Twitter Logo Youtube Circle Icon LinkedIn Icon

Publishing firms

Legal Developments worldwide

400,000,000 Facebook fans can’t be wrong

July 2010 - Employment. Legal Developments by Mishcon de Reya.

More articles by this firm.

The way we use the internet haschanged. It is no longer merely a digital reference library. As the internet has grown and the amount of information available has expanded, people have developed a new way of accessing this information in a way that is relevant to them. The ‘new’ internet, or ‘Web 2.0’, is a network of relationships where users interact and share knowledge with each other. Virtual friends become the custodians of knowledge, recommending products and services through their blogs and on other social media sites. By seeing what your like-minded friends find interesting, you are better able to decide what information you wish to ‘consume’.

This change has been most evident in the exponential growth in popularity of Facebook. Facebook is now the second most popular site on the internet, after Google. It has around 400 million members and a third of all internet users will visit Facebook each day.

Businesses are realising that, to maintain or establish a competitive edge, they must learn how to harness Web 2.0. However, the Trades Union Congress has recently noted that employers are not yet sure how to respond to the challenges posed by social networking sites. It considers the UK’s Facebook users to be 3.5 million HR accidents waiting to happen. So what could possibly go wrong? In this article, we look at some of the more common pitfalls and discuss ways in which they may be avoided.

Employees’ use of social media

The way in which employers view their workforce’s use of social media varies enormously. Some employers set aside a period during each day where employees are allowed to spend time on social networking, as they consider that this is good for the business. Others ban access to Facebook and similar sites outright. Most operate a ‘fair usage’ policy, where limited personal usage of social media sites is seen as being as acceptable as using the telephone for personal calls or sending personal e-mails.

In each case, though, implementing or restating a suitable usage policy is advisable to ensure staff awareness of the rules. Simply reminding staff of the policy may be sufficient to curb excessive use and informing employees that their internet usage may be monitored is often effective in reducing the amount of time wasted in extended games of online Scrabble.


An employer may be tempted to discover the ‘real’ story behind an applicant by checking that person’s social networking homepages. However, there are several things to consider before doing so.

By visiting a website and by making decisions based on the data contained in that website, an employer could be in danger of breaching its obligations under the Data Protection Act (DPA) 1998, particularly if the applicant’s profile contains sensitive personal data, such as their sexuality or religious or political beliefs.

Employers also run the risk of inadvertently discovering on an applicant’s homepage that they have a ‘protected characteristic’, such as a disability or that they are from an ethnic minority. This could lead to claims of unlawful discrimination from unsuccessful applicants, if that applicant can show that prospective employer was aware of the information.

Employers should carefully consider whether they need to run ‘Facebook checks’. They may decide to limit the checks to certain roles and only run the checks late in the process. If they do so, the applicant should be informed about the employer’s intention to vet to avoid falling foul of data protection legislation. However, this will alert the applicant to the fact that the employer is likely to have obtained information about them that could be relevant in a discrimination claim.

The employer should therefore weighup whether the advantages gained by vetting are worth the potential claimsthat may follow.

Misuse by staff

There have been numerous instances where the internet has been used as a tool in cyber-bullying, where individuals post bullying (and often discriminatory) comments online. Where this happens inthe employment context, the employer could potentially be held vicariously liablefor its employees’ conduct and face significant claims.

The best way of protecting against such claims is to put in place a policy that deals with the conduct, to communicate this policy to employees, to train managers in relation to equal opportunities and harassment issues, and to take appropriate disciplinary action against the perpetrators. If an employer can successfully show that it has taken the above steps to prevent bullying from occurring, this will provide the employer with a complete defence against such a claim.

In addition to cases of cyber-bullying, there have been many cases where employees have been sacked for posting derogatory comments relating to their employer or to the customers of their employer. There have also been several dismissals in circumstances where an employee has given one reason for their absence to their employer (sickness or bereavement) and a very different, and more candid, account online (such as a hangover or unauthorised holiday).

Using and obtaining evidence

While employers may use evidence gained from websites to support decisions they take about staff, employers should be careful how they obtain this information. The privacy settings of social networking sites may make it difficult for an employer to obtain the evidence by chance. They may be given it by the colleague of an employee, in which case that colleague may arguably themselves face liability for breaching the confidence of their ‘friend’.

One way in which evidence may be obtained and abuse of the system may be controlled is through monitoring. If the employer decides to monitor internet usage, this needs to be approached with great care, as unlawful monitoring can result in custodial sentences and large fines. Under DPA 1998, monitoring must be proportionate, communicated to the employee and handled with appropriate technical safeguards. Under the Regulation of Investigatory Powers Act 2000, if an employer chooses to intercept communications in the course of their transmission, this must be done with the employee’s consent. Under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, monitoring is only allowed where it is relevant to the business and for other specific reasons (which include monitoring to ensure that the system is being used appropriately and is operating effectively).

Information leakage

Derek Simpson, joint general secretary of Unite, was in the press recently for his use of Twitter during talks with British Airways. Many viewed his updates of the progress of the talks as inappropriate. Willie Walsh, the CEO of British Airways, said that it undermined his confidence in Simpson’s intentions. This may have contributed to the breakdown in the talks at that time.

We have encountered instances of employees leaking information relating to their business, such as posts relating to the departure of senior members of staff that are made before the company has had an opportunity to announce this properly to its workforce or to the market. It seems that often, offending employees are thoughtless rather than malicious when gossiping online, but the damage to the business can be just as great.

To protect against this, employers should be careful to ensure that employees have entered into robust confidentiality provisions, which prevent them from posting sensitive information on websites and remind them of their obligations.

Data theft

A growing proportion of cases of data theft have involved the misuse of social networking sites. Typically, employees invite some of the business’s customers to be their contacts on sites such as LinkedIn shortly before leaving their employer, thereby retaining links with these customers post employment. This can be as effective as copying the database onto disk or e-mailing it to a private address and is arguably more damaging.

We have obtained injunctions against employees who have misused their employer’s information in this way, butthis process can be made very complicated if the employee has an account undera pseudonym and the service providers of the websites are based in other jurisdictions.

What steps should employers take?

Employers need to put in place well-thought-out usage policies that clearly express an employer’s expectations. They should ensure that their contracts contain sensible confidentiality provisions, and robust and enforceable restrictive covenants. If employers decide to allow employees access to social networking sites, but are concerned that their employees may use them other than purely for networking purposes, they should consider requiring employees to set up work-only accounts, which they relinquish on termination of their employment.

Above all, employers need to recognise that the way in which the web is being used has changed. As with all significant technological advances, employers need to take steps to keep up with the changes.

By Will Winch, solicitor, Mischon de Reya.

FActs and figures

  • Almost a third of all internet usersuse Facebook for around 30 minutes each day.
  • Around 500 billion minutes per month are spent on Facebook.
  • It is estimated that around 25% of all adults will publish a blog or upload video or audio onto a social media site.