Can Irish employers monitor employee emails and internet use?

Irish employers may monitor employee emails and internet use, but only to the extent that such monitoring is proportionate, transparent, and compliant with GDPR and the Data Protection Act 2018. The WRC Code of Practice for Employers and Employees on the Right to Disconnect (2021) and the DPC's guidance on workplace monitoring emphasise that employees must be clearly informed (in a policy or privacy notice) of the fact and scope of monitoring before it takes place. Covert monitoring is generally disproportionate and unlawful unless there are specific, documented grounds of suspected serious wrongdoing. Any monitoring must be limited to what is strictly necessary — bulk scanning of all employee emails without any reasonable justification is unlikely to be proportionate. The employer's legitimate interests (protecting confidential information, ensuring network security, preventing harassment) must be balanced against the employee's reasonable expectation of privacy.

What is the Right to Disconnect and how does it affect Irish email policies?

The Code of Practice for Employers and Employees on the Right to Disconnect was published by the WRC in April 2021 under the Industrial Relations (Miscellaneous Provisions) Act 2004. The Code recognises employees' right not to routinely perform work outside their normal working hours and not to be penalised for doing so. The Code requires employers to have a Right to Disconnect policy that addresses: the hours during which employees are expected to be contactable by email or phone; whether employees are expected to respond to out-of-hours emails; how the employer will monitor compliance; and what measures are in place for employees who feel pressured to work outside their normal hours. While the Code is not legally binding in isolation, the WRC takes it into account when adjudicating on working time and unfair dismissal claims. An internet and email policy should include a Right to Disconnect section consistent with the Code.

Can an employer read employees' personal emails on work devices in Ireland?

An Irish employer has very limited rights to access employees' personal emails, even on work devices. The GDPR and the Data Protection Act 2018 protect personal communications — accessing personal emails without the employee's consent and without a lawful basis for processing would constitute unlawful processing of personal data. The DPC has issued guidance indicating that employers should not access personal email accounts of employees, even if accessed on a work device, without clear written policy notification and a proportionate business reason. An internet and email policy should clearly state whether use of personal email accounts on work devices is permitted, and what monitoring (if any) extends to personal email traffic. The European Court of Human Rights (Article 8 ECHR — right to respect for private and family life) has consistently held that employees retain a reasonable expectation of privacy in workplace communications, including personal emails.

What are the GDPR requirements for an employee email monitoring policy in Ireland?

Under GDPR and the Data Protection Act 2018, an Irish employer who monitors employee emails must: (1) identify a lawful basis for processing (usually legitimate interests under Article 6(1)(f) GDPR, after a legitimate interests assessment (LIA)); (2) provide clear, specific, and accessible information to employees about the monitoring in the employer's privacy notice and internet/email policy (transparency obligation under Articles 13–14 GDPR); (3) require that monitoring is limited to what is necessary for the stated purposes (data minimisation under Article 5(1)(c)); (4) retain monitoring data only as long as necessary (storage limitation under Article 5(1)(e)); (5) implement appropriate technical and organisational security measures to protect monitoring data; and (6) carry out a Data Protection Impact Assessment (DPIA) under Article 35 GDPR if the monitoring is likely to result in high risk to employees' privacy rights — systematic monitoring of all employee communications would typically require a DPIA. The Data Protection Commission (DPC) has issued guidance on workplace monitoring.

Do I need a lawyer to create a Internet and Email Policy (Ireland) in Ireland?

A Internet and Email Policy (Ireland) does not legally require a lawyer in Ireland, and individuals and businesses may draft and execute the document independently. The Companies Act 2014 does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified Ireland lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The High Court of Ireland has jurisdiction over disputes arising from this type of document, and Companies Registration Office (CRO) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.

Internet and Email Policy (Ireland)

Workplace Internet and Email Acceptable Use Policy — GDPR and WRC Right to Disconnect

INTERNET AND EMAIL ACCEPTABLE USE POLICY

[Organisation Name] | Effective: [Policy Date] | Review: [Review Date]

Policy Owner: [Policy Owner]

1. PURPOSE AND SCOPE

This Policy sets out the rules governing the use of internet, email, and other electronic communications systems provided by [Organisation Name], of [Organisation Address] (the "Organisation"), to its employees, contractors, and other workers. It applies to all use of the Organisation's IT systems and networks, whether accessed in the workplace or remotely.

This Policy is issued in accordance with: the GDPR and the Data Protection Act 2018; the Safety, Health and Welfare at Work Act 2005; the WRC Code of Practice for Employers and Employees on the Right to Disconnect (2021); and the Employment Equality Acts 1998–2015.

2. ACCEPTABLE USE

3. PROHIBITED USE

The following uses of the Organisation's internet, email, and electronic communications systems are strictly prohibited:

(a) Accessing, downloading, storing, or distributing material that is illegal, offensive, discriminatory, pornographic, or in breach of any person's rights under the Employment Equality Acts 1998–2015;

(b) Sending emails or messages that are harassing, threatening, defamatory, discriminatory, or contrary to the Organisation's dignity at work policy;

(c) Disclosing or transmitting confidential business information, personal data, or trade secrets to unauthorised parties, in breach of the GDPR, the Data Protection Act 2018, or the Organisation's confidentiality obligations;

(d) Downloading or installing unauthorised software or applications on company systems;

(e) Using the Organisation's systems for commercial activity, gambling, or political campaigning;

(f) Attempting to access systems or data without authorisation (computer misuse), contrary to the Criminal Justice (Offences Relating to Information Systems) Act 2017;

(g) Any other use that violates Irish law or the Organisation's other policies.

4. MONITORING

5. RIGHT TO DISCONNECT

In accordance with the WRC Code of Practice for Employers and Employees on the Right to Disconnect (2021), the Organisation recognises employees' right not to routinely perform work outside their normal working hours and not to be penalised for doing so.

Core hours: [Core Hours]. Out-of-hours email policy: [Out Of Hours Expectation]. Employees will not be penalised, directly or indirectly, for not responding to emails or calls outside their normal working hours, subject to any exceptional circumstances agreed with their manager.

6. BREACH AND DISCIPLINARY ACTION

Breach of this Policy may result in disciplinary action under the Organisation's Disciplinary Procedure: [Disciplinary Consequences]. Breaches that constitute criminal offences will be referred to An Garda Síochána.

7. ACKNOWLEDGEMENT

By signing below, I confirm that I have read, understood, and agree to comply with this Internet and Email Acceptable Use Policy.

Employee

________________

Signature

Date: ________________

HR Representative

________________

Signature

Date: ________________

Maintained by Vladislav Sergienko, Founder·Template last modified: 2026-06-23·Report an error

What Is a Internet and Email Policy (Ireland)?

An Internet and Email Policy in Ireland sets out the standards, responsibilities, and procedures the organisation expects everyone to follow, and is governed by the Companies Act 2014.

The legal framework governing the Internet and Email Policy (Ireland) in Ireland draws on several key statutes and regulatory bodies. Under the Companies Act 2014, the Companies Registration Office (CRO) maintains the register of Irish companies. Section 343 of the Companies Act 2014 sets annual confirmation obligations. The Competition and Consumer Protection Commission (CCPC) enforces the Consumer Rights Act 2022. The Central Bank of Ireland regulates financial services under the Central Bank Act 1971. The High Court of Ireland has jurisdiction under Section 212 of the Companies Act 2014. Parties executing a Internet and Email Policy (Ireland) in Ireland should confirm the document reflects current Irish law, including any amendments enacted since the original drafting date. The Companies Act 2014 sets the foundational requirements, while secondary legislation and statutory instruments may impose additional obligations depending on the specific circumstances of the transaction.

When Do You Need a Internet and Email Policy (Ireland)?

A Internet and Email Policy is needed whenever parties in Ireland wish to formalize their arrangement regarding business operations, corporate governance, and commercial transactions. There are numerous situations in which this document becomes essential for protecting the interests of all involved parties. In a business context, you may need a Internet and Email Policy when entering into new commercial relationships, when formalizing existing arrangements that have previously been informal, when expanding your business operations, or when restructuring existing agreements. Companies registered with CRO should confirm proper documentation is maintained for all significant business transactions. You should also consider using a Internet and Email Policy when there has been a change in circumstances that affects an existing arrangement, when you need to comply with new regulatory requirements, when you wish to update outdated documentation, or when professional advisors recommend formalizing certain aspects of your affairs. In Ireland, maintaining current and accurate legal documentation is considered established standards and can help prevent costly disputes. It is generally advisable to prepare a Internet and Email Policy before any issues arise, rather than trying to document terms after a dispute has already begun. Proactive documentation provides clarity and reduces the potential for misunderstandings. If you are unsure whether you need this document for your specific situation in Ireland, consulting with a qualified legal professional can provide guidance tailored to your circumstances. The timing of executing a Internet and Email Policy is also important. In Ireland, certain documents must be executed before specific actions are taken or within prescribed time periods to be effective. Delaying the preparation of necessary legal documents can result in complications, lost rights, or additional costs. Therefore, it is recommended to prepare this document as early as possible once the need has been identified.

What to Include in Your Internet and Email Policy (Ireland)

A well-drafted Internet and Email Policy for use in Ireland should contain several essential elements to confirm it is legally effective and provides adequate protection for all parties. Party Identification: The document should clearly identify all parties involved, including their full legal names, addresses, and relevant identification numbers. For individuals in Ireland, this may include identity card or passport numbers. For companies, registration numbers and registered addresses should be specified. Clear identification prevents disputes about who is bound by the agreement. Recitals and Background: The document should include background information explaining the context and purpose of the arrangement. This helps establish the parties' intentions and can be important in interpreting the terms of the document if any ambiguity arises later. The recitals section provides valuable context for the operative provisions that follow. Operative Terms: The core terms and conditions should be set out clearly and thoroughly. This includes the rights and obligations of each party, any conditions or prerequisites, the duration of the arrangement, and any limitations or restrictions. All key terms should be defined precisely to avoid ambiguity and potential disputes. Payment and Financial Terms: Where applicable, the document should specify any payments, fees, deposits, or other financial considerations. The amounts, currency (EUR), payment schedules, and methods of payment should be clearly stated. Any provisions for late payment, interest charges, or adjustments should also be included. Term and Termination: The document should specify its duration, including the start date, end date or conditions for expiry, and any provisions for renewal or extension. The circumstances under which either party may terminate the arrangement early should be clearly defined, along with any notice requirements and the consequences of termination. Dispute Resolution: The document should include provisions for resolving any disputes that may arise, such as negotiation, mediation, arbitration, or litigation. In Ireland, parties may choose to specify the jurisdiction of Irish courts and the applicable law. Including a clear dispute resolution mechanism can save significant time and expense if disagreements occur. Governing Law and Jurisdiction: The document should specify that it is governed by the laws of Ireland and that disputes shall be subject to the jurisdiction of Irish courts. This is particularly important in cross-border transactions or where parties are based in different jurisdictions. Signatures and Execution: The document must be properly signed by all parties or their authorised representatives. In Ireland, certain documents may need to be witnessed, notarised, or executed as deeds to be legally effective. The date of execution should be clearly recorded, and each party should retain an original signed copy for their records. The forms-legal.com Internet and Email Policy (Ireland) template covers the mandatory elements under Companies Act 2014.

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). Internet and Email Policy (Ireland) (Ireland) [Legal document template]. Forms Legal. https://forms-legal.com/ireland/business/policies/internet-email-policy-ireland

MLA

"Internet and Email Policy (Ireland) (Ireland)." Forms Legal, 2026, https://forms-legal.com/ireland/business/policies/internet-email-policy-ireland.

BibTeX

@misc{formslegal-internet-email-policy-ireland,
  author       = {{Forms Legal}},
  title        = {Internet and Email Policy (Ireland) (Ireland)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/ireland/business/policies/internet-email-policy-ireland}},
  note         = {Free legal document template. Based on Companies Act 2014}
}

Also available for these jurisdictions:

Hong Kong

New Zealand

United Kingdom

Frequently Asked Questions

Based on Companies Act 2014 — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know