Social media takes many forms, including Facebook, LinkedIn, Twitter and other social networking sites, internet postings, chat rooms and blogs. The growing use of social media has transformed the way multi-national businesses operate and has raised important questions as to the boundaries of the employer-employee relationship. The extent to which an employer can use social media in recruitment as well as control an employee’s use of social media (both in and outside of the workplace), and the repercussions for employers and employees where social media is misused, can vary from country to country, but some common themes emerge.
While there are generally no prohibitions on an employer using social media to conduct pre-employment or other checks, employers should remain mindful that local laws may impose parameters for acceptable searches. At the very least, employers in any jurisdiction will need to have regard to data privacy principles and must not discriminate against individuals on the basis of information obtained.
In both Germany and Slovakia, pre-employment checks are likely to be permissible if made using business-related networks such as LinkedIn, but pose greater data privacy risks if made using social media platforms such as Facebook. In fact, a draft of the German Data Protection Act (first published in 2010) prohibited searches made using such “private” platforms. In the US, there have been numerous reports of employers going so far as to require applicants to provide their passwords so that prospective employers can view their private use of social media. This has (unsurprisingly) led to some state and local governments enacting laws prohibiting employers from: (i) requesting/requiring individuals to disclose user names and passwords or to log in to such accounts in the presence of their employer/prospective employer; and (ii) taking retaliatory action against anyone who refuses to comply with such request.
Case law in the UK has established that, even where an employee makes comments through social media outside of working hours, depending on the nature and severity of the comments made and the damage caused to the employment relationship and/or employer’s reputation, disciplinary action may be appropriate. This will be relevant where an employee makes negative comments about their employer, colleagues or customers/clients (whether they do so expressly by name or in such a way that the employer/ colleagues/customers/clients are readily identifiable). Employers will, however, need to undertake assessments as to severity and damage before taking any disciplinary action.
In Sweden, disciplinary action can be taken depending on: (i) the comments made; (ii) whether they are made in a private or public context; and (iii) whether they are made with the intention of harming the employer. Interestingly, a distinction is made between employees of public bodies and of private businesses. Public employees have a right to freedom of expression, provided they do not disclose confidential information, whereas private employees are bound by a duty of loyalty towards their employer (which is applicable both during and outside of working hours) requiring them to put their employer’s interests before their own.
In a recent Swedish case, the principal of a private school posted pictures with sexual content on his private Facebook page and participated in Facebook groups of a sexual nature, which the school’s owner argued damaged the school’s reputation. The court held that there was no evidence to show that his actions on Facebook impacted on his work or were in breach of any specific rules of the school, and the duty of loyalty was not breached. In another decision of the Swedish Labour Court, a police inspector who published information about criminal acts committed by policemen at work on a publicly available blog (which also displayed a police logo) was wrongfully terminated. It was held that these blog postings were made outside of his employment and were part of his freedom of expression, which right could freely be exercised by an individual employed by a public body (although, subject to applicable whistleblowing protection, the decision may have been different if it had been based upon a private employee’s duty of loyalty).
Under the Slovak Labor Code, employees have an obligation to avoid any conflict with the legitimate interests of their employer and to keep all work-related information confidential. Where an employee breaches these duties by making comments that may be harmful to the employer or its clients, whether such breach occurs in or outside of the workplace, an employer may take disciplinary action. Similarly, every Polish employee has an obligation of loyalty, requiring them to protect the goodwill of their employer. Employers in Romania may also take disciplinary action where the acts concerned are connected to the employee’s work and breach specific rules of conduct set out by statute, the employment contract or the employer’s internal regulations.
Outside of Europe, but in line with the European approach, the Tokyo District Court has in a recent decision held that an employee’s conduct outside of the workplace in his/her private life can be subject to disciplinary action if such conduct is closely related to the employee’s scope of work. In that particular case, a journalist criticised his employer on an online blog posting in which he named the well-known newspaper company for which he worked, identified himself as a journalist of that company and disclosed facts that he had obtained through his employment. Other recent reports of conduct warranting disciplinary action in Japan have included, for example, an online posting of a convenience store employee lying down inside the store’s freezers and the disclosure of clients’ private information including announcements on Twitter that a celebrity client would be visiting a particular hotel or restaurant at a specified time.
In response to steps taken by employers to source information through social media or to take disciplinary action, employees in European countries have argued that it is a breach of their rights to privacy and freedom of expression under the European Convention on Human Rights. The general position is that employees are entitled to an expectation of privacy. However, in circumstances where comments are made in a public forum such as on a Facebook page, blog, or in a private email to a friend with the suggestion that it be forwarded on, surely there is an argument that there cannot have been an expectation of privacy?
The French labour courts have held that social media such as Facebook should be considered to be a public space and an employee can be disciplined where their use of such media exceeds the limits of his/her freedom of expression.
In Germany, when considering statements made by employees on social media platforms, the German courts balance the employee’s right to freedom of opinion and privacy against the employer’s right to maintain its business interests and reputation. In general, private statements made by employees in chat rooms or online platforms which insult the employer or otherwise damage the employer’s reputation, may justify disciplinary action or immediate termination for cause. By way of example, the higher labour court of Hamm in Germany recently held that postings by an apprentice under the ‘employer’ section on his Facebook profile which used terms including “exploiter” or “oppressor” were unacceptable. Even though the employer was not mentioned by name, the employer was identifiable from the context of the statements. The local labour court of Duisburg has also found that status alerts on Facebook containing insulting comments about the employer or colleagues are not protected by the employee’s freedom of speech. It is irrelevant that such postings are not generally accessible to the public but can only be viewed by Facebook friends of the employee. Finally, the local labour court of Dessau-Roßlau has held that even pushing the ‘like’ button on Facebook in response to a statement made by a third party insulting the employer may justify disciplinary sanctions by the employer.
In addition to being concerned about any damage caused to its reputation, employers may also be concerned about being held vicariously liable for any acts of bullying/ discrimination carried out by their employees. Under the UK’s Equality Act 2010, any act done by a person “in the course of employment” is treated as also having been done by their employer, unless the employer can show that it took reasonable steps to prevent it. Likewise, under the Swedish Tort Liability Act and French law, an employer may be liable for the acts of its employees where the act is committed within the course of employment, and in Romania, an employer can be liable where an employee’s actions are carried out in connection with the employee’s duties. Under the Polish Labour Code, an employer can be vicariously liable where an employee’s acts or omissions took place while the employee was carrying out official duties connected with their employment. Pursuant to the Turkish Code of Obligations, employers have strict liability for the actions of their employees which result in damage to third parties during the course of employment, unless the employer can show that it took reasonable steps to prevent such damage. These pieces of legislation ultimately require a distinction to be made between an employee acting in a personal capacity and in an employment capacity, a distinction which can be difficult to make in practice.
Additional considerations and action may become necessary where confidential information, such as client contact details, is at stake, particularly upon the departure of an employee. By way of example, the ownership of contacts made through LinkedIn has been much debated in the English courts and it remains unresolved as to whether contact details obtained during the course of employment will remain the property of the employer on the departure of an employee. In order to mitigate such risk, employers are advised to incorporate into contracts of employment well drafted post-termination non-solicitation/non-dealing restrictions, obligations to delete and/or return all client contact lists and other confidential information, and, where an employee has access to a company LinkedIn or other social media account, an express obligation to release all login and password details on termination.
Training and policies
It is advisable for employers to train their employees on the proper use of social media from a work perspective and have clearly worded social media policies in place expressly restricting access to social media sites through the employer’s IT system and during working hours where appropriate, prohibiting derogatory remarks or any form of bullying, harassment or discrimination through social media, reserving an employer’s right to monitor employees’ use of email and internet (including access to social media sites) and take disciplinary action where appropriate. Any such policies will of course need to be in compliance with applicable law and have regard to an employee’s right to privacy. The Polish Inspector General for the Protection of Personal Data has emphasised that it is for an employer to regulate the use of social media in the workplace as it considers appropriate, provided it informs employees of relevant policies. However, it is a grey area in Poland as to whether such regulations can also be applied to the use of social media outside of the workplace as there is an argument that this could amount to a violation of privacy. An approach adopted by employers in Poland is to include in employment contracts an express duty on all employees to protect the employer’s goodwill at all times, both during and after working hours.
In the US, although adopting such policies is considered best practice, employers should be aware that certain online activities may be protected. For example, the National Labor Relations Act provides employees with a right to “engage in concerted activity for the purpose of collective bargaining or for other mutual aid and protection.” Online discussions regarding wages or working conditions may constitute protected “concerted activity” depending on the context and so any social media policies that could inhibit such discussions are illegal. Social media policies must therefore be narrowly-drawn to meet their particular purpose—e.g., prohibiting harassment or similar inappropriate or unlawful conduct, or the disclosure of confidential information—with examples given where possible. A similar approach exists in Japan where it is common for a company’s “work regulations” (shugyo-kisoku) to list grounds for disciplinary action as including acts of defamation against the company, breach of confidentiality and disturbing the company’s order.
In addition to social media policies, employers should keep whistleblowing and disciplinary and grievance policies updated and have confidentiality policies in place making clear what constitutes confidential information. In response to increasing concerns that employees’ use of social media could result in incidents or sensitive information leaking into the social media prior to the company’s management being informed, some employers are now going further and incorporating into employment contracts express ‘gagging’ provisions regarding company business, subject to applicable whistleblowing protection. Such ‘gagging’ provisions are intended to prevent a scenario whereby, for example, an incident occurs in the workplace and is filmed by employees and posted onto Facebook or YouTube before the company’s management is informed.
Monitoring employees’ use of social media raises further considerations for an employer as it will need to comply with a potentially wide range of legislation in the applicable jurisdiction. The UK has very strict legislation governing monitoring and in some jurisdictions, such as the Czech Republic, there is much debate as to whether monitoring breaches data privacy. The general position in Romania is that an employer may not monitor an employee’s use of social media but it may restrict access to certain websites as part of its IT policy. By comparison, under Turkish law, employers have the right to monitor the computers they provide to employees for work purposes and as part of this, the employer is also entitled to limit personal use of the internet.
A strict approach also exists in Slovakia, where an employer must: (i) have serious grounds for monitoring; (ii) discuss the scope, manner, and duration of the monitoring mechanism with the employee representatives prior to its introduction; and (iii) inform the employees prior to the launch of the monitoring. The general position is that an employer may check the time spent on the internet, the nature of the websites browsed and the date and time of the browsing, but is restricted from monitoring the content of the visited page, chat or email communication, even if sent from a work email address (name@company) as this would be considered an invasion of privacy under Slovak law. In a recent Slovakian case, an employee was dismissed for using the firm’s email for personal communication and for chatting with other co-workers for a considerable part of the working day. As the employer had instituted internal guidelines which included restrictions on the use of the internet and the employer’s right to monitor the employees, the court held that the dismissal was lawful. In another case, an employer dismissed an employee for spending a considerable amount of working time on Facebook. The employee argued that she used Facebook for professional purposes as it was a more effective means of communicating with contractors. As she was never warned by the employer about the extent of permitted use of the internet, the court held that the dismissal was unlawful.
In contrast to Slovakia, under French labour law, internet use during working hours is presumed to be for professional purposes and so an employer can have unrestricted access to an employee’s internet usage during working hours. According to French case law, an excessive use of social media during working hours can justify an employee’s dismissal. The French Supreme Court recently held that an employee who had made an excessive use of the internet for non-professional reasons during office hours had committed an act of gross misconduct justifying dismissal.
Broadly speaking, there is little legislation directly governing the use of social media in the workplace and it is seen as an area which employers should regulate through the use of policies. However, the increasing volume of case law in this area illustrates the way in which human rights, data privacy, whistleblowing and discrimination legislation impacts upon this issue. While employers may use social media to source information about employees, they must remain mindful of any parameters imposed by local laws. Employers are best advised to put in place clear social media policies, ensure employees are made aware of these policies and obtain written consent from employees to any monitoring. As technology transforms our work and personal lives, these policies shall need to be flexible and reviewed regularly to keep up with the ever-changing social media landscape.