· Features

What HR should know about the limits of “spying” on employees

The headlines that the BBC’s director-general Tim Davie has introduced sweeping new guidance on staff’s use of social media and rules on presenters moonlighting for private companies, raise interesting questions on the limits of employers “spying” on their employees.

As the UK state broadcaster, the BBC’s duty of impartiality puts it in a unique position which goes to the heart of its approach here. However, employers wishing to piggy-back off the BBC’s strategy must adopt a more balanced position on the practice of monitoring social media activity outside of the workplace.

Can employers monitor employees’ social media usage?

Yes, and given the proliferation of social media across society many employers may be justifiably concerned about their employees exposing the business to various legal and reputational issues through inappropriate usage – including unauthorised disclosures of confidential information and potential liability for discriminatory or defamatory statements.

This is even more so as tensions grow in a difficult year and as internal controls may be loosened as many work from home during the pandemic.

However, where employers consider setting up social media monitoring, including tracking online behaviour and setting up alerts to track specific comments and discussions taking place outside of work, they will need to factor in the employee’s rights, including their legitimate expectation of privacy and ensure that any such monitoring is proportionate.

Workplace spying:

Workplace monitoring on the rise

Hot topic: Businesses using spyware to monitor productivity

Who monitors those doing the monitoring?

Whether monitoring of communications would be proportionate would depend on several factors, including:

  • Whether the employee has been informed that monitoring might be carried out, its purposes, and how any measures are implemented.
  • The degree of intrusion into the employee’s privacy, weighed against the employer’s legitimate business interests.
  • Whether the employer has provided legitimate business reasons to justify the monitoring of and accessing the content of social media usage.
  • Whether there were any less obtrusive alternative measures achieve the employer’s aim.
  • The consequences of the monitoring for the employee subjected to it e.g. the potential adverse mental health effects of being subjected to invasive monitoring at home.

Employment law issues

The idea of a “spy” snooping on an individual’s social media activity outside of work conjures oppressive undertones and has the potential to cut against positive corporate culture and values.

Where there is not a clear and justified business case for the intrusion into an employee’s private life, it risks undermining the relationship of mutual trust and confidence and may give rise to constructive dismissal claims.

Any policy would need to be implemented in a consistent fashion, otherwise the employer could risk exposure to discrimination and victimisation claims.

Given the employer’s duty to ensure the health and safety of its workforce, we cannot discount the possibility that an employer’s social media policy becomes an aggravating factor for increasing feelings of stress in the workplace. This may negatively impact on morale and employee retention, with employees choosing employers who adopt less draconian measures.

Watch out for the GDPR

Monitoring will involve the processing of personal data and so an employer’s activities in this area would need to be done in compliance with the GDPR, Data Protection Act 2018 and ICO’s Employment Practices Code.

Before an employer embarks on any high-risk data processing activities, it must first carry out a data protection impact assessment to assess the necessity and proportionality of the planned move, consider any alternatives and tell employees about it.

There are real dangers to private employers adopting the BBC’s approach without seeking specific advice on their particular circumstances as this is not straight-forward.

If implemented without fully complying with the GDPR it is likely that the ICO would look at enforcement action, in a similar fashion to H&M who were fined €35.3m in Germany for unlawful employee monitoring in October 2020, being the second largest fine on record to date.

Employers have much to consider in this thorny area and are encouraged to obtain bespoke advice on their particular circumstances in order to best manage the risks associated with employee use of social media.

Daniel Stander, employment Lawyer, Vedder Price LLP