Who Owns Your Emails?
Unfortunately, a recent High Court decision indicates that you don’t. In fact it appears that no one does.
The facts of the case are unusual and there are probably very few cases in which it might be important to assert ownership of the information rather than for example the right to restrict to whom that information is disclosed.
The situation here was that a Dutch shipping company was subject to a hostile take-over and dispensed with its CEO after the take-over. The CEO was not an employee. He was in fact hired through his Jersey-based service company to provide his services as CEO under a contract which specified that Dutch courts had jurisdiction over any dispute arising under the contract.
The company subsequently found that it needed access to emails sent by and to the CEO in order to deal with a dispute with a Chinese shipyard over £30 million that were alleged to be due by the shipyard.
Unfortunately, the way the company’s systems were set up meant that all emails to the CEO were automatically forwarded to his own computer and (at least according to the company) automatically deleted from the company’s servers. Emails from the CEO were sent from his own system and never appeared on the company’s system at all.
In other words the only people with access to the email sent to or by the CEO were the people who sent the emails or received them and the CEO himself.
The company did not want to pursue any alleged breaches of contract, presumably because that would have had to be done in the Netherlands and under Dutch law. They were therefore left with trying to claim that they owned the emails themselves.
One might think that they obviously own the emails but as the judgment makes clear once you think about what that would mean, it is not that obvious an answer.
There are essentially 5 possible answers. Either
i) the sender owns the email;
ii) the receiver owns the email (by analogy with a letter);
iii) the sender owns the letter but grants a licence to the receiver to use the email for legitimate purposes;
iv) the receiver owns the letter but the sender has a licence to retain a copy and use it for legitimate purposes; or
v) ownership is shared between the sender and recipient (and therefore also between anyone to whom it is subsequently sent).
The judge rejected i) and ii) on the basis that if i) applied the sender would have the right to demand that any recipient no matter how far along the chain must delete the email and if ii) applied the recipient would have the right to demand that the sender delete its copy of the email and so on. In that case the only person entitled to the email would be the very last recipient.
As regards options iii) and iv) the judge considered that there was no point in either of those given that there would only be very rare circumstances where someone might legitimately want to prevent someone else from using an email sent to them and where they could not already rely on the law of confidence to do so.
The judge also rejected option v) on the basis that that would lead to absurd results as well. For example, anyone who sent you an email could on that basis demand access to your servers to see to whom you forwarded the email and that could apply to anyone no matter how many people stood between you and the original sender.
On that basis the judge rejected the company’s claim to a proprietary right to the emails. Essentially, there was no good reason for saying that anyone had a proprietary right in the emails apart from the fact that the company had no other avenue in English law in order to obtain the emails (or chose not to pursue them if it had). That was not good enough.
As set out above the facts in this case are unusual in that unlike most cases this was not about restricting disclosure or use of the contents of the emails. That could probably have been done by virtue of copyright and/or asserting the confidential nature of the information.
However the point I want to make in this article is not that we as lawyers can do wonderful things to get your emails back or stop people using them if we have to and I am therefore not going to go into what else could be done (if you do want to know more about that, feel free to give me a call).
I simply want to make the practical point that an awful lot of legal argument and expense could have been saved if the Dutch company had arranged their computer systems so that all important correspondence was sent through their server and saved securely.
How many of you know people who sometimes send emails about work on their own computer, phone or other device, probably using their own personal email? How many of you do that yourselves?
It is often tempting to allow staff to use their own devices – Bring Your Own Device is a big thing in IT, if only because it cuts down the business’s expenditure on IT equipment. If however the only copy of the vital email you need to prove your case is stored on the laptop or mobile phone of the employee who left 6 months ago, that saving may come back to bite you.
Your systems should be set up so that everyone uses your system – whether they access it on your equipment or their own – and that everything that passes through your system is saved to a location you control.
In addition it is a lot easier if you own the physical objects on which the information is stored. If that laptop belongs to you, you can insist on having it back when the employee leaves.
You should have a clear policy on IT equipment and usage and make sure that it is adhered to. Very often policies are drafted and then never looked at again or only dusted off every so often and renewed without anyone comparing them to what people are actually doing.
It is no good having a policy requiring everyone to only use a work email address for work issues if everyone one from the CEO on down routinely uses their mobile to send work emails, store their calendar, etc.
Your policy needs to reflect what is actually done or to put it another way –
Only put in your policy what you actually want to have done; and
Don’t allow people to act in ways that are not consistent with the policy.