Yapı Kredi Plaza, Levent İstanbul

The Legal Compliance Criteria of the Employer’s Employees Monitoring

The Legal Compliance Criteria of the Employer’s Employees Monitoring


It can be carried out by auditing the internet usages and e-mails of employees who are becoming more and more common in working life , to monitor their audio and video images through different tools in the workplace,   tapping workplace phones and  recording  interviews, and to monitor and surveillance of  employees at the workplace by other applications. In cases where communication is monitored, there will be an intervention towards freedom of communication as well as inclusion in the private living space due to interference with personal rights.

In fact, monitoring by employer is not a new practice, but it has become more controversial only with the emergence of new monitoring techniques.[1] For example, while employers determine how many keys typewriters press with the device called “cyclometer”[2], which was used even before 1913, today the employers can record which computer key and how much the worker touches, the errors he makes while using the keyboard, and even how fast he uses the keyboard.[3] Again, with a system to be set up at the workplace, the employer can check the e-mails of the workers and understand whether inappropriate materials have been uploaded to the computer. In addition to monitoring internet and e-mail access of the employees with similar methods, employers are also taking the path of blocking (filtering) this access.


The most common areas where employers establish their monitoring and surveillance practices in the workplace are the usage of the internet and email. Due to the fact that, as mentioned above, this communication has an important place today, as well as that it is much easier to monitor and surveillance the use of the internet and e-mail than the other communication methods, and that the necessary programs can be set up  in a short time in the workplace.[4]

As a result of the employee performing the work obligation under the management, supervision and governance of the employer and having the obligation to comply with the instructions, the employer has the authority to determine the rules governing the employee’s activity, working method, place, time and behavior in the workplace during the process of the work. [5]Accordingly, the employer may determine the usage of the tools and equipment provided by himself/herself. Since the computer and therefore the internet and e-mail system will be considered as workplace tools, it is the authority of the employer to regulate their usage, especially whether they can be used for special purposes or not.[6] Including explicit regulations regarding the special use of computers and the internet in the workplace will help to reduce the problems arising from private use between the employee and the employer and to solve them when problems arise. [7]Again, the intervention of monitoring and surveillance of employees within the scope of the employer’s right to management and supervision is examined in both the ECHR and Constitutional Court decisions and the criteria for evaluating compliance with the law are specified.

Copland v. UK, Appl No. 62617/00, judgement of 03/04/2007. The applicant, who started working as an assistant to the principal of Carmarthenshire College in 1995, has decided that the collection and storage of personal information belonging to the applicant obtained from phone calls, e-mails and internet use without his/ her knowledge is a violation of Article 8. In its Copland decision, the Court acknowledged that the storage of personal data related to the private life of individuals also falls within the scope of Article 8. Stating that as a result of the inspection made in terms of paragraph 2 of the Article, there is no regulation in the national legislation regarding the conduct of such wiretapping on the dates of the incident; concluded that the interference made was unlawful. In the Copland decision; The court reiterated that the reasonable expectation of privacy criterion, namely,an employee who has not been warned that the use of the internet, e-mail and phone may be the subject of surveillance will have a reasonable hold on the confidentiality of their communications.

Bărbulescu v. Romania, App. No. 61496/08, GC Judgment of 05 September 2017. The applicant has opened a Yahoo Messenger account that provides simultaneous messaging online at the request of the company where he worked as a sales engineer between 01.08.2004 and 06.08.2007. Just as he opened this account himself, his password was determined by him. According to the workplace working directive, it is forbidden to use tools such as computers, copiers, telephones and faxes allocated for office use in the applicant’s workplace for personal business. The applicant is aware of this directive and has signed that he knows its contents. However,  the workplace work directive does not include a clear provision that the communication of employees can be monitored by the employer.

The employer recorded the applicant’s internet communication via Yahoo Messenger for 9 days and invited him to make a statement regarding his alleged use of the internet for private and personal purposes during working hours. At this stage, it was not informed that the content of the communication was also monitored, and only traffic information was contented with.

After the applicant declared that he was using Yahoo Messenger only for business purposes, the employer pulled out a 45-page message transcript containing the conversations / correspondences he had with his fiancee and brother and put it forward by the applicant.These correspondences are of a personal nature and some of them contain very private information and statements.

The applicant applies to the court, requesting his return to work, compensation for the income he was deprived of, and non-pecuniary damages and trial expenses. At this point, the applicant also alleged that the manner of his dismissal (reading his intimate correspondences, allegedly reading and even announcing it to his colleagues) had been particularly harmful to him, that the employer’s monitoring of his communication was unlawful and violated the criminal law.

The Court of First Instance rejected the allegations of the applicant on the grounds that the employer’s savings were in accordance with the principle of transparency and within the framework of the workplace directive.

In the context of the moderation of the intervention (reading the employee’s correspondence), also implies that the purpose of the smooth running of the business cannot be achieved by any other measure other than the monitoring of the emoloyee’s correspondences, the Court of Appeal also referred to the principles of Directive 95/46/EC of the European Union on the protection of personal data, the court upheld the decision by concluding the conflict between employees’ right to privacy and the employer’s monitoring due to running the bussiness in the present case, in favor of the employer and approved the decision.

The applicant’s attempts under criminal law were also unsuccessful. Upon these developments, the applicant brought the matter to the ECHR.

General principles on the positive obligations of the state in ensuring respect for private life and communication in the context of working life specified by the ECHR on the relevant decision  (para. 121-122);

i) if there are measures taken by the employer to  governance and supervise the communication and other transmission of the employee, the implementation of these measures should be made in a clear and understandable manner regarding the justification, nature, scope and way of the audit and monitoring, and before the start of the monitoring and surveillance activity.

(ii) employer intervention should be demarcated within the employee’s reasonable expectation of privacy. In this context, a distinction should be made between following the flow of communication and how much of the content of the communication is monitored, attention should be paid to whether the monitoring activity is limited to a certain period of time, the number of people with access to monitoring results, and whether there are spatial boundaries.

(iii) as a result of the employee’s  supervision and access, legitimate grounds are required to justify interference with private life in order to monitor the employee’s communication.

(iv) it should be evaluated whether it is possible to establish another system based on methods that less interfering with the private life of the employee and measures to prevent direct and complete access to the content of the employee’s communication.

(v) the impact and results of the communication on the monitored employee (s) and whether the employer uses the results of the monitoring activity for legitimate purposes should be evaluated.

(vi) the employee must be provided with appropriate assurances regarding  an application path/ legal remedy that can apply before judicial bodies, where the monitoring and supervision criteria are legal or not can be audited.

The ECHR made its decision based on inadequacies in the way national courts handle the issue.  The ECHR Grand Chamber concluded that the national courts, which did not conduct examinations and evaluations within the scope of general principles, did not provide appropriate protection to the applicant’s right to respect for his private life and communication, and therefore could not strike a fair balance between the conflicting interests and that Article 8 of the Convention (especially Article 8 of the ECHR which regulates the right to privacy) had been violated. (sec.140-141)

The principles that dominate the law of personal data have been adopted by the ECHR and integrated into the case law in each right. Among these principles, the purpose for data collection must be specific and clear, legitimate, the later processing of the data to be compatible with the purpose of collection, the processing is not excessive and it is not kept longer than the purpose requires, the participation of those, whose data is collected, in the collection and processing of this data is specified as their right to rectification and objection, if necessary.

By the Constitutional Court; in the decision titledE.Ü Applicationdated 17.09.2020, regarding application numbered 2016/13010;

Although the communication tools allocated for the usage of the employee in the workplace belong to the employer, the employer does not have absolute and unlimited surveillance and supervision authority over to monitor and control the communication tools, the freedom of communication and the protection of personal data in a democratic society justifies respect for the fundamental rights and freedoms within the boundaries of the workplace. It emphasizes that restrictive and compulsory workplace rules cannot be in a way that would harm the essence of the fundamental rights of the employees.

The employer must have legitimate justifications for supervision of the communication tools and communication contents offered to the employee,

The process of controlling the employee’s communication and processing of personal data should be transparent and the employee should be informed comprehensively and in detail about this process, 

The data of the employees reached as a result of the employer’s audit should be used for as legitimate reasons and purposes as possible, and if the employer’s access to the employee’s communication content and data is limited for this purpose, the employer’s intervention can be considered proportionate,

The principles that the effect and consequences of the control and supervision of the employer over the employee’s communication on the employees should also be taken into consideration.

In the concrete case, the employer did not give a clear information that the communication made on the corporate e-mail account could be monitored and audited, again the purpose of the employee’s processing of personal data, its legal basis, the scope of the data to be processed, the storage and destruction policy, the rights of the employee as the data subject, the employer did not provide any information about the results of the processing and the possible beneficiaries of the data, the Court of First Instance did not discuss whether such information was made in the proceedings, the applicant himself did not make it clear, but the claims that the e-mail contents were unlawfully obtained without the employees consent and without information were not met, while the employee is not obliged to reach the e-mail contents in order to achieve his/her goal, this issue is not examined by the Court of First Instance and  should settle for the e-mail which is the personal data of the applicant employee with traffic information.It was decided that the applicant’s right to request the protection of his personal data (Constitution art.20) and freedom of communication (Constitution art.22) were violated, as it became clear that a careful judgment could not be made by the courts regarding constitutional guarantees due to the fact that all content was accessed and the use of these contents was not evaluated without discriminating against unnecessary content without any uncertain scope.

By the Constitutional Court; in the decision titledC.O.A Applicationdated 12.01.2021 regarding application numbered 2018/31036;

The basis for auditing and limiting the communication tools that the employer provides to its employees within the scope of management authority;

  • Conducting business effectively
  • Controlling the flow of information
  • Protection against criminal and legal liability against the actions of the employee
  • Measuring productivity
  • Reasons such as ensuring workplace order and safety are stated as justified and legitimate reasons.

In this decision, the  Constitutional Court referred to the“E.U.Application” dated 17.09.2020 for the application numbered 2016/13010,saying that the employer does not have absolute and unlimited surveillance and supervision authority over the means of communication, It is emphasized that the freedom of communication and protection of personal data of employees should be respected within the boundaries of the workplace in a democratic society, and that restrictive and mandatory workplace rules must not be in a way that undermines the fundamental rights of employees.

Again, the employer stated that the employer can choose an appropriate audit and processing method without any method restrictions as long as it is transparent when controlling the communication of employees and the communication tools allocated and processing the data of the employees and includes the criteria specified in its decision.

Prior information of employees about the legitimate justification, limitation, transparency and process in the process of employer supervision and personal data processing (legal basis, purpose, scope, conclusion, data subject’s rights, data retention period, who will share data with, etc.), employer intervention should be purposeful and convenient, as well as not achieving the purpose on the basis of concrete incident with another lighter intervention, proportionality, fair balance of the employer’s interests and constitutional rights of employees.


It is stated in supranational regulations and Turkish doctrine that if the employer is not informed about the monitoring and surveillance practices within the boundaries of the workplace within the scope of the right of management and supervision, the application will be illegal according to above-mentioned principles and criteria.

In this case, about the monitoring and surveillance applications of the employers as a workplace application, the communication tools and communication contents offered to their employees, at the latest when the employee-employer relationship is established between them, or if the application will be a workplace application later, before the established application,  the reasons, usage purposes, the boundaries of the supervision must be informed clearly, comprehensively and in detail about the supervision and personal data process and informed and clarified in writing by employer.

Otherwise, the employer who violates his obligations within the general principles such as the obligation to take all necessary precautions, the obligation to provide information and training, the obligation to organize, the obligation to inspect, the obligation of registration and notification, will be deemed to have misled the employee by providing incomplete and / or incorrect information about the essential points of the employment contract. Employees will be deemed to have interfered with their constitutional rights such as unlawful access to their personal contents without their consent and without their consent, demanding protection of personal data, privacy of private life and freedom of communication.

Because the employee  party  may request due diligence and measures by contacting the employer regarding the monitoring and surveillance application within the boundaries of the workplace on the belief that it is an interference with his/her private life,  personal data, freedom of communication, he/ she can avoid working if his/her request is not accepted, not properly clarified and the  violation is not resolved.  In this case, according to article 24/2 of the Labor Law a) if the employer misleads the worker by showing false qualifications or conditions or giving false information or saying words about one of the essential points of the employment contract at the establishment time of the contract or or if the employer misleads the worker by giving untrue information or making words, it will also give the employee the right to terminate immediately for a justified reason, in accordance with the mentioned article.


[1] Erdemir, Erkan / Celiktaş, Ilyas: “Workplace Monitoring from an Organizational and Legal Point of View: A Comparative Review,” Kazancı Hakemli Law Journal, 2006/19-20, p. 88.

[2] Yilmaz, Gözde: “The Effects of Electronic Performance Monitoring Systems on Employees and Businesses ” Istanbul Commercial University Journal of Social Sciences, Issue 7, 2005/1, p. 3. Monitoring and for historical development of surveillance applications at the country level, see: Young, Mark D.: ” Electronic Surveillance In An Era Of ModernTechnology And Evolving Threats To National Security,” Stanford Law & Policy Review, Vol. 22:1, (Online) http://ehis.ebscohost.com/ehost/pdfviewer/ pdfviewer?sid=7bde45ee-eef2-4fc0-b700-4357389b347f%40sessionmgr110&vid=1&hid=106, E. T. 19.03.2013, p. 12 et al.

[3] Mishra, Jitendra M. / Crampton Suzanne, “Employee Monitoring: privacy of the workplace?,” SAM Advanced Management Journal, Vol. 63, No:3. (Online) http://www.questia.com/library/1G1-21160636/employee-monitoring-privacy-in-the workplace, E. T. 19.03.2013.

[4] 93 Rogerson, Simon / Fairweather, Me: “Surveillance in the Workplace,” Ethicol IMIS Journal, Volume 8 No 3, (Online) http://ethics.ccsr.cse.dmu.ac.uk/ccsr/gateway/ethicol/ethicol-papers-1/vol-8-no-3-june surveillance-in-the-workplace-with-ben-fairweather, E. T. 23.05.2013.

[5] Süzek, Labor Law, 8. Edition, Beta Publication, Istanbul 2012 a.g.e., p. 75-76

[6] Kandemir, Murat: Teleworking in terms of Labor Law and Social Security Law, Legal

Publishing, Istanbul 2011, p. 140.

[7] Okur, Usage for Special Purpose , p. 53.