The European Court of Human Rights (ECHR) said a firm that read a worker's Yahoo Messenger chats sent while he was at work was within its rights.
Judges said he had breached the company's rules and that his employer had a right to check on his activities. Such policies must also protect workers against unfettered snooping, they said.
The judges, sitting in the ECHR in Strasbourg, handed down their decision on Tuesday. It binds all countries that have ratified the European Convention on Human Rights, which includes Britain. The worker, an engineer in Romania, had hoped the court would rule that his employer had breached his right to confidential correspondence when it accessed his messages and subsequently sacked him in 2007. His employer had discovered that he was using Yahoo Messenger for personal contacts, as well as professional ones.
Because it believed it was accessing a work account, the judges said, the firm had not erred. They dismissed the man's request, saying that it was not "unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours".
The judges said: "The employer acted within its disciplinary powers since, as the domestic courts found, it had accessed the Yahoo Messenger account on the assumption that the information in question had been related to professional activities and that such access had therefore been legitimate. The court sees no reason to question these findings."
The man, named Bogdan Barbulescu, had already lost his case in Romania's domestic courts and appealed to the ECHR. He argued that his right to a private life had been breached when his employer had read a log of messages on a Yahoo Messenger account he had set up for work, as well as that from a second personal one.
Mr Barbulescu's employer had banned its staff from sending personal messages at work. To check his account, the judges said, it had been necessary for his employer to access his records. The judges said this was a proportionate step because the firm did not access other information stored on his work computer. And they added that Mr Barbulescu had had prior warning that the company could check his messages.
Despite claims about the second, personal account, the judges only discussed the work account in their ruling. The device used to send the messages was owned by the employer, and the judges did not elaborate on whether it would have made any difference if he had used a personal device. One of the eight judges disagreed with the decision, saying that a blanket ban on personal internet use was unacceptable.
Going forward, he added, all employers should clearly explain any rules that would allow them to check on their workers' online activities. "All employees should be notified personally of the said policy and consent to it explicitly," he wrote.
Lilian Edwards, a professor of internet law at Strathclyde University, said the judgment was in line with UK law and past cases. "In this case, the employers say clearly that you are not to use the internet for anything but work. "Although it is not popular, it is completely legal. "The employer seems to have played this by the book. She added that blanket bans on personal internet use at work were unreasonable because people retained the right to their own private life even while working.
That was particularly important, she said, as people worked longer hours. Sally Annereau, a data protection analyst at the law firm Taylor Wessing, said that UK law allowed proportionate checks on employees' communications. "This judgment underlines the importance of having appropriate and lawful employee-monitoring policies in place and making sure both that they are communicated to employees and that they are adhered to by the employer," she said.