Robert Jones (an employed Barrister at a law firm) has made a claim for breaching data protection laws, alleging that the firm accessed his personal emails over a period of several months.

This article looks into the facts of this case and give an explanation of the law in this area.


Mr Jones was an employed barrister at a law firm called Lexlaw. During his employment, he and a colleague exchanged messages (about kinky sex), detailing their preferences. There was an incident when he spanked this colleague over a desk at work. No immediate action was taken. Months later, Mr Jones got into a salary dispute with Lexlaw and resigned. When he refused to reconsider his resignation, Lexlaw suspended him for the spanking incident (an employee can be suspended during their notice period). Mr Jones resigned and took legal action against Lexlaw, alleging (among other things) that they had breached data protection laws by monitoring his emails.

Mr Jones said:

‘I had a consensual BDSM relationship with another employee, which included one brief incident in private on work premises months before the disciplinary. I was appalled to find out that my employer was monitoring my personal communications over a period of months and the ICO have confirmed that this is unlikely to have complied with the requirements of the Data Protection Act.’ 

Looking at the law

Under the new GDPR regime, employers must make it crystal clear to workers (1) how they might be monitored; and (2) why. They must have done an assessment ensuring the reasons are both justifiable and proportionate, which have legal definitions. Typically, employers deal with this by having a data policy.

The GDPR (the new piece of legislation that supersedes the Data Protection Act 1998) sets out rules about when monitoring should be carried out. For example it can be justified as necessary for someone’s ‘legitimate interests’ (when balanced against the rights and freedom that an individual has a right to expect).

This could mean recording retail workers at work to discourage shoplifting. In the context of employees’ emails, this means that mean monitoring to detect fraud, or for quality control. But it’s hard to see how this would apply to this employee. Few law firms see the need to delve into employee’s emails routinely. So this wouldn’t be justified. But if they do need to look into historic emails, for example to investigate a client complaint, then it would be acceptable to use anything incriminating that was found.

The hearing is set for 16 July 2018. It will be fascinating to see whether the law firm is judged to have breached data protection laws, and if so we expect the result to be far more than the few hundred pounds normally awarded, since these emails were of such an intimate nature.

By Aneesha Ali-Khan

Image used under CC courtesy of Dennis van der Heijden