With the law of privacy in social media communications evolving, the one constant take-away from court cases looking at social media use and monitoring in the workplace is a reliance on fact-dependent judicial decision making. Even through there is not yet a clear legal standard upon which to judge an employer’s actions, or even a seminal line of cases, what is apparent is a judiciary willing to dig into the facts of a case and fashion remedies that seem objectively fair based upon an employee’s expectation of privacy. This continues to reinforce the need to develop clear social media policy and then to communicate, train and give examples of what is expected and how the employer will enforce its expectations.
A recent example is the U.S. District Court for the District of New Jersey’s decision in Ehling v. Monmouth Ocean Hosp. Serv. Corp., D.N.J., motion to dismiss granted in part and denied in part 5/30/12, where an employee stated a claim that survived a motion to dismiss for invasion of privacy based on a supervisor's access to the contents of her “friends-only” Facebook page. This access was gained through one of the employee's Facebook friends who felt compelled by the employer to grant “friend access.” The claim was based upon a theory of invasion of privacy under New Jersey common law. The fact-based decision making adopted by the court made the claim unable to be resolved on a motion to dismiss.
What makes the case interesting is that the electronic communications were not publicly accessible, but not entirely private either – as any user of Facebook knows, posts are public but only to “friends.” The court noted, “what is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.” The court examined what is a reasonable expectation of an employee when it comes to social media privacy, “Privacy in social networking is an emerging, but underdeveloped, area of case law[,]” the court said.
Some cases set no reasonable expectation of privacy for material posted on the public internet, United States v. Gines-Perez, 214 F. Supp.2d 205 (D.P.R. 2002); Yath v. Fairview Clinics NP, 767 N.W.2d 34 (Minn. Ct. App. 2009) (MySpace posting, even to only a handful of authorized “friends,” was “public” for purposes of an invasion of privacy claim based on the publication of private facts.) Others find a privacy expectation, such as Pure Power Boot Camp Inc. v. Warrior Fitness Boot Camp LLC, 587 F. Supp.2d 548 (S.D.N.Y. 2008), finding a reasonable expectation of privacy in personal, password-protected email stored on a third-party server, even though the employee accessed the server while at work.
Understanding that the law of privacy and social media in the workplace is fluid, many courts, such as Ehling here, are refusing to dismiss as a matter of law privacy claims and instead are sending the issues to a jury to determine the reasonableness of the expectation of privacy, “Plaintiff may have had a reasonable expectation that her Facebook posting would remain private, considering that she actively took steps to protect her Facebook page from public viewing[,]” the court held.