Case Background
In many workplaces, productivity thrives under the hum of employee-issued laptops. However, nearly everyone has developed the habit of linking their social media accounts to these devices, seamlessly weaving private chats into the flow of the workday.
Unbeknownst to many, this small act cracks open a door that should never be ajar. Personal messages, cherished photos, and snippets of intimate moments bleed into a system that is not entirely theirs. Thus, the security systems meant to protect work assets could, inadvertently or intentionally, catalog deeply personal content. All of it floats in the ether of company oversight, blurring the line between where your professional persona ends and where your personal sanctuary begins.
The recent judgment by the Employment and Labour Relations Court in the case of Musa & Another v Makini Schools Limited[1] centers on a clash between an employee’s right to privacy and an employer's effort to maintain organizational integrity. Japhar Nanjira Musa, a dedicated educator and union shop steward, found himself accused of gross misconduct for allegedly conspiring with a colleague, Silas Wafula, to leak sensitive information. The tipping point of the accusations was the revelation of private WhatsApp conversations, retrieved by the school from Wafula’s company-issued laptop. The fallout led to Musa’s suspension and eventual termination following a disciplinary hearing. But was the dismissal justified? Did the employer breach Musa’s right to privacy by accessing these private communications? This is just another case where the sanctity of privacy clashes with the realities of workplace surveillance. The Employment and Labour Relations Court dove deep into Kenya's constitutional and statutory frameworks, seeking to balance an employee’s right to privacy with an employer’s right to investigate misconduct.
Key Arguments and the Question of Privacy
Musa and the second claimant argued that the WhatsApp evidence used against him was illegally obtained and thus inadmissible. They cited constitutional provisions under Article 31,[2] protecting an individual's right to privacy, including their private communications. The retrieval of the messages from Wafula’s company-issued laptop was deemed a violation of both Musa's privacy rights and those of Wafula. They argued that WhatsApp messages are encrypted and considered personal, even when accessed from an organizational device.
The employer justified accessing the messages as a necessary measure to protect organizational interests. The work laptop was company property, and any data on it, including WhatsApp messages, was considered accessible for investigations into suspected misconduct. Citing public interest and the employer's duty to maintain confidentiality, the Respondent emphasized that Musa’s actions had significant implications for the school’s reputation.
Court’s Analysis and Decision
In its judgment, the court carefully dissected the breach of privacy claim, referencing both constitutional principles and employment law precedents. While Article 31 of the Constitution guarantees privacy, the court affirmed that this right is not absolute. Similarly, Section 6(1)(d) of the Access to Information Act puts limitation to the right to access information where it involves unwarranted invasion of privacy.[3] It was the court’s opinion that the said WhatsApp messages were stored on a company-owned device, and therefore, Musa could not reasonably claim an expectation of privacy over them. The school had reasonable cause to investigate allegations of sabotage and defamation. The messages, retrieved from a company device, fell under an exception where an employer's interest in protecting its business outweighed an employee’s expectation of privacy. Employers have a legitimate interest in monitoring company-issued devices, provided the monitoring is proportionate and justified. The Court relied on the GJK v. KPMG Advisory Services[4] and Peter Appollo Ochieng’ vs. Instarect Ltd[5] to affirm this principle.
Implications of the Judgement
The judgment exposes critical gaps in policies governing workplace surveillance. Kenya’s Access to Information Act and constitutional provisions on privacy provide protections, but workplace surveillance operates in a regulatory gray area. Clearer legislative frameworks are necessary to outline how and when employers may monitor communications, what constitutes valid oversight and safeguards to prevent abuse. Further, the judgment that a company-issued device belongs to the employer raises concerns about data ownership. Can a company assert rights over personal communications accessed via their devices? Future legislation must define these boundaries to prevent misuse.
Moreover, employers implementing surveillance, justified or not, risk fostering distrust among their workforce.[6] The case demonstrates that even when surveillance is lawful, its perception may erode goodwill. Employees might feel compelled to disengage, self-censor, or avoid using workplace devices, impacting their productivity and innovation.[7] On the other hand, overreach could create a hostile work environment, where employees fear unjust scrutiny. Clear policies around monitoring can mitigate this by ensuring employees are aware of the scope of oversight and by limiting investigations to proportionate cases of misconduct.
Lastly, the rise of AI-driven tools capable of monitoring activity on company-issued devices will also exacerbate privacy concerns. Future workplace surveillance might go beyond accessing specific apps like WhatsApp to tracking keystrokes, analyzing browsing patterns, or even monitoring employee biometrics.
Conclusion
In a nutshell, using an employer-issued laptop for personal activities is like leaving the door to your private life slightly ajar, inviting scrutiny from those it doesn’t concern. While the convenience may seem harmless, the risks are significant. Companies retain the right to monitor activity on their devices, meaning every keystroke, message, or photo stored on your work laptop could become fair game for oversight. Even if the content is benign, the mere association with company systems could misrepresent your intentions and cast unnecessary suspicion. Worse yet, the intimate details of your private life could end up in places they were never meant to be. To avoid this precarious intersection, reserve employer devices for professional use only. Refrain from sending non-work-related emails or using these tools for private communication. Instead, rely on your personal devices to maintain control over what stays personal. Employers must also recognize that with great technological power comes significant responsibility. They must implement oversight mechanisms sparingly and transparently. The line between privacy and oversight is thinner than it seems, be mindful of where you choose to stand!
Written by:
Dexter Adaki.
Trainee Advocate.
[1] Musa & Another v Makini Schools Limited (Cause E815 of 2022).
[2] Constitution of Kenya 2010.
[3] Access to Information Act 2016, Laws of Kenya
[4] GJK v KPMG Advisory Services [2017] eKLR.
[5] Peter Appollo Ochieng’ v Instarect Ltd [2017] eKLR.
[6] Kristie Ball, ‘Workplace Surveillance: An Overview’ (2010) 51(1) Labor History
[7] Kristie Ball, ‘Workplace Surveillance: An Overview’ (2010) 51(1) Labor History