Social Media in Action in Employment
Chapter Authors
United States
Eugene K. Connors, Partner –econnors@reedsmith.com
Sara A. Begley, Partner – sbegley@reedsmith.com
Casey S. Ryan, Partner – cryan@reedsmith.com
Samantha M. Clancy, Associate – sclancy@reedsmith.com
Kimberly A. Craver, Associate – kcraver@reedsmith.com
Amber M. Spataro, Associate – aspataro@reedsmith.com
United Kingdom
Laurence G. Rees, Partner – lrees@reedsmith.com
Carl De Cicco, Associate – cdecicco@reedsmith.com
France
Nicolas C. Sauvage, Partner – nsauvage@reedsmith.com
Nathalie Marchand, Associate – nmarchand@reedsmith.com
Michaela L. McCormack, Legal Counsel – mmcormack@reedsmith.com
Introduction
With apologies to Will Shakespeare, quite the networker himself in Elizabethan times, to net or not to net is NOT the question. Because networking is virtually pandemic these days, the real question is not whether, but where, when and in what ways, should we net with each other to achieve networking benefits and avoid its misuses. Because most networkers are employees, the follow-up question, addressed here, is how far can and should employers go to “guide” and “monitor” employee networking “choices,” and work to prevent and reduce the broad and ever-growing scope of problems and liability arising from the use of social media in the employment context.
Recent surveys have found that approximately 60 percent of employees either do not know if their employer has a social media use policy or believe that their employer does not.[1] A Deloitte LLP study found that 74 percent of employees surveyed agree that it is easy to damage a company’s reputation on social media.[2] By June 2009, the number of employers who had terminated an employee for conduct related to his/her use of a social media site doubled to 8 percent, compared with only 4 percent in 2008.[3]
While there is currently no specific statute codifying the law regarding use of social media in the employment arena, employers should look to their current electronic use policies, as well as to the laws and guidance developed over the past several years regarding best practices for company and employee use of electronic media involving email, Internet, BlackBerry, other PDA and cell phones, and confirm that the policies in place are sufficiently broad to prevent, or at least limit, abusive use of social media by the employees. Relevant policies naturally draw from the established principles of maintaining proper workplace environment and establishing reasonable restrictions on employee behaviour. Examples include: employee privacy, both on and off site,as well as issues relating to workplace searches; adherence to anti-discrimination and harassment law protection of company trade secrets and other intellectual property tenets; and prevention of defamation, tortious interference with contractual relations or unfair trade practices. The most prudent course to protect against liability in the employment realm is to examine each policy that guides the behaviour and conduct of employees, and modify, where required, to create an organic document that broadly interprets this burgeoning form of communication and publication.
Social media may be utilized by companies in a variety of imaginative ways related to employment. As we know, social media is a powerful recruitment tool that can be used to create a buzz or intrigue about the employer and connect heavily recruited talent with the company. It is now de riguer for employers and recruiters to “online” a prospective candidate by scanning his or her LinkedIn, Plaxo, Facebook, Twitter, or other business or social networking pages. It can also be used to educate employees and the public about company advances, enhance PR, respond to negative press, and detect theft or misappropriation of trade secrets, abuse of overtime, sick leave or fraudulent medical claims by employees. As discussed below, these online resources can provide valuable information and an immediate global connection with the public, but must be used consciously and appropriately by both employers and employees to avoid legal misuse.
Misuse of social media can be devastating to a company, both legally and from a public relations perspective. Social media employee banter relating to protected traits such as race or gender may violate an employer’s anti-harassment policy and create a hostile work environment, just as it does when communicated in person by employees. An employee’s tweets about the employer’s new R&D project may result in leaking valuable proprietary and trade secret information. An online smear campaign about a competitor’s product by an employee can subject an employer to an unfair trade practices or tortious interference claim. A manager’s online gossip about an employee’s purported drinking problem that proves to be false may result in a defamation claim. Employees griping via social media about their work environment can not only impact the employer’s reputation, but also potentially provide a window for the employer into employee morale and its potential negative impact on productivity. Finally, an employer’s “inattention” to online behaviour by employees can make it legally liable, if it knew, or should have known, of the behaviour, but failed to take adequate measures to correct the situation, or to notify the appropriate authorities. These concepts should all be familiar to employers. The social media phenomenon merely adds a new, albeit infinitely expansive, arena in which employment issues can arise. Put simply, online “talk” by employees has created a hornet’s nest of new challenges for employers. The legal principles and best business practices employers should use to face these challenges remain the same as those they have used to monitor and control other technology advances that increase the speed and amount of communication among employees, such as email, texting or any other such medium.
This chapter provides companies with an overview of how social media affects the workplace and the resulting issues to consider and manage in connection with employee use of social media. We begin by examining the possible uses of social media by employers and then turn to use by employees, and end with a discussion of how a company can seek the removal of content posted by employees in social media.
Social Media in Action in Employment
Employer Use of Social Media
Does your company have a company-sponsored page on one or more social media sites? If so, what do you use it for? Many large companies create and use social media sites for everything from marketing promotions (See Chapter 1 – Advertising & Marketing) to attracting job applicants. Such uses are arguably the most acceptable and productive for a company. To minimize legal risk, companies should reasonably and consistently monitor sites for derogatory or otherwise harmful content, and, when it occurs, remove it immediately, block the offending author, and take curative action. Because the company controls the site, such action should be simple and quick.
Does or should your CEO have a Facebook or other social media presence? Sometimes a CEO may create his/her own social media page to market the company or “counter” harmful media blasts. At other times, it may be strictly personal with nothing to do with the company. It is sometimes difficult to discern whether a CEO’s social media page reflects his/her role as CEO or is a personal outlet. (See section below regarding employee use of social media.) An example of this is the resignation of former Sun Microsystems CEO Jonathan Schwartz, who used Twitter.[4]
Potential issues under U.S. law
Does your Human Resources Department use social media as a recruiting tool? Do they use it to investigate the credentials and qualifications of job applicants? Is it used to track the activities of current employees? If so, be sensitive and current on possible privacy rights, compliance with the federal Fair Credit Reporting Act, the National Labor Relations Act (“NLRA”), the federal Electronic Communications Privacy Act, Title VII, and state laws that outlaw adverse employment action for off-site actions by employees that are not unlawful, such as smoking.
An employer may also use social media to ferret out fraudulent medical (including Family Medical Leave Act) claims. Insurance carriers and employers are increasingly using social media sites to expose claimants supposedly too injured to work, but boastful of their physical prowess on their personal sites.[5]
Social networking sites have unlocked countless electronic doors for employers to learn about employees. While employees can be and are “themselves” on one site and anonymous or disguised on others, employers act at their legal peril to pretend to be “someone else” when monitoring employees and applicants. There are a number of ways an employer may obtain an employee’s actual or implied consent to monitor her/his off duty social networking. But an employer must always act with integrity, because courts have held “disguised” employers liable for pretending to gain access to employee-created social networking groups.
In addition, even with consent to monitor, only seek work-related information. An employer must take steps to avoid obtaining more information than required to make an employment decision. Information to avoid includes an employee’s membership in a protected class, a lawful association such as a union, or in legal political activities.
Even where there is no unionized workforce present, communications between employees that discuss efforts to organize, or engage in conduct that is protected under section 7 of the NLRA, may not impose policies that unlawfully interfere with the employees’ exercise of those rights. Employers must also refrain from monitoring what is lawful communication between employees regarding unionization or union business to avoid charges of surveillance, which also violates the NLRA.
Public employers must, as with all practices, observe due process rights of employees with respect to conducting searches and any resulting disciplinary action. The mere fact that the conduct occurs on the Internet does make the conduct either protected or unprotected; rather, the context in which the conduct occurs—such as is it a comment posted by the employee, is it accessible on a public site or page, what issues the comment addresses—must be considered.
Finally, and particularly in privacy-type cases, courts and juries are easily offended and punish employers that use more intrusive methods over other available, less intrusive alternatives.
Potential issues under English law
Employers in the UK face similar issues in relation to the use of social media as part of the application and vetting process. An employer’s use of a job applicant’s data, which is available on the Internet through social media, is governed by the Data Protection Act 1998 (the “DPA”). The DPA requires an employer to obtain an applicant’s consent for the collection and use of such data to be used as part of an application or vetting process.[6] In addition to data protection issues, exploring information relating to a job applicant that is available on the Internet through social media may expose the employer to claims of discrimination if the employer decides not to proceed with that applicant (regardless of the employer’s actual reasons for choosing not to do so). For example, there could be such an exposure where the data available through social media gives information as to an applicant’s race, colour, religious beliefs or sexual orientation that might not otherwise be apparent through the application process. Employers should therefore consider whether the benefits of obtaining information through social media outweigh the risks of potential litigation.
The use of information available through social media to investigate possible employee misconduct or breaches of an employment contract also gives rise to potential issues. It is unlikely that employees or workers will provide consent for employers to comb through information that is available through social media. Accordingly, the employer’s interest in searching for and using such information in the absence of employee or worker consent must be carefully balanced against (and be shown to outweigh) any detriment to the employee or worker in order for the use of such information not to breach the DPA or any rights of privacy that the employee or worker may have.[7]
Employers should therefore consider including, as a standard contract term, a provision by which the employee gives consent. Employers should also have a clear and well-publicised policymaking that establishes that such information would be used in the event of an investigation as a step toward demonstrating that such an interest does exist. Employers should also refrain from searching and using information available through social media until a reasonable belief of wrongdoing has been established through less intrusive means of investigation.
Dismissals of employees that are based on information obtained in breach of the DPA or that unreasonably infringe upon an employee’s home or private life may be found by an Employment Tribunal to be unfair. Such dismissals may also be found to constitute an unreasonable breach of the ACAS Code of Practice on Disciplinary and Grievance matters, which may result in any award of compensation made to an employee by an Employment Tribunal being increased by up to 25 percent.[8]
Potential issues under French law
In recruiting new employees, employers should proceed with caution in seeking information available on applicants through social media, because this could be risky on a number of counts.
In particular, such a practice could be in breach of the strict rules laid down in the French Labour Code regarding recruitment methods, which state, for example, that information requested of an applicant must have a direct link with either the job opening in question or the candidate’s professional capabilities. In addition, the Works Council is to be kept informed of recruitment methods and techniques.[9]
While it may be difficult to establish an employer breach of these regulations by vetting candidates through the Internet, the risk of unlawful discrimination (based on union membership, race, etc.), remains significant. While relatively few complaints are actually brought before tribunals concerning the recruitment procedure[10], such actions have multiplied over the past few years through the work of the HALDE[11], the official body acting for equal opportunities. Arguably more destructive to companies than actual litigation is the damage to their reputation when doubtful and discriminatory recruitment practices are alleged by this organization[12].
Another administrative body publishing guidelines and monitoring the use of social media, especially by recruitment agencies, is the data protection agency, the CNIL.[13] Its 2009 report included warnings against excessive and illegal acts by employers when utilising social media in the recruitment process, particularly by invasions of privacy and illegal discrimination.
In this context, a number of professional organizations, recruitment agencies and companies[14] composed a Charter on social media in which the signatories shall not use social networks to collect personal information on applicants[15].
A central question in employer use of social media in investigating the behaviour of existing employees concerns the admissibility of evidence. As in the United States, the mere fact that employee conduct occurs on the Internet does not determine whether it is protected. Instead, such protection should depend rather on the extent to which the page containing the comment can be accessed by others.
In a pending case before the Labour Court, judges will rule on whether a comment posted by an employee connected from home on his personal Facebook page should be considered as private correspondence.[16i]
Unlike the suggested solution in the UK, however, an employee’s agreement in advance to permit online monitoring of his or her activity by the employer is likely to be held null and void in France because both the Labour code and the courts are very protective of employee civil liberties such as freedom of expression and the respect of private life.
Moreover, unlike the United States, employees are generally immune from discipline and other sanctions for off-duty lawful (nor even unlawful) conduct. But we expect the omnipresence and ever-increasing use of new technologies for professional and personal use will undoubtedly test such “hands off” limits.
Employee Use of Social Media
Potential issues under U.S. law
Do any or many of your employees have or contribute to social media pages or spaces? If so, do they visit them at work? During working hours? Using company equipment? The answer to each question is likely yes. Facebook alone boasts more than 400 million users. A 2009 Deloitte survey revealed that 55 percent of all employees visit social networking sites at least weekly, with 15 percent admitting access for personal reasons from work.[17]. In such situations, an employer can and should lawfully restrict an employee’s use of social media within reasonable limits at work, and on break-time if it impacts anyone’s work adversely. A properly worded notice to employees provides an employer with a strong right to control the use of its own property, such as computers, cell phones, and PDAs. Similarly, again with proper notice, employers may also monitor the use of the company’s property without restriction.[18]
An employee’s “on-the-clock” time belongs to the employer, and it therefore can and should restrict or limit an employee’s use of social media while on duty, even if the employee is using personal equipment. However, if an employer permits on-duty use of social media when an employee uses his or her own equipment, the employer generally may not use electronic means to observe or monitor that personal use, unless, as stated, it adversely impacts the workplace, either by reduced productivity or by conduct that may expose the employer to liability. At least one court has held that an employer has a duty to remedy co-employee harassment to avoid a hostile work environment, when its male employees used a company bulletin board to harass a female employee based upon her sex and in retaliation for her filing a lawsuit.[19]
Social media sites can be, and are often, used as communication tools between employees. However, at times, these employee communications cross the line into harassing, threatening, or other unlawful conduct, or divulging trade secrets or other confidential information about the employer or a competitor. In such a situation, whether an employer may be held legally liable for damages resulting from the offending employee’s post, remains in gestation.[20]
The next question is whether an employer can or should use content posted on social media sites as a basis for disciplining or discharging an employee. Content posted anonymously is, of course, exceedingly difficult to police, and several state laws prohibit employers from taking adverse action against an employee for engaging in lawful, off-duty conduct, including political activity or affiliations specifically protected under state law. Moreover, employers must be cautious about taking adverse action against an employee whose social media use could be protected under the NLRA or federal and state whistleblower laws, such as the Sarbanes-Oxley Act. Finally, “public” (meaning government) employers have the additional burden of avoiding any violation of their employees’ First Amendment and other Bill of Rights protections by disciplining them for content posted on a social media site.
On the other hand, employers cannot “play ostrich” to employee abuse of social media sites. Consequences of doing so include loss of confidential information and/or trade secrets; irreparable damage to reputation or other aspects of a business, either through employee misconduct or apparent company condonation or endorsement by inaction; or liability for employee content that is defamatory, threatening or otherwise unlawful. Employers also have a duty to report illegal activities to the proper authorities and to take internal action when it becomes aware than an employee has engaged in unlawful activity.[21]Recently, the FTC revised the Guides Concerning the Use of Endorsements and Testimonials in Advertising.[22] It is unclear to what extent, if any, an employer may be liable for an employee’s statements in social media; but the FTC provides an example in Part 255.5 that indicates that both employers and employees may be liable in some circumstances. Under Example 8 of 16 C.F.R. Part 255.5, an online message board designated for discussions of new music download technology is frequented by MP3 player enthusiasts. Unknown to the message board community, an employee of a leading playback device manufacturer has been posting messages on the discussion board promoting the manufacturer’s product. Knowledge of this poster’s employment likely would affect the weight or credibility of her endorsement. Therefore, the poster should clearly and conspicuously disclose her relationship to the manufacturer to members and readers of the message board. 16 C.F.R. Part 255.1(d) provides that “[a]dvertisers are subject to liability for…failing to disclose material connections between themselves and their endorsers. Endorsers also may be liable for statements made in the course of their endorsements.” Therefore, in Example 8, both the employee and the employer may be liable for the employee’s failure to disclose his material connection with the employer.
Potential issues under English law
Employers based in the UK may also lawfully restrict employees’ use of social media through the employer’s equipment. A properly worded and well-publicised policy would be key to achieving this objective and would ideally be coupled with the use of technological means to prevent employee access to social media using employer equipment, either absolutely or for certain periods of the day.
Where an employer lacks technical means to prevent access to social media through its equipment, an employer may consider monitoring to detect any breaches of its policy (any such policy needs to provide employees with clear guidance as to the levels of use permitted – if any). Employers in the UK do not have an absolute right to monitor employees’ use of the employer’s electronic equipment, and the more intrusive and/or secretive any monitoring is, the more likely it would be that such monitoring would be unlawful.[23] Accordingly, employers may consider using spot checks rather than ongoing monitoring, and setting flags so that any monitoring just returns details as to when social media websites are accessed, rather than monitoring the actual content viewed or submitted. If it becomes relevant to consider the content viewed, it is more likely to be lawful for an employer to do so as part of an investigation that is triggered by less intrusive monitoring.
Where employees use their own equipment, such as their personal mobile phones, to access social media, the position is the same as applies in the United States.[24] The UK employer cannot monitor electronically, but may investigate and, if necessary, implement disciplinary proceedings if there are productivity or other performance or conduct issues, or if employees use social media through their own equipment to act unlawfully – for example, by behaving inappropriately toward co-workers.
As is the case in the United States, it is an open question whether an employer may be liable for an employee’s use of social media that discriminates against or harasses or threatens a co-worker. An employer is, generally, vicariously liable for an act of harassment or other discrimination carried out by an employee during the course of their employment.[25] Whether or not harassment carried out via social media would be capable of falling into this category is currently undecided. It is more likely that the employer would be vicariously liable for an employee’s use of social media if the employee in question is a manager who publishes something inappropriate concerning one of the persons for whom that manager is responsible. Whether any such misuse occurs during or after working hours or on the employer’s equipment may also be factors as to whether the employer should be vicariously liable.
Whether content published by or about an employee can provide the basis for disciplinary proceedings will depend largely upon the circumstances. For example, was the content published during or after working hours? Did the employee disclose confidential information of the employer? Did the employee use the employer’s or the employee’s own equipment to publish the content? Does the content constitute inappropriate behaviour toward a co-worker and, if so, can publishing the content be linked to the employee’s professional (as opposed to private) relationship with that co-worker? Does the content, such as a status update, indicate that the employee has been untruthful toward their employer (for, example showing the employee to be well and active when the employee has informed the employer that they are unfit to attend for work)?[26] As with monitoring, it is important that the employer has come to collect and use any such content with regard to the DPA and any privacy rights that the employee may have.
Caution should be exercised before taking any adverse action against an employee who publishes content that raises a complaint against the employer. Whilst the inappropriate publishing of any such information needs to be dealt with, the employer should also investigate the substance of the complaint made by the employee. Content might conceivably be published in such a way as to constitute a written grievance (which a failure to deal with through the grievance process may expose the employer to an increase in compensation of up to 25 percent where the employee brings a successful complaint before the Employment Tribunal).
Potential issues under French law
As in the UK, employers may technically impede employee access to social media sites from their own computers, cell phones and PDAs.
They may also lawfully restrict employee use of social media at work by specifying such restrictions in a specific document related to the use of information technologies, a “charte informatique.” In this case, employers would need to monitor employee use of social media (websites visited and length of the visits)[27], given the liability they incur regarding IT security issues and the behaviour of their employees on the Internet.
In both cases, the employer must comply with a very formal procedure, which includes informing the employees, consulting staff representatives and completing a declaration to the CNIL[28], given the personal data which will automatically be collected in this process.
However, in cases of co-employee harassment, the French employer cannot be too careful. Even such close monitoring of Internet activity would occur too late to release the employer from its liability. Indeed, according to French case law, employers have a duty to prevent co-employee harassment from occurring in the first place[29]. The employer would therefore be liable where co-employee harassment occurs, even if he had taken measures to detect the “electronic” harasser and to protect the victim (by dismissing the perpetrator).
Nevertheless, it could always be put forward as evidence of the employer’s good faith in case of litigation, that the employer had included in the aforementioned “charte informatique” clear prohibition of any harassment or similar behaviour through social media.
Removing Content Posted by Employees from the Site
If an employee posts derogatory, defamatory, harassing, threatening, confidential or other unlawful or inappropriate content, what can and should the company do to remove the content from the social media site?
Most social media sites have terms of use that prohibit the posting of any content that is threatening, harassing, defamatory or otherwise unlawful. Presumably, then, any such content would be voluntarily removed by the site after it is brought to the site’s attention.[30] Not all sites, however, prohibit the posting of content that may constitute confidential information, but that is not copyrighted or may not rise to the level of a trade secret or other legally protected information.
For example, MySpace’s terms of use prohibit the posting of any content that “violates or attempts to violate the privacy rights, publicity rights, copyrights, trademark rights, contract rights or any other rights of any person.”[31] However, Facebook does not appear to share this same view. Facebook’s terms of use only prohibit the posting of content that “infringes or violates someone else’s rights or otherwise violates the law.”[32]
If, for instance, an employer complains to Facebook that a post discloses confidential information pertaining to the company, but fails to prove that the information is legally protected, Facebook may not remove the offending post. Indeed, currently, no laws require Facebook to remove such a post.
In the UK, a further step that might be considered is to ask the employee concerned to remove any offending content. If the employee refuses to do so, it may, depending on the content, be possible to bring a disciplinary action against the employee for refusing to follow a reasonable and lawful order.
Current Legal and Regulatory Framework in Employment
Little case law exists in the United States or the UK pertaining to employee use or abuse of social media, and no statutes or regulations specifically govern such conduct. Currently, an employer’s management of its and its employees’ use of social media must be guided by the basic principles related to employee privacy rights and protections, anti-discrimination and harassment law, intellectual property law, free speech concerns, and other applicable law.
The role of intellectual property law in social media is fairly straightforward, and an employer should not be inhibited in any way from policing or enforcing its right to protect its intellectual property from being exploited on social media sites. However, anti-discrimination and harassment laws, laws protecting an employee’s right to engage in lawful off-duty conduct, privacy rights and other concerns such as free speech rights, play a larger role in shaping how an employer may use, or control its employees’ use of, social media.
In the United States
An employer can and should always prohibit employees from posting anything that amounts to unlawful harassment or discrimination. Title VII of the Civil Rights Act of 1964 and its amendments[33], as well as numerous state laws, prohibit harassment of employees by other employees based on certain protected characteristics. What conduct constitutes harassment based on a protected characteristic and whether such conduct is sufficiently severe or pervasive to be unlawful are often difficult to unravel. To further complicate the issue, and to reiterate, several states prohibit employers from taking adverse action against an employee for engaging in lawful, off-duty conduct.[34] It is therefore unclear in some states whether an employer may, for example, lawfully discipline an employee for posting, on his or her own time and equipment, sexist or racist jokes on his or her MySpace page.
By the same token, case law is still unclear on what, if any, circumstances expose an employer to vicarious liability for an employee’s alleged harassment of another on a social media site. One court recently held that an employer was not liable for an employee who used his company phone and computer to harass non-employees. Another dismissed a negative supervision claim because it was not reasonably foreseeable that unsupervised Internet access would result in harm to others. In another decision, the same court held that an employer is only required to prevent foreseeable on-the-job misconduct, not to supervise an employee’s private conduct or persistently scan the World Wide Web to ferret out potential employee misconduct. [35] Nevertheless, in the Title IX context (which prohibits harassment of students on the same bases and imposes liability for such harassment on schools in certain circumstances), parents have sought to hold schools liable for, inter alia, the use of Facebook and other social media sites to “sexually harass” their children.[36] However, because the cases also included numerous other types of alleged harassment, such as face-to-face confrontations, etc., it is difficult to tell what role, if any, the content on Facebook played in determining whether the school did (as in one case) or did not (as in the other) have any liability for the alleged harassment.
Other examples of where an employer must use caution are whether to prohibit and/or discipline employees for social media content that could arguably be construed as “protected, concerted activity” under the National Labor Relations Act[37], or where the disciplinary actions may be illegal retaliation under a host of federal, state, and local anti-retaliation statutory provisions. Under the NLRA, for instance, an employee may be free to express his/her opinion on working conditions, even if it is derogatory to the company and/or other employees. Employee privacy rights may also play a role, depending upon how the employer became aware of the offending conduct. Finally, to repeat, government employers must consider their employees’ First Amendment and similar rights if the scope of the prohibited use of social media arguably affects an employee’s right to speak on an issue of public concern.
In the UK
Because of discrimination legislation and other contractual and statutory obligations upon employers to protect employees from harassment, employers can prohibit employees from posting content that bullies, harasses or discriminates against their co-workers. However, the boundaries of these protections have not yet been tested fully before the Employment Tribunal and, as indicated above, there are a number of open questions as to the circumstances in which an employer can take action against an employee who behaves inappropriately toward a co-worker through social media.
In France
As in the United States and the UK, there are neither statutes nor regulations specifically governing employee use of social media.
The first employment law rulings on questions of social media in the workplace are eagerly awaited, particularly as regards the courts’ treatment of the issue of whether evidence collected through social media is admissible.
However, there is some recent case law in related areas (dealing with issues such as new technologies, monitoring of employee behavior and data protection) that may provide us with clues on the position of the French Supreme Court[38], as regards the importance of the protection of employee civil liberties when faced with the interests, rights and obligations of entrepreneurs.
For example, the first Supreme Court decision on the Sarbanes Oxley whistleblowing obligations was rendered in December 2009 to a frenzy of media attention. In this case, involving a leading French software company, the whistleblowing policy was contained within a Code of Conduct that also included rules on the use of information classed both as confidential and also “for internal use.” The chapter on whistleblowing was held as being in violation of data-protection laws and as not providing enough protection to employees, whilst the rules on the treatment of information “for internal use” were held to be in breach of freedom of expression and of a separate collective right of expression enjoyed by employees with regard to their working conditions[39].
Another trial court case on whistleblowing held that the facility to denounce delinquent conduct through an intranet site did not sufficiently protect employee rights, as proper procedure as regards the staff representatives had not been respected and the examples of targeted behavior were much wider than those aimed at by the Sarbanes Oxley legislation[40].
Finally, case law surrounding blogging and online communication by trade unions and staff representatives or employees in contentious situations with their employer usually considers the level of public access to the chosen media, as well as the content and the context of the publications in order to reconcile the conflicting rights and interests of the concerned parties.
Social media and its associated advantages and risks are now inextricably linked with other topical HR subjects, such as stress and psychosocial risks, harassment, discrimination and diversity, the growing status of the CHSCT (Health and Safety at Work Committee), etc. For these reasons alone, Social Media cannot be ignored. Employers must consider developments in these other areas and factor such considerations into the drawing up or revision of company policies and handbooks, IT charters, codes of ethics, etc. Finally, when considering the drafting and implementation of any such documents, French employers must pay attention to possible procedural obligations in terms of staff representatives, as well as guidelines and regulations set down by organisations such as the HALDE and the CNIL.
[1] http://www.marketwire.com/press-release/Proofpoint-Inc-1027877.html; “Social networking and reputational risk in the workplace,” Deloitte LLP 2009 Ethics & Workplace Survey results.
[2] “Social networking and reputational risk in the workplace,” Deloitte LLP 2009 Ethics & Workplace Survey results.
[3] http://www.marketwire.com/press-release/Proofpoint-Inc-1027877.html.
[4] http://www.independent.co.uk/news/media/current-twitter-trends-sun-ceo-tweets-his-resignation-modern-haikus-1889534.html.
[5] http://www.workforce.com/section/02/feature/26/66/08/#.
[6] Schedule 1(1) and Schedule 2(1) Data Protections Act 1998 htttp://www.statutelaw.gov.uk/legResults.aspx?LegType=All%20Primary&PageNumber=1&BrowseLetter=D&NavFrom=1&activeTextDocId=3190610.
[7] Information Commissioner’s Office (ICO) Employment Practice Code http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/employment_practices_code.pdf.
[8] ACAS Code of Practice http://www.acas.org.uk/index.aspx?articleid=2175.
[9] French Labor Code, articles L. 1221-6, L. 1221-8, L. 1221-9, L. 2323-32.
[10] This may be partly because of the inexistence of punitive damages in the French judicial system, which generally leads to a different approach to employment litigation than in some other jurisdictions.
[11] The HALDE (“Haute Autorité de Lutte contre les Discriminations et pour l’Egalité”) is the administrative body that, among other things, assists employees in obtaining damages, or bringing actions before the relevant court regarding discrimination issues.
Claims before the HALDE increased by 21 percent, to a total of 10,545 for 2009, compared with 2008. http://www.halde.fr.
[12] This was the case when in 2008 the HALDE controversially carried out “testing” of major French companies, sending a number of fake CVs in response to job advertisements, and proceeded with a campaign of Naming and Shaming of those companies who statistically invited significantly less numbers of candidates from certain minority groups for interview.
[13] La Commission nationale de l’informatique et des libertés, an independent French administrative authority whose mission is to ensure data privacy law is applied to the collection, storage, and use of personal data.
[14] Such as the MEDEF (The Mouvement des Entreprises de France), employers' organization representing the French business leaders.
[15] “Charte réseaux sociaux, Internet, Vie Privée et Recrutement”.
[16] An employee connected from home posted a comment on his personal Facebook page, criticizing his hierarchy. Two of his colleagues added other negative comments on to the post. All three were dismissed for gross misconduct. French judges will have to rule on whether such correspondence should be considered as private or not (and therefore, on whether or not it could be used, as grounds for dismissal).
[17] Deloitte survey: http://www.marketwire.com/press-release/Proofpoint-Inc-1027877.html; “Social networking and reputational risk in the workplace,” Deloitte LLP 2009 Ethics & Workplace Survey results.
[18] Employers must be careful, however, to apply their computer policy consistently to avoid claims of discriminatory discipline and/or monitoring based on any protected category. For example, if the employer allows its employees to use social media sites, and in monitoring their usage discovers that certain employees are seeking to form a union, the employer may not focus its monitoring efforts on only the employees advocating for the union.
[19] See Blakley v. Continental Airlines, Inc. 751 A.2d 538 (N.J. 2000)
[20] Under the recently revised FTC Guides, it is unclear to what extent, if any, an employer may be liable for an employee’s statements in social media. Under Example 8 of 16 CFR Part 255.5, an online message board designated for discussions of new music download technology is frequented by MP3 player enthusiasts…. Unbeknownst to the message board community, an employee of a leading playback device manufacturer has been posting messages on the discussion board promoting the manufacturer’s product. Knowledge of this poster’s employment likely would affect the weight or credibility of her endorsement. Therefore, the poster should clearly and conspicuously disclose her relationship to the manufacturer to members and readers of the message board. 16 CFR Part 255.1(d) provides that “[a]dvertisers are subject to liability for…failing to disclose material connections between themselves and their endorsers. Endorsers also may be liable for statements made in the course of their endorsements.” Therefore, in Example 8, both the employee and the employer may be liable for the employee’s failure to disclose his material connection with the employer.
[21] See Doe v. XYZ Corp., 887 A.2d. 1156 (N.J. Super. 2005).
[22] 16 CFR Part 255.
[23] Information Commissioner’s Office (ICO) Employment Practice Code, page 54 onwards http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/employment_practices_code.pdf.
[24] The relevant legislation in the UK is the Regulation of Investigatory Powers Act 2000 http://www.statutelaw.gov.uk/legResults.aspx?LegType=All%20Primary&PageNumber=3&BrowseLetter=R&NavFrom=1&activeTextDocId=1757378.
[25] Waters v Metropolitan Police Comr [2000] IRLR 720.
[26] http://www.theregister.co.uk/2008/10/23/sickie_woo.
[27] Case No 06-45800 (Cass. soc., July 9, 2008): the employer is entitled to monitor its employees’ Internet connections in the absence of the latter, given that connections during working hours, on the computer made available by the employer for the performance of the employee’s work, are presumed to have a professional nature.
[28] La Commission nationale de l’informatique et des libertés, an independent French administrative authority whose mission is to ensure data privacy law is applied to the collection, storage, and use of personal data.
[29] Cases No 08-40.144 and 08-44.019(Cass. soc., Feb. 3, 2010) An employer was held to be liable for the harassment that had occurred in the workplace despite having taken measures on becoming aware of the situation; in one case the perpetrator resigned and in another the victim of the harassment was moved to another site. Indeed, in such areas, employers are bound by an obligation to achieve a particular result “obligation de resultat” which is distinct in French contract and tort law from an “obligation de moyens,” an obligation to act or a “best efforts obligation.”
[30] “Facebook, Inc. v. Power Ventures, Inc.,” No. C 08-5780, 2009 WL 1299698, at *4 (N.D. Cal. May 11, 2009) (“Access for purposes that explicitly are prohibited by the terms of use is clearly unauthorized”).
[31] http://www.myspace.com/index.cfm?fuseaction=misc.terms.
[32] http://www.facebook.com/terms.php.
[33] Title VII of the Civil Rights Act of 1964, 42 U.S.C. 2000e, et seq.
[34] See, e.g., Cal. Lab. Code § 96k; see also N.Y. Labor Code § 201-d.
[35] See Sigler v. Kobinsky, 762 N.W.2d. 706 (Wisc. Appt. Ct. 2008); Maypark v. Securitas Security Services USA, Inc, 2009 WL 2750994 (Wisc. Appt. Ct. 2009).
[36] Laningham v. Carrollton-Farmers Branch Independent School District, 2009 WL 2998518 (N.D. Tex., Sept. 17, 2009); Wolfe v. Fayetteville, Arkansas School District, 600 F.Supp.2d 1011 (W.D. Ark. 2009).
[37] National Labor Relations Act, 29 U.S.C. §§ 151-169.
Deloitte survey: http://www.marketwire.com/press-release/Proofpoint-Inc-1027877.html; “Social networking and reputational risk in the workplace,” Deloitte LLP 2009 Ethics & Workplace Survey results.
[38] la Cour de Cassation
[39] Case n° 08-17.191 Cass. Soc., (Déc. 08, 2009). The information for internal use was not well enough defined to judge whether it was necessary and proportionate given the obvious breach of individual and collective rights and liberties, in this case freedom of expression (based on article L. 1121-1 of the French labor code). Moreover, besides the consideration of civil liberties, the Labour Code contains specific articles (L. 2281-1 et seq.) pertaining to the employees’ collective right to express themselves on issues such as working conditions and the content and organization of their work. The vague definition of information to be considered as confidential did include information on which employees may need to communicate.
With regard to the whistleblowing disposition, employees were invited to denounce behavior thought to be in breach, not only of regulations pertaining to finance and fraud, etc., but basically of other regulations of the code of conduct as well. This was not strictly in line with the application of Sarbanes Oxley regulations and therefore infringed on employee rights. Moreover, the company did not comply with the proper CNIL procedure and was held as not providing enough protection to employees using the facility.
[40] TGI Caen, (Nov. 5, 2009)
