Implementing U.S. and International Social Networking Regulations

This article summarizes the recent U.S. legislation regarding applicant privacy and the NLRB's social networking and employment policy guidelines. It also analyzes the state of social media and employment law in the EU, particularly France, the United Kingdom and Argentina as examples of law developing outside of the United States. Finally, this article provides recommendations for employers faced with complying with new laws governing the use of social media.

U.S. Developments

Social Media and Privacy

Two of the largest issues in the developing social media and employment landscape are applicant privacy in the hiring process and company social media policy compliance with the National Labor Relations Act (NLRA).

As social networking sites have become places where job applicants present information about themselves, employers have become more interested in seeing those representations before making a hiring decision. Throughout the country, there is evidence that employers are asking prospective employees for social media passwords during the application process, or engaging in the practice of “shoulder surfing,” where an applicant is forced to log onto his or her social media site during an interview.

Both federal and state governments are responding to these practices. In March 2012, Senators Richard Blumenthal (D-CT), and Charles Schumer (D-NY), called on the Equal Employment Opportunity Commission and the Department of Justice to launch a federal investigation into whether employer practices of asking for social media passwords to gain additional personal information about prospective employees violates any federal laws, particularly those related to privacy or discrimination. See, Senator Blumenthal Press Release, “Blumenthal, Schumer: Employer Demands for Facebook and Email Passwords as Precondition for Job Interviews May Be a Violation of Federal Law; Senators Ask Feds to Investigate,” http://1.usa.gov/VpqnKE. Seven states ' Maryland, Illinois, California, Massachusetts, New Jersey, Washington and Minnesota ' introduced legislation that prohibits employers from requesting employees or applicants disclose their personal social media log-in information and prohibits employers from disciplining employees for not providing such information.

In particular, the Maryland and Illinois legislatures passed their respective bills. The Illinois General Assembly passed HB 3782 “Right to Privacy in the Workplace Act” on May 22, 2012 and sent it to the Governor to be signed into law on June 20, 2012. See, Illinois General Assembly Bill Status, http://bit.ly/XhzGjw.

Maryland's governor signed Maryland HB 964 (http://bit.ly/IlUvWq) and the law went into effect in October. HB 964 highlights two protections for job applicants and current employees. First, the act prohibits employers from “requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service.” Second, the act prohibits employers “from taking, or threatening to take, certain disciplinary actions for an employee's refusal to disclose certain password and related information” and “from failing or refusing to hire an applicant as a result of the applicant's refusal to disclose certain password and related information.” Initial public response to these laws has been positive, and other states may follow suit with similar legislation in the future. (See, Comments Section of “Maryland to Ban Employers from Asking for Facebook, Twitter Passwords,” Huffington Post, http://huff.to/UDF2pO.)

Social Media Policies and the NLRA

A second issue evolving in the United States with respect to growing social media use is company policy compliance with the NLRA, particularly '7, which states:

Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3).

The NLRA applies to employees in most private-sector workplaces, and '7 is implicated with respect to company social media policies because there are questions about whether restricting certain types of posts on social networking websites violates the NLRA by chilling employees' freedom of association and organizing rights. Because this area of law is so new, the issue has not been fully developed in the courts. The National Labor Relations Board issued reports in August 2011, January 2012 and May 2012 to provide companies with guidance on what types of provisions are allowable and what types are not. (See, Operations Management Memos from NLRB Acting General Counsel Lafe Solomon, issued Aug. 18, 2011, Jan. 24, 2012 and May 30, 2012, available at http://1.usa.gov/UDFAMy, http://1.usa.gov/VpraLF, and http://1.usa.gov/SiXC3G, respectively.)

According to the January 2012 and May 2012 reports, the key question for employers is whether the company's policy on social media use involves restrictions that “would reasonably tend to chill employees in the exercise of their Section 7 rights.” Lafayette Park Hotel, 326 NLRB 824, 825 (1998), enfd. 203 F.3d 52 (D.C. Cir. 1999). The inquiry for determining if a rule violates the NLRA is twofold (see, Lutheran Heritage Village-Livonia, 343 NLRB 646, 647 (2004)). First, a rule is clearly unlawful if it explicitly restricts '7 protected activities. If the rule does not explicitly restrict protected activities, it will only violate the NLRA upon a showing that:

• Employees would reasonably construe the language to prohibit '7 activity;
• The rule was promulgated in response to union activity; or
• The rule has been applied to restrict the exercise of '7 rights.

Rules that are ambiguous as to their application to protected activities, and contain no limiting language or context that would clarify to employees that the rule does not restrict '7 rights are unlawful. See, University Medical Center, 335 NLRB 1318, 1320-122 (2001) (http://1.usa.gov/TAwikp), enf. denied in pertinent part 335 F.3d 1079 (D.C. Cir. 2003). Although the NLRA makes no specific mention of rules regarding the Internet or social media websites (having been enacted in 1935), its standards for employers apply to company policies about them because the Internet and social networking websites are now a major way that employees communicate with each other.

The NLRB reports offer key insights to employers by evaluating cases that were recently brought to the Board, as well as current social media policies from seven corporations. One case involved a policy that “prohibited employees from making disparaging comments about the company through any media, including online blogs and other electronic media.” Operations Management Memo from NLRB Acting General Counsel, issued Jan. 24, 2012 at pp. 3-4. When an employee of the company posted on her Facebook page that her employer had “messed up” by transferring her to a lower-performing group, she was terminated. The NLRB determined that this company's rule was unlawful because “it would reasonably be construed to restrict Section 7 activity, such as statements that the Employer is, for example, not treating employees fairly or paying them sufficiently.” Id. at 4. The NLRB also found that the employee's termination was unlawful because the evidence supported the conclusion that she was terminated because her posts were contributing to additional discussion among employees about workplace conditions, which is protected. Id. at 5.

The NLRB looked at social media policies from Wal-Mart, Target, General Motors, McKesson, Clearwater Paper, DISH Network and Us Helping Us and found the majority of provisions unlawful because the policies were so overbroad that they could be reasonably construed by employees to chill '7 activities. Operations Management Memo from NLRB Acting General Counsel, issued May 30, 2012. The unlawful provisions included “use technology appropriately,” “online posts must be completely accurate and not misleading,” and “employees are prohibited from releasing confidential guest, team member, or company information.” In contrast, the Board determined that the best policy (Wal-Mart's) was entirely lawful and was “not ambiguous because it provide[d] sufficient examples of prohibited conduct so that, in context, employees would reasonably read the rules to not prohibit protected activity.” Id. at p. 20. As such, companies should be mindful of broad language in their social media policies.

Developments in France

In France, developing social media policies and laws are grounded in a European Union-wide emphasis on personal information privacy. In March 2012, the European Commission introduced an updated Data Protection Regulation (http://bit.ly/S5z3rR). Key features of the update include a strengthened “right to be forgotten” so individuals can force data providers to delete their personal information and a “privacy by default” guiding principle to ensure that information-collecting websites automatically set settings to be as private as possible.

In terms of employment, the use of data derived from social media sites is not regulated by one specific law, but by a combination of recommendations issued by the French Data Privacy Authority (CNIL), an employer's information technology policy, and French case law. Under current case law, information posted on
social media sites is not deemed private, and is therefore not legally protected as private correspondence since it is publicly available. Therefore, potential employers are entitled to look at social media sites so long as the applicant is informed of the information collection process. Article L. 1221-9 of the French Labour Code requires information be given to the candidate about any data collection process used in the recruitment procedure.

In the limited cases seen thus far in French courts, the dispositive issue was whether the employee had an expectation that his or her online post was private correspondence. Court rulings have held that messages disclosed on the public walls of social media sites that can be viewed by “friends of friends” do not qualify as private correspondence. See, Court of Appeal of Reims, 9 June 2011; Court of Appeal of Besancon, Nov. 15, 2011. Therefore, in France, employers can rely on this information to make a termination decision.

UK Developments

Developing social media policy in the United Kingdom is impacting recruitment and hiring, as well as discipline and termination. The initial case law indicates that courts are attempting to apply the same principles to social media as apply to offline information with respect to the employment law landscape. For example, with respect to recruitment, whether an employer carries out manual background checks or looks for electronic information about a candidate, it must comply with several human rights, data privacy and equality laws, as well as guidelines issued in the United Kingdom's Information Commissioner's Employment Practices Code (http://bit.ly/Prul8H).

In terms of discipline and termination, there have been several cases before the UK's employment tribunals arising from employee use of social media and employer reaction to this conduct. Two key considerations have arisen from these cases: whether the employer has a stated policy that prohibits the conduct in question and what is the level of harm caused, if any, to the employer from the employee's conduct. See, Horne, Suzanne and Konstantinou, Eleni, “Social Media and International Employment,” The Employment Law Review (ed. Erika Collins, March 2012) at 20. One example is an employee who was terminated for posting derogatory comments about his employer and its products. See, Crisp v. Apple Retail (unreported). He argued that his dismissal was unfair under the Human Rights Act of 1998. The employment tribunal held that the dismissal was fair because his posts on Facebook could be publicly circulated, and the employer had a right to protect its reputation. Id.

Developments in Argentina

The Labour Contract Law (No. 20,744) governs most labor relationships in Argentina, but does not contain a specific rule on the use of social networks. As such, boundaries are developing out of companies' common practice and case law. In Argentina, employers are permitted to monitor the use of work tools, and consequently may monitor any time spent on social networking sites using the employer's computers, phones or other technology. See, Labour Contract Law No. 20744 (Ley de Contrato de Trabajo) Employers may not, however, intrude on employees' privacy by accessing the content of their personal websites without permission. In addition, although there have been no cases in Argentina to consider how an employee's use of social networking sites in particular affect the employer-employee relationship, the courts have determined a rule regarding the use of e-mail accounts. This rule potentially could be applied by analogy to the use of social networking tools. The Labour Court of Appeals held that in order to avoid generating a false privacy expectation in the employee, companies must have a clear policy about the use of the work tool [e-mail] and communicate this policy to the employee. See, Pereyra, Leandro Ramiro v. Servicio de Almac'n Fiscal Zona Franca y Mandatos, Labour Court of Appeals, Room VII, March 27, 2003. Knowledge of the company's policy is an important factor in disciplining a violation of that policy. Application of the e-mail rule to employee social networking site use similarly could impact the employment relationship because court interpretation of the Labour Contract Law requires that decisions to discipline an employee have just cause and be proportional to the misconduct. See, Labour Contract Law No. 20744, '242.

Similar to EU countries, Argentine social media policy developments are rooted in an emphasis on data privacy. Section I of the Data Protection Law prohibits the disclosure of sensitive data, which includes racial or ethnic origin, political affiliation, religious, moral or political convictions, union activity, and sexual orientation. See, Data Protection Law No. 25326. This law applies to both individuals and companies. Id.

Conclusion

Social networking websites have an increasing impact on the employment cycle. In the United States, state legislatures are beginning to regulate the relationship between employer, employee, and social media use. Based on the NLRB report, employers are cautioned to construct specific workplace policies on social media to ensure that they are not prohibiting protected activity. In the EU, social media law is grounded in an emphasis on data protection and individual privacy. Multinational employers should maintain awareness of growing regulations and implement them into their workplace policies on social networking.

Social media is becoming an increasingly large presence around the world. Facebook, arguably the most popular form of social media, has over 900 million active users. Close to 60% of Facebook's users log into the site daily. It has more than 70 languages available on the site, and approximately 80% of active users are outside the United States and Canada. (www.facebook.com/press/info.php?statistics.)

China has over 310 million users on its most popular social media network, Tencent Weibo, and many millions more on other networks. (See, “Total Weibo Users: Sina vs. Tencent,” China Internet Watch Web Blog, http://bit.ly/UDCS9L.) LinkedIn has 161 million members in over 200 countries and territories, with 60% of members located outside of the United States. (http://press.linkedin.com/about). With so many users, social networking sites are now part of everyday life, including in the workplace. The use of social media can have an impact on nearly every aspect of the employment life cycle, particularly recruitment and hiring, discipline, privacy rights, and termination.

Since social media sites have grown so rapidly, state and federal laws in the United States are just beginning to address their impact on the employment landscape. Seven states have introduced legislation that would prohibit employers from asking applicants for usernames and passwords to social media websites. The National Labor Relations Board (NLRB) has weighed in on the legality of certain provisions of company social media policies that prohibit employees from posting about their employment or using workplace technology in particular ways. Outside of the United States, other countries have started developing social media laws based out of a focus on individual privacy rights and the relationship between employee actions and their effect on employers.

This article summarizes the recent U.S. legislation regarding applicant privacy and the NLRB's social networking and employment policy guidelines. It also analyzes the state of social media and employment law in the EU, particularly France, the United Kingdom and Argentina as examples of law developing outside of the United States. Finally, this article provides recommendations for employers faced with complying with new laws governing the use of social media.

U.S. Developments

Social Media and Privacy

Two of the largest issues in the developing social media and employment landscape are applicant privacy in the hiring process and company social media policy compliance with the National Labor Relations Act (NLRA).

As social networking sites have become places where job applicants present information about themselves, employers have become more interested in seeing those representations before making a hiring decision. Throughout the country, there is evidence that employers are asking prospective employees for social media passwords during the application process, or engaging in the practice of “shoulder surfing,” where an applicant is forced to log onto his or her social media site during an interview.

Both federal and state governments are responding to these practices. In March 2012, Senators Richard Blumenthal (D-CT), and Charles Schumer (D-NY), called on the Equal Employment Opportunity Commission and the Department of Justice to launch a federal investigation into whether employer practices of asking for social media passwords to gain additional personal information about prospective employees violates any federal laws, particularly those related to privacy or discrimination. See, Senator Blumenthal Press Release, “Blumenthal, Schumer: Employer Demands for Facebook and Email Passwords as Precondition for Job Interviews May Be a Violation of Federal Law; Senators Ask Feds to Investigate,” http://1.usa.gov/VpqnKE. Seven states ' Maryland, Illinois, California, Massachusetts, New Jersey, Washington and Minnesota ' introduced legislation that prohibits employers from requesting employees or applicants disclose their personal social media log-in information and prohibits employers from disciplining employees for not providing such information.

In particular, the Maryland and Illinois legislatures passed their respective bills. The Illinois General Assembly passed HB 3782 “Right to Privacy in the Workplace Act” on May 22, 2012 and sent it to the Governor to be signed into law on June 20, 2012. See, Illinois General Assembly Bill Status, http://bit.ly/XhzGjw.

Maryland's governor signed Maryland HB 964 (http://bit.ly/IlUvWq) and the law went into effect in October. HB 964 highlights two protections for job applicants and current employees. First, the act prohibits employers from “requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service.” Second, the act prohibits employers “from taking, or threatening to take, certain disciplinary actions for an employee's refusal to disclose certain password and related information” and “from failing or refusing to hire an applicant as a result of the applicant's refusal to disclose certain password and related information.” Initial public response to these laws has been positive, and other states may follow suit with similar legislation in the future. (See, Comments Section of “Maryland to Ban Employers from Asking for Facebook, Twitter Passwords,” Huffington Post, http://huff.to/UDF2pO.)

Social Media Policies and the NLRA

A second issue evolving in the United States with respect to growing social media use is company policy compliance with the NLRA, particularly '7, which states:

Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3).

The NLRA applies to employees in most private-sector workplaces, and '7 is implicated with respect to company social media policies because there are questions about whether restricting certain types of posts on social networking websites violates the NLRA by chilling employees' freedom of association and organizing rights. Because this area of law is so new, the issue has not been fully developed in the courts. The National Labor Relations Board issued reports in August 2011, January 2012 and May 2012 to provide companies with guidance on what types of provisions are allowable and what types are not. (See, Operations Management Memos from NLRB Acting General Counsel Lafe Solomon, issued Aug. 18, 2011, Jan. 24, 2012 and May 30, 2012, available at http://1.usa.gov/UDFAMy, http://1.usa.gov/VpraLF, and http://1.usa.gov/SiXC3G, respectively.)

According to the January 2012 and May 2012 reports, the key question for employers is whether the company's policy on social media use involves restrictions that “would reasonably tend to chill employees in the exercise of their Section 7 rights.” Lafayette Park Hotel, 326 NLRB 824, 825 (1998), enfd. 203 F.3d 52 (D.C. Cir. 1999). The inquiry for determining if a rule violates the NLRA is twofold (see, Lutheran Heritage Village-Livonia, 343 NLRB 646, 647 (2004)). First, a rule is clearly unlawful if it explicitly restricts '7 protected activities. If the rule does not explicitly restrict protected activities, it will only violate the NLRA upon a showing that:

• Employees would reasonably construe the language to prohibit '7 activity;
• The rule was promulgated in response to union activity; or
• The rule has been applied to restrict the exercise of '7 rights.

Rules that are ambiguous as to their application to protected activities, and contain no limiting language or context that would clarify to employees that the rule does not restrict '7 rights are unlawful. See, University Medical Center, 335 NLRB 1318, 1320-122 (2001) (http://1.usa.gov/TAwikp), enf. denied in pertinent part 335 F.3d 1079 (D.C. Cir. 2003). Although the NLRA makes no specific mention of rules regarding the Internet or social media websites (having been enacted in 1935), its standards for employers apply to company policies about them because the Internet and social networking websites are now a major way that employees communicate with each other.

The NLRB reports offer key insights to employers by evaluating cases that were recently brought to the Board, as well as current social media policies from seven corporations. One case involved a policy that “prohibited employees from making disparaging comments about the company through any media, including online blogs and other electronic media.” Operations Management Memo from NLRB Acting General Counsel, issued Jan. 24, 2012 at pp. 3-4. When an employee of the company posted on her Facebook page that her employer had “messed up” by transferring her to a lower-performing group, she was terminated. The NLRB determined that this company's rule was unlawful because “it would reasonably be construed to restrict Section 7 activity, such as statements that the Employer is, for example, not treating employees fairly or paying them sufficiently.” Id. at 4. The NLRB also found that the employee's termination was unlawful because the evidence supported the conclusion that she was terminated because her posts were contributing to additional discussion among employees about workplace conditions, which is protected. Id. at 5.

The NLRB looked at social media policies from Wal-Mart, Target, General Motors, McKesson, Clearwater Paper, DISH Network and Us Helping Us and found the majority of provisions unlawful because the policies were so overbroad that they could be reasonably construed by employees to chill '7 activities. Operations Management Memo from NLRB Acting General Counsel, issued May 30, 2012. The unlawful provisions included “use technology appropriately,” “online posts must be completely accurate and not misleading,” and “employees are prohibited from releasing confidential guest, team member, or company information.” In contrast, the Board determined that the best policy (Wal-Mart's) was entirely lawful and was “not ambiguous because it provide[d] sufficient examples of prohibited conduct so that, in context, employees would reasonably read the rules to not prohibit protected activity.” Id. at p. 20. As such, companies should be mindful of broad language in their social media policies.

Developments in France

In France, developing social media policies and laws are grounded in a European Union-wide emphasis on personal information privacy. In March 2012, the European Commission introduced an updated Data Protection Regulation (http://bit.ly/S5z3rR). Key features of the update include a strengthened “right to be forgotten” so individuals can force data providers to delete their personal information and a “privacy by default” guiding principle to ensure that information-collecting websites automatically set settings to be as private as possible.

In terms of employment, the use of data derived from social media sites is not regulated by one specific law, but by a combination of recommendations issued by the French Data Privacy Authority (CNIL), an employer's information technology policy, and French case law. Under current case law, information posted on
social media sites is not deemed private, and is therefore not legally protected as private correspondence since it is publicly available. Therefore, potential employers are entitled to look at social media sites so long as the applicant is informed of the information collection process. Article L. 1221-9 of the French Labour Code requires information be given to the candidate about any data collection process used in the recruitment procedure.

In the limited cases seen thus far in French courts, the dispositive issue was whether the employee had an expectation that his or her online post was private correspondence. Court rulings have held that messages disclosed on the public walls of social media sites that can be viewed by “friends of friends” do not qualify as private correspondence. See, Court of Appeal of Reims, 9 June 2011; Court of Appeal of Besancon, Nov. 15, 2011. Therefore, in France, employers can rely on this information to make a termination decision.

UK Developments

Developing social media policy in the United Kingdom is impacting recruitment and hiring, as well as discipline and termination. The initial case law indicates that courts are attempting to apply the same principles to social media as apply to offline information with respect to the employment law landscape. For example, with respect to recruitment, whether an employer carries out manual background checks or looks for electronic information about a candidate, it must comply with several human rights, data privacy and equality laws, as well as guidelines issued in the United Kingdom's Information Commissioner's Employment Practices Code (http://bit.ly/Prul8H).

In terms of discipline and termination, there have been several cases before the UK's employment tribunals arising from employee use of social media and employer reaction to this conduct. Two key considerations have arisen from these cases: whether the employer has a stated policy that prohibits the conduct in question and what is the level of harm caused, if any, to the employer from the employee's conduct. See, Horne, Suzanne and Konstantinou, Eleni, “Social Media and International Employment,” The Employment Law Review (ed. Erika Collins, March 2012) at 20. One example is an employee who was terminated for posting derogatory comments about his employer and its products. See, Crisp v. Apple Retail (unreported). He argued that his dismissal was unfair under the Human Rights Act of 1998. The employment tribunal held that the dismissal was fair because his posts on Facebook could be publicly circulated, and the employer had a right to protect its reputation. Id.

Developments in Argentina

The Labour Contract Law (No. 20,744) governs most labor relationships in Argentina, but does not contain a specific rule on the use of social networks. As such, boundaries are developing out of companies' common practice and case law. In Argentina, employers are permitted to monitor the use of work tools, and consequently may monitor any time spent on social networking sites using the employer's computers, phones or other technology. See, Labour Contract Law No. 20744 (Ley de Contrato de Trabajo) Employers may not, however, intrude on employees' privacy by accessing the content of their personal websites without permission. In addition, although there have been no cases in Argentina to consider how an employee's use of social networking sites in particular affect the employer-employee relationship, the courts have determined a rule regarding the use of e-mail accounts. This rule potentially could be applied by analogy to the use of social networking tools. The Labour Court of Appeals held that in order to avoid generating a false privacy expectation in the employee, companies must have a clear policy about the use of the work tool [e-mail] and communicate this policy to the employee. See, Pereyra, Leandro Ramiro v. Servicio de Almac'n Fiscal Zona Franca y Mandatos, Labour Court of Appeals, Room VII, March 27, 2003. Knowledge of the company's policy is an important factor in disciplining a violation of that policy. Application of the e-mail rule to employee social networking site use similarly could impact the employment relationship because court interpretation of the Labour Contract Law requires that decisions to discipline an employee have just cause and be proportional to the misconduct. See, Labour Contract Law No. 20744, '242.

Similar to EU countries, Argentine social media policy developments are rooted in an emphasis on data privacy. Section I of the Data Protection Law prohibits the disclosure of sensitive data, which includes racial or ethnic origin, political affiliation, religious, moral or political convictions, union activity, and sexual orientation. See, Data Protection Law No. 25326. This law applies to both individuals and companies. Id.

Conclusion

Social networking websites have an increasing impact on the employment cycle. In the United States, state legislatures are beginning to regulate the relationship between employer, employee, and social media use. Based on the NLRB report, employers are cautioned to construct specific workplace policies on social media to ensure that they are not prohibiting protected activity. In the EU, social media law is grounded in an emphasis on data protection and individual privacy. Multinational employers should maintain awareness of growing regulations and implement them into their workplace policies on social networking.