Car parts manufacturer Continental recently decided to ban its workers from using Whatsapp and Snapchat on company devices amid concerns over data security. It said it was worried about these apps being able to access confidential information such as contact details.
Continental has relied on the new requirements of the General Data Protection Regulation (GDPR) which, it states, would require the permission of each individual whose data is processed by social media service providers. But are there other issues to consider when regulating employees’ use of social media in the workplace?
Banning social media
Organisations may choose to impose a blanket ban on accessing social media sites through company or private devices during working time. However, there is still a risk that employees will use social media outside the workplace to the detriment of the organisation by, for example, disclosing confidential information or making inappropriate comments on Facebook or Twitter that could be publicly available and affect the reputation of their employer.
It is possible for employers to take disciplinary action, including dismissal, against employees for acts outside the workplace, whether that be inappropriate social media use, misconduct at a social event or the commission of a criminal offence.
If an employer plans to monitor social media activity this should be done in consultation with employees, and it would need to be prepared to show that the business needs outweigh the adverse effects. In practice routine monitoring might be difficult to justify.
Use of mobile telephones in the workplace
A European Court of Human Rights decision earlier this year held that it was not unlawful to monitor workers’ personal communications during working hours. In this particular case the employer had banned its staff from sending personal messages at work and had warned them that their messages might be checked. However, this case was decided before the implementation of the GDPR.
If employers wish to ban the personal use of mobile telephones at work this should be made clear in policies or a staff handbook. However, such rules can be difficult to enforce, especially when employees use their mobiles for work. There is also often a degree of tolerance towards employees carrying out a minimal level of mobile phone use as long as this does not affect their job. Excessive use of mobile telephones or social media on work devices would be likely to justify disciplinary proceedings.
Employers are entitled to set standards for employees to follow and to take disciplinary action against those who do not comply. Employers must, however, act fairly and reasonably. Using social media to publish offensive or derogatory comments might provide grounds for disciplinary action, depending on exactly what was said.
An employer would have to justify taking a tough line on the use of social media. Continental’s reliance on possible GDPR breaches would need to be supported by evidence of the privacy risks.
Recommendations for employers
Employers should have a clear social media policy to deal with issues of social media-related misconduct.
It is difficult to police the use of social media on private devices and the use of private accounts or platforms such as Whatsapp. Ultimately unless employers replicate the approach taken by Continental they will need to accept that company devices are likely to be used for accessing social media.
Employers may wish to balance the data security risks of allowing use of social media – with the assistance of IT support – against the risks and costs of enforcing a policy that prohibits its use in the workplace or on company devices. Such a rule may be difficult to enforce practically and reduce morale.
Jeremy Coy is an associate at Russell-Cooke