After a heated debate over the law surrounding employers' rights to monitor company emails, hosted last month by the International Commissioner's Office, a final draft code is now being penned in a bid to simplify employers' positions.
Currently, seemingly contradictory laws include the Electronic Communications Act, which lets employers monitor employees' emails without their consent, and the Human Rights Act, which codifies a person's rights to privacy in the workplace and to private correspondence.
The conflict between an employee's right to privacy and an employer's right to 'spy' on company emails remains a contentious issue and, to make matters even more complicated, the law surrounding each area can be ambiguous and confusing.
The ICO's initial draft Internet and Email Usage Code, made available for debate at the end of June, offers employers a set of non-mandatory guidelines aimed at clarifying their legal position and ironing out contradictions in the current law. The ICO is an independent supervisory body for data protection.
"The code is similar to the Highway Code," said David Smith, the ICO's assistant information commissioner. "It lays down how employers should act under the law. Of course they may tackle the issues in different ways to our recommendations but must meet the [criteria] of the law."
But during the debate, some attendees criticised the draft, even the ICO's Smith branded the code "over-complex and difficult to follow".
"Some people felt the code was making the [existing] laws more complicated and that it may extend confusion," said Maitland Kalton, head of internet law firm Kaltons. He said the lack of publicity surrounding this area means employers don't know where they stand.
Surprisingly, even he as a lawyer recognised taking extra advice can lead to unnecessary costs. But ignorance of the law means most employers risk fines as well as complaints from employees.
On the whole, most people who attended the conference were in support of an employer's right to monitor email providing they had reasonable suspicion that the employee was acting illegally.
"We are in support of the code as it restricts the capacity of the employer, hopefully limiting [possible abuse]," said the Trade Union Congress' Hanna Reed. "But employers should not be allowed to snoop for monitoring purposes."
Others, such as Vivien Bowden, chair of the Confederation of British Industry's Data Protection Panel, believed the issue should be tracking emails and keeping good records, rather than monitoring. He said business needed to have a proper record of emails so that they could know what had taken place.
The draft code stresses employees should be notified if they are being snooped on. "People have to be told. There is no doubt about this, other than under exceptional circumstances," said ICO's David Smith.
But this runs against the Electronic Communications Act and the Regulation of Investigatory Powers Act. The grim Ripa, as the Act is less than affectionately known, gives government bodies the right to not only snoop on emails without consent but to demand encryption keys protecting those emails.
"The draft code is too narrow, limited only to employees and employees, and needs to include all casual workers," said the TUC's Reed.
The ICO agreed. "The scope of the draft will be extended to include all workers," said Smith. "The final version will also give guidelines on monitoring and employers will need to do an analysis of risks in every case [before snooping]."
The TUC also added that care needs to be taken when implementing the new policies.
The final draft, which will be available to all employers in August, will in theory now simplify the expectations of an employer under the law.
So it seems employees will have to be extremely cautious about what is written in work emails. But employers also need to handle the situation with care, or they could find themselves at the helm of a costly court battle for a breach of human rights. No one wants to be the test case in this muddle.