under which conditions employees’ correspondence and content can be monitored on the tools allocated by an employer, taking into account the principles in national and international law.

The Constitutional Court evaluated the aforementioned event primarily on the basis of the right to demand the privacy of an individual’s private life and the protection of their personal data regulated in Article 20 of the Constitution, the freedom of communication regulated in Article 22 of the Constitution, and the provision that confidentiality is essential in this communication regardless of its content and form. In this regard, the Constitutional Court decided that even if an employer's authority and rights have an interest in controlling an employee's communication tools, this right is not unlimited. In addition, the court has emphasized that the management authority of an employer should be limited to the conduct of business in the workplace and the maintenance of the order and security of the workplace.

As a result, an employer's authority and rights are not unlimited, even if they have an interest in the matter. It has been stated that the fundamental rights and freedoms granted to workers, the freedom of communication and the right to respect for private life are also protected within the boundaries of the workplace, and at the same time, restrictive and mandatory workplace rules should not characterize the essence of the fundamental rights of the employees.[2].

The Constitutional Court also explained what guarantees the employer (third persons who interfere with the right) should provide to their employees in the concrete case. According to this:

  1. The employer must have legitimate justification for the examination of the communication tools and communication contents made available to the employee. It should be examined whether the employer's justifications are legitimate by considering the characteristics of the work and workplace. By distinguishing between the flow of communication and the examination of communication contents, more serious justifications should be sought in terms of examining the contents.
  2. In a democratic society, the process of controlling communication and processing personal data should be carried out in a transparent manner, and as a requirement of this, employees should be informed about the process in advance by the employer. This information should at least cover the legal basis and purposes of the control of the communication and the processing of personal data, the scope of the control and data processing, the period of storage of the data, the rights of the data owner, the results of the control and processing, and the possible beneficiaries of the data, to the extent that it fits the characteristics of the concrete case. In addition, the notification should include the limitations stipulated by the employer regarding the use of communication tools. There is no form requirement for this information, in order to ensure transparency, a suitable method can be preferred that allows individuals to be informed about the process of processing personal data and controlling communication within the scope specified above.
  3. The intervention made by the employer in the fundamental rights and freedoms of the employee must be related to the aim to be achieved and should be suitable for realizing this aim. In addition, the data obtained through the inspection activity must be used by the employer for the intended purpose.
  4. In order for the intervention made by the employer to be considered necessary, it should not be possible to achieve the same goal with a lighter intervention, and the intervention should be mandatory in terms of the aim to be achieved. Instead of entering the content of the employee's communication, it should be checked whether it is possible to implement the measures that involve less intervention. In order for the interference to be considered proportional, the data to be processed or used in any way by controlling the communication should be limited to the purpose to be achieved, and no restriction or interference beyond this purpose should be allowed.

In fact, the Constitutional Court's decision is in parallel with previous decisions; the E.Ü. decision [3] and the Bărbulescu v. Romania decision [4] dated 5 September 2020, or Libert v. France decision[5] given by the ECtHR in 2017. In the E.Ü. decision dated 17 September 2020, the Constitutional Court emphasized that an employer's intervention to the right to request the protection of employee personal data and freedom of communication should relate to the aim they wish to achieve and should be suitable for realizing this purpose. It also stated that the data obtained through an examination should be used by the employer in line with the targeted purpose.

Conclusion

Based on both the decision given by the Constitutional Court and the Libert and Bărbulescu decisions given by the ECtHR, we can say that even if employers have the authority to ensure the proper management of a workplace and have allocated the means of communication to employees, in the event that they are not informed about monitoring, employees will have a reasonable expectation that the communication tools will not interfere with their fundamental rights and freedoms. Therefore, auditing the communication tools and contents of employees without prior notification can be considered as an interference with fundamental rights and freedoms, and the personal data of employees obtained in these circumstances will constitute a violation of the law. Therefore companies/employers are advised to have robust compliance/legal checks to assess the balance and to comply with the Constitutional Court rulings to minimize data privacy risks in internal investigations.

SOURCES


[1] 9th Civil Chamber of the Supreme Court, Dated 13.12.2010, numbered 2009/447 and 2010/37516 Decision No 2010/37516.

[2] Constitutional Court, Samet Ayyıldız, App. No: 2018/34548, 28/12/2021, §38-40.

[3] Constitutional Court, “E.Ü.”. [GK], App. No: 2016/13010, 17/9/2020.

[4] European Court of Human Rights, Bărbulescu v. Romania, no. 61496/08, 5 September 2017.

[5] European Court of Human Rights, Libert v. France, no. 588/13, 22 February 2018.