I was under the impression it WAS legal in Europe as well after being litigated to the Court of Human Rights[1]. The requirement is simply that they inform you ahead of time that they can (and will) monitor your email.
In the US there is usually a form you sign at your hiring that says you understand the company may monitor your email. It is couched in terms like "to ensure compliance with laws and company policy" but the actionable part is that they assert the right to monitor it and you agree to that (or you don't work for them).
Note that the ECHR has jurisdiction over the European Convention on Human Rights, which is attached to the Council of Europe, which is a pan-European organization that provides the "lower end" of protection in Europe. Even Russia is a member of the COE.
The EU, on top of requiring COE/ECHR membership provides additional protections under the EU Charter of Fundamental Rights. The highest court for EU law is the European Court of Justice, not the ECHR.
Then on top of that, a number of EU/EEA countries have much stricter rules, some are outlined in the article.
So it's technically right in that it is legal in signatories to the ECHR provided they are not covered by other, stricter rules via one of the other routes, and many are.
We're US based, and it's very explicit that we can and will do this if necessary. We state clearly to all employees that the computers and accounts we give them are not theirs and are subject to monitoring. Thankfully, it's almost never necessary.
Certainly illegal in Norway. Hell, I've heard stories of corporate networks up here that MITM all their computers for security monitoring, and where the admins routinely see evidence of searches for sketchy pornography, but can't legally do anything because this kind of surveillance of your employees is illegal.
This isn't exactly true. Employees do have a higher right of privacy even when using company resources than they do in the US, but monitoring is allowed within certain parameters, and that can include searching email or other "private" storage spaces.
Companies must still be able to comply with eDiscovery and data preservation requests from various police agencies (such as Økokrim), and these may be performed without informing individuals that it is happening.
>Compare that to our email, where I can go into anyone's messages immediately if need-be
The only opening for reading employees' communications that I can find by some quick googling, are (1) if there is good reason to believe that information contained there is required to keep the concern going or (2) if there is suspicion of serious dereliction of duties. And even then, there is a significant checklist required in order to do it legally. (Obviously, legal police requests can be fulfilled without necessarily alerting the owner).
My point being, this is a far cry from legally being able to go into anyone's communications immediately if need-be.
Are you aware of further openings than this, apart from the obvious in the case of a court-ordered request? I am basing this on the statement from Datatilsynet at https://www.datatilsynet.no/rettigheter-og-plikter/personver.... General monitoring would seem like a big no-no.
Datatilsynet's statement actually does give quite a bit of leeway, but I do agree that you can't just monitor without reasonable suspicion that the employee is acting improperly.
In the US there is usually a form you sign at your hiring that says you understand the company may monitor your email. It is couched in terms like "to ensure compliance with laws and company policy" but the actionable part is that they assert the right to monitor it and you agree to that (or you don't work for them).
[1] https://www.nytimes.com/2017/09/05/business/european-court-e...