Social Networks and Workplace Risk: Classroom Scenarios from a U.S. and EU Perspective

• Author: Nancy R. Mansfield,Perry Binder
• Published date: 01 March 2013
• DOI: http://doi.org/10.1111/j.1744-1722.2013.01113.x
• Date: 01 March 2013

Journal of Legal Studies Education

Volume 30, Issue 1, 1–44, Winter/Spring 2013

Social Networks and Workplace Risk:

Classroom Scenarios from a U.S.

and EU Perspective

Perry Binder∗and Nancy R. Mansfield∗∗

Introduction

The explosion of social networks and the growing concern over privacy in

the digital age—both in the United States and Europe—have provided an

opportunity to introduce students to the legal risks of using social media in

the workplace. In general, the U.S. legal system views privacy as a legal right,

while member states of the European Union (EU) view privacy as a human

right.1In fact, the EU Directive on Data Protection of 19952mandates that

each EU member state create a Data Protection Authority to protect each

citizen’s privacy rights and investigate breaches. However, novel transborder

legal issues have complicated protection of privacy rights in the twenty-first

century, as EU nations attempt to balance cherished privacy with the free

speech evidenced on U.S.-based social networks.

For example, in February 2012, British soccer player Ryan Giggs agreed

to lift a social media anonymity injunction in a hearing at the UK High Court

∗Assistant Professor of Legal Studies, Georgia State University.

∗∗Professor of Legal Studies, Georgia State University.

1Bob Sullivan, ‘La difference’ Is Stark in EU, U.S. Privacy Laws,MSNBC.com, Oct. 19, 2006, http://

www.msnbc.msn.com/id/15221111/ns/technology_and_science-privacy_lost/t/la-difference-

stark-eu-us-privacy-laws.

21995 O.J. (L 281) (Council Directive 1995/46/EC on the protection of individuals with regard

to the processing of personal data and on the free movement of such data), available at http://

eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML (last vis-

ited Oct. 23, 2012).

C2013 The Authors

Journal of Legal Studies Education C2013 Academy of Legal Studies in Business

1

2 Vol. 30 / The Journal of Legal Studies Education

of Justice (High Court) in London.3The court had issued a superinjunction4

to prevent media outlets from reporting on his identity and alleged affair

with a reality television star. Predictably, thousands of Twitter users ignored

the injunction and anonymously posted the player’s identity online. Giggs

obtained an order from the High Court directing Twitter to turn over the

identities of these anonymous users. Twitter refused, arguing that as a U.S.

company, it is protected by the Communications Decency Act.5In an effort

to preserve British privacy laws, the High Court’s senior judge issued a report

stating that persons who ignore injunctions by posting online could be liable:

“Are we really going to say that somebody who has a true claim for privacy,

perfectly well made, which the newspapers and media can’t report, has to

be at the mercy of somebody using modern technology?”6This high-profile

case serves as a touchstone for the risks surrounding social networks and

workplace privacy.

While directives protect online privacy rights of citizens in EU nations,

companies may still under some circumstances fire employees for inappro-

priate use of social media in the workplace.7These firings illustrate that each

3Josh Halliday, Ryan Giggs Named in Court for First Time as Footballer Behind Injunction,

Guardian, Feb. 21, 2012, available at http://www.guardian.co.uk/media/2012/feb/21/ryan-

giggs-named-court-injunction.

4A superinjunction is “a stringent and controversial British legal measure that prevents me-

dia outlets from identifying [litigants such as Giggs], reporting on the story or even from

revealing the existence of the court order itself.” Claire Cain Miller & Raqvi Somaiya, Free

Speech on Twitter Faces Test,N.Y. Times, May 22, 2011, available at http://www.nytimes.com/

2011/05/23/technology/23twitter.html?pagewanted=all.

5Id.; Communications Decency Act of 1996, 47 U.S.C. § 230 (1998). It is a matter of debate

whether Twitter may be compelled to turn over its anonymous users to the United Kingdom, but

the debate has become more focused now that Twitter, Inc. opened its European headquarters

in London. For a brief discussion of the issues involved, see the Conclusion of this article.

6Miller & Somaiya, supra note 4. EU member nations have enacted directives and laws to ensure

privacy (see infra Part II of this article), but global social networks have complicated the privacy

enforcement landscape. In a March 2011 speech to the European parliament, the EU justice com-

missioner, Viviane Reding, warned social media providers, like Facebook, that a “US-based social

network company that has millions of active users in Europe needs to comply with EU rules.” Matt

Warman, Online Right ‘to Be Forgotten’ Confirmed by EU,The Telegraph, Mar. 17, 2011, available

at http://www.telegraph.co.uk/technology/internet/8388033/Online-right-to-be-forgotten-

confirmed-by-EU.html.

7See infra notes 19-21 and accompanying text.

2013 / Social Networks and Workplace Risk 3

of the twenty-seven EU nations is free to apply the directives as it deems

appropriate, allowing for wide variation among the nations.8Furthermore,

private EU employers may implement enforceable internal policies against

inappropriate use9of social networks. In effect, the application of the laws

of individual EU nations is analogous to the application of different em-

ployment laws by each of the fifty states in the United States,10 where em-

ployees may be an employee-at-will in one state while having greater rights in

another.11

The privacy problem is not going away because rapid changes in tech-

nology in the twenty-first century have blurred the lines between the private

and work lives of employees, especially with respect to employees engaged

in social networking, even off the clock on home computers.12 Workers have

8Gerda Falkner et al., Complying with Europe: EU Harmonisation and Soft Law in the

Member States (2005).

9Inappropriate use may be defined differently for each EU organization. However, the Eu-

ropean Commission’s social media policy directs employees to respect “objectivity, impar-

tiality, loyalty to the institution, discretion, and circumspection” when involved in social

media. European Commission, Guidelines for All Staff on the Use of Social Media,available at

http://ec.europa.eu/ipg/docs/guidelines_social_media_en.pdf (last visited Aug. 30, 2012).

10Sullivan, supra note 1.

11See infra notes 40-51.

12Anthony J. Oncidi & David Gross, Blackberries on the Beach: A Ripening Concern for Employers,

51 Orange County Lawyer 10 (Jan. 2009). See also Robert Sprague, Invasion of the Social

Networks: Blurring the Line Between Personal Life and the Employment Relationship,50U. Louisville

L. Rev. 1 (2011). In 2011, a full-time teacher’s aide in Michigan was fired when she refused

a “non-negotiable request” for her Facebook password, “after she posted a picture of a

co-worker with her pants around her ankles, with the caption, ‘Thinking of you’.” Helen

Popkin, Failing to Provide Facebook [sic] Password Gets Teacher’sAide Fired,NBCNews.com,available

at http://www.nbcnews.com/technology/technolog/failing-provide-facebook-password-gets-

teachers-aide-fired-642699 (last visited Oct. 22, 2012). The aide described her post as “very mild,

no pornography” and as a gag posted during her off time. In summer 2012, Illinois and Maryland

passed laws banning employers from asking for social media log ins. Jayson Keyser, Illinois Facebook

Password Law Bars Employers from Asking for Social Media Logins,Huffington Post, Aug. 1, 2012,

http://www.huffingtonpost.com/2012/08/01/illinois-facebook-passwor_0_n_1730396.html.

The Illinois law “protects both current employees and prospective hires. But the legislation,

which takes effect Jan. 1, [2013] does not stop bosses from viewing information that isn’t

restricted by privacy settings on a website. Employers are also free to set workplace policies on the

use of the Internet, social networking sites and email.” Id. In September 2012, California passed

laws preventing universities and employers “from demanding user names and passwords from

employees and job applicants. The restriction does not apply to passwords or information used