The HRA was enacted in October 2000. It incorporated into UK law the principles of the European Convention for the Protection of Human Rights and Fundamental Freedoms (the Convention). Most of the rights within the Convention are qualified, insofar as they are subject to limitations if the employer can show necessity to protect the rights and freedom of others. In particular, an employee could argue in a court or tribunal that the employer monitoring or tapping the employee’s work telephone or e-mail or Internet activity was a breach of her/his rights under the Convention.

Section 1 of the RIPA makes it unlawful to intentionally intercept communications over a public or private telecommunications network without lawful authority. Section 3 allows a defence if it can be reasonably believed that both parties consented to the interception. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (the Regulations) were issued under the powers of the RIPA and these allow employers to monitor employee communications where the employee has not given express consent, under only very specific conditions and for specified purposes.

Employers also have to take reasonable steps to inform employees that their communications might be intercepted. This means that employers must introduce Acceptable Use Policies that set out, for the employees, the right to monitor such communications.

The Information Commissioner published a Code of Practice called ‘The Use of Personal Data in Employer/Employee Relationships’. This code is more restrictive than the Regulations issued under the power of the RIPA. There will certainly be a series of court and tribunal cases over the next few years that deal with the conflicts between the HRA, the RIPA, and the Code.