By coincidence comes news of two cases addressing similar themes:
1. Copland v UK (link is to the Bailii version of the decision); this case was brought by a staff member at a further education college, arguing that the monitoring of her email and Web use was in violation of article 8 of the European Convention on Human Rights.
Some of the interesting questions addressed:
- What’s the status of email and website logging? According to the Court’s case-law, telephone calls from business premises are prima facie covered by the notions of “private life” and “correspondence” for the purposes of Article 8 § 1 (see Halford v UK, Amann v. Switzerland). It follows logically that e-mails sent from work should be similarly protected under Article 8, as should information derived from the monitoring of personal internet usage.  (full citations removed)
- How far do the general powers of a statutory body go? The Court is not convinced by the Government’s submission that the College was authorised under its statutory powers to do “anything necessary or expedient” for the purposes of providing higher and further education, and finds the argument unpersuasive 
Finally, I believe that the two paragraphs reproduced directly below (at 43/44 of the report) are of great interest in the context of data retention (information on the DRI case against the Irish government):
The Court recalls that the use of information relating to the date and length of telephone conversations and in particular the numbers dialled can give rise to an issue under Article 8 as such information constitutes an “integral element of the communications made by telephone” (see Malone v UK, § 84). The mere fact that these data may have been legitimately obtained by the College, in the form of telephone bills, is no bar to finding an interference with rights guaranteed under Article 8 (ibid). Moreover, storing of personal data relating to the private life of an individual also falls within the application of Article 8(1) (see Amann v Switzerland, § 65). Thus, it is irrelevant that the data held by the college were not disclosed or used against the applicant in disciplinary or other proceedings.
Accordingly, the Court considers that the collection and storage of personal information relating to the applicant’s telephone, as well as to her e-mail and internet usage, without her knowledge, amounted to an interference with her right to respect for her private life and correspondence within the meaning of Article 8.
2. US v Barrows (via Findlaw). Very interesting one here – employee brings his own machine to work, networks it, doesn’t put serious password protection etc on it – and thus has no reasonable expectation of privacy, meaning in this case that a particular search of it is valid and his conviction (child pornography-related) stands. Whlie obviously the particular circumstances here are not especially compelling, I’m troubled by the idea that failure to ramp up your encryption can diminish your privacy arguments, when expressed towards Government action (I can understand it in the context of media privacy).