Paul Holcroft, Associate Director at HR consultancy Croner explains whether employers can legally monitor an employee’s social media and what they need to be wary of
As the number of employee dismissals would testify, criticism of the company, bosses, and customers and the sharing of confidential or inappropriate information on social media have become all too common occurrences. Whether it’s Instagram, Facebook or Twitter, social media is an inescapable part of modern life and in turn the modern workplace. These platforms give individuals free rein to post whatever they like, from celebrating a major life event to sharing their views on the latest Brexit and Love Island developments.
Sometimes a social media post made by one of your employees can cross the line and cause offence. As an employer, it’s important to remember you have a reputation to uphold and the way employees conduct themselves online could reflect negatively on your business. So can you legally monitor an employee’s social media?
There is nothing in the law which specifically prevents you from reviewing an employee’s social media activity and many employers opt to do this to prevent a situation where employees bring the company into disrepute.
Providing you have appropriate measures in place on social media activity, you will be able to take action if employees make disparaging remarks or share confidential information relating to the organisation online. You may also be able to do the same if they make discriminatory remarks or express offensive viewpoints. A number of disciplinary options will be available, ranging from a warning to dismissal.
However, consider that to dismiss an employee for bringing the company into disrepute you will need to demonstrate that their actions caused, or were likely to cause, significant damage to your organisation. A recent example of this is the sacking of BBC Radio 5 Live presenter Danny Baker by the BBC after tweeting a ‘racist’ joke about the Duke and Duchess of Sussex’s son Archie.
Some employees may try to argue that monitoring their social media activity represents a breach of the General Data Protection Regulation (GDPR). However, any arguments are unlikely to be warranted provided that you have a lawful basis for processing the data and that any information is non-excessive and relevant to the task in question. Consider that it may not be appropriate to delve back years into an employee’s Facebook posts to uncover something controversial that is not relevant to their continued employment with your organisation.
However, this year we have seen a number of high profile figures being sacked by their employer for comments they made on social media in the past. Most recently, an actress from Emmerdale was sacked after the discovery of a series of offensive social posts made several years ago.
Many employers may choose to review an individual’s social media profiles to vet applicants as part of their standard recruitment procedure. The same principle applies here when it comes to GDPR and you will need to ensure you can demonstrate a lawful basis for processing any personal data.
It is also worth noting that information derived from social media should not be used as the primary basis for deciding on job offers and that refusing employment to someone for an unlawful reason, such as discovering their religious views, may result in a discrimination claim. Even where these choices are not deliberate, unconscious bias can also influence decision making and you should ensure hiring decisions are based on skills and experience as opposed to other discriminatory factors.
Rules around monitoring an employee’s social media activity can be difficult to interpret and you will need to give consideration to the information you find online and how this influences your decision making at work. Keep in mind that staff are entitled to a private life away from work, however, you will have scope to take action where their behaviour poses a risk to your business.
Editor's Recommended Articles
Must Read >> Why employees are your biggest cyber security risk