To Post, or Not to Post – That Is the Question: Employee Monitoring and Employees’ Right to Data Protection
Roč.11,č.2(2017)
Nowadays social media have a growing importance in several areas of our lives. They are used for numerous objectives: self-expression, keeping in touch with acquaintances, communication or obtaining information about the latest events and news. During their use the individual shares a significant amount of personal data. This conduct can have serious implications for employment. The (prospective) employer is interested in the surveillance of these sites for several reasons, as he/she can easily gain insight into the individual’s private life and obtain, without costs, detailed information about him/her. The legal problem arising is that the employee’s fundamental rights – namely the right to privacy and the right to data protection – collide with the employer’s legitimate interests.
The aim of the paper is to highlight the different rights and interests present on the two sides of the parties in the employment relationship; focusing on the employee’s right to data protection and on the employer’s legitimate interests in monitoring employees. As a result of the paper, I will draw attention to the legal problems lying behind social network background checks and monitoring. I will provide recommendations on how users and employers can continue using these sites while still preserving privacy.
Privacy; Data Protection; Social Network Sites; Employment Law; Employee Monitoring
p. 185–214
Adrienn Lukács
University of Szeged (Hungary) and University Paris 1 Panthéon Sorbonne (France)
[1] 30th International Conference of Data Protection and Privacy Commissioners (2008), Resolution on Privacy Protection in Social Network Services. Strasbourg, 17 October 2008.
[2] Abril, P. S., Levin, A. and Del Riego, A. (2012) Blurred Boundaries: Social Media Privacy and the Twenty-First-Century Employee. American Business Law Journal, 49 (1), pp. 63–124. https://doi.org/10.1111/j.1744-1714.2011.01127.x
[3] Anderson, D. R. (2011) Restricting Social Graces: The Implications of Social Media for Restrictive Covenants in Employment Contracts. Ohio State Law Journal, 72 (4), pp. 881–908.
[4] Article 29 Data Protection Working Party (2001) Opinion 8/2001 on the Processing of Personal Data in the Employment Context, 5062/01/EN/Final WP 48, 13 September.
[5] Article 29 Data Protection Working Party (2002) Working document on the surveillance of electronic communications in the workplace, 5401/01/EN/Final WP 55, 29 May.
[6] Balogh, Zs. Gy., Polyák, G., Rátai, B. and Szőke, G. L. (2012) Munkahelyi adatvédelem a gyakorlatban. Infokommunikáció és Jog, 9 (3), pp. 95–104.
[7] Barbera v. Sté Alten Sir. (2010) Application no. 10/00853. Conseil de Prud’hommes de Boulogne-Billancourt, 19 November.
[8] Bărbulescu v. Romania. (2016) Application no. 61496/08. European Court of Human Rights, 12 January.
[9] Boyd, D. M. and Ellison, N. B. (2008) Social Network Sites: Definition, History and Scholarship. Journal of Computer Mediated Communication, 13 (1), pp. 210–230. https://doi.org/10.1111/j.1083-6101.2007.00393.x
[10] Byrnside, I. (2008) Six Clicks of Separation: The Legal Ramifications of Employers Using Social Networking Sites to Research Applicants. Vanderbilt Journal of Entertainment and Technology Law, 10 (2), pp. 445–477.
[11] Clark, L. A. and Roberts, S. J. (2010) Employer’s Use of Social Networking Sites. A Socially Irresponsible Practice. Journal of Business Ethics, 95 (4), pp. 507–525. https://doi.org/10.1007/s10551-010-0436-y
[12] Clifford, S. (2009) Video Prank at Domino’s Taints Brand. [online] The New York Times. Available from: http://www.nytimes.com/2009/04/16/business/media/16dominos.html [Accessed 10 November 2016].
[13] CNIL (2011) Maîtriser les informations publiées sur les réseaux sociaux. [online] 10 January 2011. Available from: https://www.cnil.fr/fr/maitriser-les-informations-publiees-sur-les-reseaux-sociaux [Accessed 26 February 2017].
[14] CNIL (2011) L'e-réputation en questions. [online] 24 August 2011. Available from: https://www.cnil.fr/fr/le-reputation-en-questions-0 [Accessed 24 January 2017].
[15] Council of Europe (2012) Recommendation CM/Rec(2012)4 of the Committee of Ministers to Member States on the Protection of Human Rights with Regard to Social Networking Services. CM/Rec(2012)4, 4 April 2012.
[16] Cseh, G. (2013) A közösségi portálok árnyoldalai. Infokommunikáció és jog, 10 (2), pp. 90–95.
[17] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data. Official Journal of the European Union. (1995: L 281) 23 November. Available from: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:1995: 281:FULL &from=EN [Accessed 4 May 2017].
[18] Distribution of active Facebook users worldwide as of 4th quarter 2014, by age. [online] Statista. Available from: https://www.statista.com/statistics/376128/facebook-global-user-age-distribution/ [Accessed 17 January 2017].
[19] Engler, P. and Tanoury, P. (2007) Employers Use of Facebook in Recruiting. In: Dan McIntosh, Ralph Drabic, Kristina Huber, Igor Vinogradov and Michael Bassick (eds.), The Ethical Imperative in the Context of Evolving Technologies. University of Colorado Leeds School of Business. Available from: http://www.ethicapublishing.com/ethicalimperative.pdf [Accessed 13 July 2016], pp. 61–74.
[20] Falque-Pierrotin, I. (2012) La Constitution et l’Internet. Les Nouveaux Cahiers du Conseil Constitutionnel, (36, June), pp 31–44. https://doi.org/10.3917/nccc.036.0031
[21] Fried, C. (1968) Privacy. The Yale Law Journal, 77 (3), pp. 475–493.
[22] Gellert, R. and Gutwirth, S. (2013) The legal construction of privacy and data protection. Computer Law and Security Review, 29 (5), pp. 522–530. https://doi.org/10.1016/j.clsr.2013.07.005
[23] González Fuster, G. and Gutwirth, S. (2008) Privacy 2.0? Revue du droit des Technologies de l’Information, (32), p. 351–361.
[24] Grimmelmann, J. (2009) Saving Facebook. Iowa Law Review, 94 (4), pp. 1137–1206.
[25] Hajdú, J. (2005) A munkavállalók személyiségi jogainak védelme. Szeged: Pólay Elemér Alapítvány.
[26] Herbert, W. A. (2011) Workplace Consequences of Electronic Exhibition and Voyeurism. IEEE Technology and Society Magazine, 30 (3), pp. 25–33. https://doi.org/10.1109/MTS.2011.942310
[27] Hornung, G. and Schnabel, C. (2009) Data protection in Germany I: The population census decision and the right to informational self-determination. Computer Law and Security Review, 25 (1), pp. 84–88. https://doi.org/10.1016/j.clsr.2008.11.002
[28] Hungarian National Authority for Data Protection and Freedom of Information (2016) case NAIH/2016/4386/2/V., August.
[29] Information Commissioner’s Office (2011) The Employment Practices Code. Available from: https://ico.org.uk/media/for-organisations/documents/1064/the_employment_practices_code.pdf [Accessed 1 February 2017].
[30] International Working Group on Data Protection in Telecommunications (2008) Report and Guidance on Privacy in Social Network Services “Rome Memorandum”, 3-4 March. Rome, Italy, 675.36.5., Available from: http://www.datenschutz-berlin.de/attachments/461/WP_ social_network_services.pdf [Accessed 26 May 2017].
[31] Jóri, A. (2009) Az adatvédelmi jog generációi és egy második generációs szabályozás részletes elemzése. Ph.D. Pécsi Tudományegyetem, Állam- és Jogtudományi Kar Doktori Iskola.
[32] Kajtár, E. (2015) Till Facebook Do Us Part? Social Networking Sites and the Employment Relationship. Acta Juridica Hungarica, 56 (4), pp. 268–280. https://doi.org/10.1556/026.2015.56.4.3
[33] Kajtár, E. and Mestre, B. (2016) Social Networks and Employees’ Right to Privacy in the Pre-employment Stage: Some Comparative Remarks and Interrogations. Hungarian Labour Law E-journal, (1), pp. 22–39.
[34] Kokott, J. and Sobotta, C. (2013) The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR. International Data Privacy Law, 3 (4), pp. 222–228. https://doi.org/10.1093/idpl/ipt017
[35] List of social networking websites. [online] Wikipedia. Available from: https://en.wikipedia.org/wiki/List_of_social_networking_websites [Accessed 09 November 2016].
[36] Lukács, A. (2016) What is Privacy? The History and Definition of Privacy. In: Keresztes, Gábor. (ed.): Tavaszi Szél 2016 Tanulmánykötet I, Budapest, 15-17 April. Budapest: Doktoranduszok Országos Szövetsége, pp. 256–265. Available from: http://www.dosz.hu/dokumentumfile/TSZ_I_kotet_161114_574o.pdf [Accessed 4 May 2017].
[37] Manant, M., Pajak, S. and Soulié, N. (2014) Online social networks and hiring: a field experiment on the French labor market. [in press] Munich Personal RePEc Archive. Available from: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2458468 [Accessed 2 February 2017].
[38] Mayer-Schönberger, V. (2011) Delete – The Virtue of Forgetting in the Digital Age. Princeton and Oxford: Princeton University Press.
[39] Mikkelson, K. (2010) Cybervetting and Monitoring Employees’ Online Activities: Assessing the Legal Risks for Employers. The Public Lawyer, 18 (2), pp. 3–7.
[40] Miller, S. and Weckert, J. (2000) Privacy, the Workplace and the Internet. Journal of Business Ethics, 28 (3), pp. 255–265. https://doi.org/10.1023/A:1006232417265
[41] Nivelles, V. (2014) Les entreprises à l’épreuve des réseaux sociaux. Jurisprudence Sociale Lamy, (377–378, 23 December 2014), pp. 9–13.
[42] Number of monthly active Facebook users worldwide as of 3rd quarter 2016 (in millions). [online] Statista. Available from: https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/ [Accessed 17 January 2017].
[43] Oppenheim, R. (2013) High School Teacher Files an Appeal in Case of Social Media Related Resignation. [online] California Business Litigation Blog. Available from: https://www. californiabusinesslitigation.com/2013/05/high_school_teacher_files_an_a.html [Accessed 4 May 2017].
[44] Park, S. (2014) Employee Internet Privacy: A Proposed Act that Balances Legitimate Employer Rights and Employee Privacy. American Business Law Journal, 51 (4), pp. 779–841. https://doi.org/10.1111/ablj.12039
[45] Peebles, K. A. (2012) Negligent Hiring and the Information Age: How State Legislatures Can Save Employers from Inevitable Liability. William and Mary Law Review, 53 (4), pp. 1397–1433.
[46] Persson, A. J. and Hansson, S. O. (2003) Privacy at Work – Ethical Criteria. Journal of Business Ethics, 42 (1), pp. 59–70. https://doi.org/10.1023/A:1021600419449
[47] Péterfalvi, A. (ed.) (2012) Adatvédelem és információszabadság a mindennapokban. Budapest: HVG-ORAC.
[48] Pietrylo v. Hillstone Restaurant Group. (2009) Civil Case No. 06–5754 (FSH). United States District Court, D. New Jersey, 25 September.
[49] Posner, R. A. (1978) The Right of Privacy. Georgia Law Review, 12 (3), pp. 393–422.
[50] Proskauer Rose LLP. (2014) Social Media in the Workplace. Around the World 3.0. 2013/14 survey. Available from: http://www.proskauer.com/files/uploads/social-media-in-the-workplace-2014.pdf [Accessed 2 February 2017].
[51] Purtova, N. (2010) Private Law Solutions in European Data Protection: Relationship to Privacy, and Waiver of Data Protection Rights. Netherlands Quarterly of Human Rights, 28 (2), pp. 179–198. https://doi.org/10.1177/016934411002800203
[52] Ray, J.-E. (2011) Facebook, le salarié et l’employeur. Droit Social, (2), pp. 128–140.
[53] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) Official Journal of the European Union. (2016: L 119) 4 May. Available from: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN [Accessed 4 May 2017].
[54] Sanders, S. D. (2012) Privacy is Dead: The Birth of Social Media Background Checks. Southern University Law Review, 39 (2), pp. 243–264.
[55] Smith, W. P. and Kidder, D. L. (2010) You’ve been tagged! (Then again, maybe not): Employers and Facebook. Business Horizons, 53 (5), pp. 491–499. https://doi.org/10.1016/j.bushor.2010.04.004
[56] Sprague, R. (2007) From Taylorism to the Omnipticon: Expanding Employee Surveillance Beyond the Workplace. The John Marshall Journal of Information Technology & Privacy Law, 25 (1), pp. 1–36.
[57] Sprague, R. (2011) Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship. University of Louisville Law Review, 50 (1), pp. 1–34.
[58] Szabó, M. D. (2005) Kísérlet a privacy fogalmának meghatározására a magyar jogrendszer fogalmaival. Információs Társadalom, 5 (2), pp. 44–54.
[59] Tenenbaum, J. M. (2012) Posting Yourself Out of a Posting: Using Social Networks to Screen Job Applicants in America and Germany. [pre-print]. Available from: https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID2062462_code1805294.pdf?abstractid=2020477&mirid=1 [Accessed 14 July 2016].
[60] Van Eecke, P. and Truyens, M. (2010) Privacy and social networks. Computer Law and Security Review, 26 (5), pp. 535–546. https://doi.org/10.1016/j.clsr.2010.07.006
[61] Warren, M. and Pedowitz, A. (2011) Social Media, Trade Secrets, Duties of Loyalty, Restrictive Covenants and Yes, the Sky is Falling. Hofstra Labor and Employment Law Journal, 29 (1), pp. 99–113.
[62] Warren, S. D. and Brandeis, L. D. (1890) The Right to Privacy. Harvard Law Review, 4 (5), pp. 193–220. https://doi.org/10.2307/1321160
[63] Westin, A. F. (2003) Social and Political Dimensions of Privacy. Journal of Social Issues, 59 (2), pp. 431–453. https://doi.org/10.1111/1540-4560.00072
Copyright © 2017 Masaryk University Journal of Law and Technology