Employee E-mail Privacy Still Unemployed: What the United States Can Learn from the United Kingdom

• Author: Ray Lewis
• Pages: 959-989

I would like to thank my family for its support and, most importantly, Professor John M. Church for his comments, editing, and guidance during the writing and production of this comment.

Laws and institutions must go hand in hand with the progress of the human mind. As that becomes more developed, more enlightened, as new discoveries are made . . . and opinions change with the change of circumstances, institutions must advance also, and keep pace with the times. We might as well require a man to wear still the coat which fitted him when a boy.

-Thomas Jefferson¹

I Introduction

One hundred and seventeen years ago, Samuel D. Warren and Louis D. Brandeis published an article titled The Right to Privacy, introducing the idea that "existing law affords a principle which may be invoked to protect the privacy of the individual from invasion."² The two contended that protection of the individual "is a principle as old as the common law" but "[p]olitical, social, and economic changes entail the recognition of new rights, and the common law . . . grows to meet the demands of society."³ The "growth" perceived by Warren and Brandeis was mankind's right to an "inviolate personality,"⁴ a right "to be let alone,"⁵ a right to privacy.

Allegedly, the stimulus for the article was Warren's recent marriage into a wealthy "blue blood" Bostonian family. Warren found that his marriage was accompanied by detailed reports of his family life in Boston's Saturday Evening Gazette.⁶ This naturally annoyed Warren, who conferred with Brandeis, resulting in The Right to Privacy.⁷ Beyond the personal experience of Warren, the two scholars identified urgent threats to privacy that had a broader effect on society as a whole:

Page 960

Recent inventions and business methods call attention to the next step which must be taken for the protection of the person . . . . Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of the private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the housetops."⁸

Ironically, Warren and Brandeis's nineteenth century apprehension for "recent inventions" and "business methods" is even more pertinent in the twenty-first century. In 1890, the two were concerned that photographic technology and yellow journalism would diminish "each individual['s] right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others."⁹ Today, individual autonomy is matched against new opponents: e-mail and electronic surveillance. In 1985, the Congressional Office of Technology Assessment reported that the "primary purpose of electronic surveillance is to monitor the behavior of individuals, including individual movements, actions, communications, [and] emotions . . . ."¹⁰ This new "business method" of electronic monitoring is capable of completely erasing an individual's right to privacy in his e-mails, thereby diminishing his ability to determine what aspects of his life remain private or public.

Computer technology and the Internet have reshaped and revolutionized the private-sector workplace unlike any technological advance since perhaps the Industrial Revolution. Unfortunately, this new technology developed into a double-edged sword. Although the Internet allows for faster communications and greater access to information, it poses an unparalleled threat to privacy rights. The Internet has spawned countless privacy issues; this comment focuses upon the lack of e-mail privacy afforded to an employee within corporate America.¹¹ Given that "e-mail remains the most prevalent online activity, with 87.8 percent of Page 961 Internet users sending and receiving e-mail,"¹² preserving the individual's right to control the extent to which these personal communications are disclosed is critical. Advances in technology and deficiencies within the law have created a work environment in which an employer can read, monitor, and store employee e- mails without ever being detected,¹³ without ever breaking the law, and with no regard to employee privacy. Frustrated commentators have labeled the current legal situation as creating "electronic sweatshops,"¹⁴ being "haystack[s] in a hurricane,"¹⁵ and as a legal "sleeping giant."¹⁶

Thomas Jefferson believed that the law should respond to the progression of the human mind.¹⁷ Regrettably, in the arena of electronic privacy, lawmakers in the United States have ignored his philosophy. The legal framework in the United States is antiquated and cannot adapt or adjust to the changes in society and Page 962 technology. The primary avenues through which an employee would hope to find e-mail privacy protections are tort law, federal law, or state law. Unfortunately, at every turn, the employee finds the road blocked because the law heavily favors the interests of the employer over the privacy rights of the employee.¹⁸ Common law remedies have an "expectation of privacy" requirement that insulates employers from liability.¹⁹ Applicable federal legislation, the Electronic Communications Privacy Act ("ECPA"), fails to protect the employee because it is confusing, poorly drafted, and riddled with holes and exceptions.²⁰ State constitutional protections rarely apply to private employers, and state statutes either parallel the flawed ECPA or are inapplicable to private employers.²¹ In essence, the privacy rights of employees vanish the moment they come in contact with their workplace or employer.

The condition of employee e-mail privacy protection in the United States is a gross injustice. When Warren and Brandeis perceived a problem in 1890, they called for and took the "next step" in protecting the individual. Presently, there is a problem in our electronic privacy law, and again it is necessary for the law to catch up to technology and to the needs of the people. Numerous scholars have approached this issue by engaging in comparative analysis between U.S. law and European versions, but comparative studies fall short of providing a solution to the problem. This comment proposes a solution by calling for the abandonment of the ECPA and the adoption of legislation that mirrors the provisions, ideas, and foundations of the electronic privacy law of the United Kingdom-the Data Protection Act ("DPA").

Part II of this comment explicates and analyzes the three paths an employee might utilize when attempting to redress an invasion of privacy, ultimately showing that the employee's right to privacy is unprotected at each level. Part III discusses the emergence of electronic monitoring in the workplace and the threat it poses to privacy. More importantly, Part III explores the U.S.'s conception of privacy that justifies a legal framework that sacrifices the privacy rights of the employee.

Page 963

Part IV presents the creation, safeguards, and provisions of the Data Protection Act. This section first charts the development of the DPA, focusing on the influence of the European Union's ("EU") Charter of Fundamental Human Rights and the EU Directive 95/46/EC, then outlines the DPA and its effects. Part IV also explains why adopting the DPA is the best road to take. In comparing the two bodies of law, the ECPA and the DPA, it is clear that at each level the protections provided under the UK law are more comprehensive than under applicable U.S. law.

II The Law: A Thin Veil At Best

Since Warren and Brandeis successfully presented their concept of a right to privacy, numerous legal methods of protecting this right have developed. For an employee seeking to remedy what he feels is an invasion of e-mail privacy in the workplace, there are generally three avenues of recovery. The first is found within common law tort principles. The second is the vastly more complex federal anti-wiretapping statute. Lastly, the individual states have statutory versions of the federal anti-wiretapping statute; for the most part these state statutes possess minor variations of federal guidelines and protections.

A The Common Law

Publication of Warren and Brandeis's article in 1890 was the advent of privacy tort law.²² The next step in the tort's evolution was William Prosser's 1964 article Privacy.²³ Prosser concluded that privacy was "not one tort, but a complex of four," described as follows: (1) intrusion upon the seclusion or solitude of another; (2) public disclosure of embarrassing facts; (3) placing another in a "false light" in the public eye; and (4) appropriation of another's name or likeness.²⁴ Each distinct tort attempts to recognize and protect a "substantial zone of freedom"²⁵ where an individual has Page 964 the "right to be let alone."²⁶ A majority of employee claims against an employer for e-mail monitoring involve the privacy tort of "unreasonable intrusion upon the seclusion of another."²⁷ Therefore, the primary focus remains upon this version of the common law remedy.

An employee's prima facie claim of intrusion has three elements: "(1) an intentional intrusion; (2) that is highly offensive; and (3) the employee had a reasonable expectation of privacy."²⁸ An "intrusion" is easily accomplished because it need not be...