Internet and social media use and misuse

01 March 2017

Updated March 2017

Gives introductory guidance on the legal implications of the increasing use of email, the internet and social media. Covers the risks to employers, privacy rights and staff monitoring, Irish case law, recruitment through social media, harassment and discrimination, and tips for employers. Highlights the need for employers to implement a comprehensive policy regulating the use of IT facilities.

The increasing use of the internet and social media by employees has raised new legal issues in the workplace, especially regarding discipline and the legal liability of an employer for the acts of its employees. This has highlighted the need for employers to implement a comprehensive internet and social media policy regulating the use of IT facilities. Such a policy should be clear, concise, remove any expectation of privacy which might exist in the mind of employees, and provide for the right of an employer to monitor employees’ use of the internet.

Social media use is widespread and employers cannot ignore its presence in the workplace. The most commonly used and most familiar social networking sites include Facebook, Twitter and LinkedIn. The explosion of these new means of communication has thrown up many issues for employers as the distinction between employees’ work and personal lives becomes increasingly blurred and difficult to untangle.

It is not all negative however. There are many advantages for businesses to be gained through the appropriate use of these tools to develop professional contacts and business opportunities. The challenge for businesses however is to balance the positives with the inherent risks and threats that social media also bring.

Key to managing these risks is having a business appropriate internet and social media policy in place. This should form part of the contractual documentation given to all employees on joining and be distributed to existing employees with the instruction that it forms part of their terms and conditions and must be read carefully. Where such a policy does not exist, the employer may be held vicariously liable for any offensive act carried out by employees, including situations where employees were acting outside the scope of their employment.

A major threat that employers are open to is computer viruses. The primary source of computer viruses is the downloading of certain types of files from the internet or attached to emails. Employees may often unwittingly open emails which contain a virus. In order to protect their interests, employers need to take steps to ensure that employees are exercising caution when using email. This can come in the form of formal training at the start of their employment as well as regular updates via email where a new threat may have been flagged by the company's IT department.

Social media can make a company equally as vulnerable through scams and viruses. Social media also poses the risk of reputational issues. Where an employee's social media profile includes a reference to that person's employer, a defamatory statement could (in certain contexts) be construed as a statement that comes from or is endorsed by the employer. Irrespective of whether legal liability applies, it is nonetheless adverse to the interests of any business to allow employees to harm a hard-earned reputation through controversial posts, harassment and disclosure of sensitive information.

In examining the legality of monitoring and surveillance by employers, it is important to acknowledge two competing rights:

  • the implied right of an employee to privacy
  • the right of an employer to protect its legitimate business interests

This area is highly controversial, and there has been little guidance in Ireland on the legality of the monitoring by employers of employees’ email. The European Convention on Human Rights, which was implemented in Ireland by the European Convention on Human Rights Act 2003, appears to suggest that the default position is that an employee is entitled to privacy. The Courts and Tribunals have made it clear that whatever privacy rights exist are not absolute and are subject to the duties of employees to their employers even when social media activity occurs outside work and on their own IT systems, such as their own handheld devices.

There is no legislation in place requiring employers to inform their staff that mail is being intercepted. Nonetheless, where a claim for an invasion of privacy is brought by an employee, an employer may be sued on several grounds:

  • breach of contract
  • breach of individual constitutional rights
  • infringement of the Data Protection Acts 1988 and 2003 (See our factsheet on data protection for more information on this.)
  • infringement of the common law right to personal privacy

Any attempt to introduce a form of covert monitoring or surveillance in the workplace is likely to encounter resistance from trade unions and/or employees. It is, therefore, vital that any monitoring of email and internet usage is done in a fair and reasonable manner. The most effective way of achieving this is by implementing a clearly worded workplace policy.

No policy so dismissal over pornographic emails unfair

One of the earliest cases on the point is Mehigan v Dyflin Publications Limited (2004) in which the Employment Appeals Tribunal (EAT) held that an employee was unfairly dismissed despite having used his employer's email to forward pornographic material to fellow employees. In this case, the Tribunal was heavily influenced by the company’s failure to have a policy highlighting the disciplinary risks of misuse of email and internet facilities. The Tribunal held that the employee had been unfairly dismissed due to the absence of such a policy. However, he had made an enormous contribution to his own dismissal and compensation was restricted to €2,000 plus €2,856.90 in respect of notice.

The Tribunal was keen to point out that there is a duty on employees to act responsibly in using technology. This duty is particularly serious for senior or established employees. The duty is more likely to be breached where there is repeated misuse as opposed to a one-off incident. A clear policy makes it difficult for employees to claim they were unaware of the seriousness of their activity.

While not mentioned by the Tribunal in Mehigan, other consequences of having no policy, aside from the risk of harassment, bullying, defamation and so on, can include the accidental creation of contractual relations or the failure to properly record important transactions and communications.

Dismissal disproportionate for disrespectful comments...

With regards to social media-related disputes in the workplace, one of the earliest cases to come before the Irish Tribunals was Kiernan v A Wear (UD643/2007). Here, the Employment Appeals Tribunal (EAT) had to decide whether the dismissal of an employee for posting disrespectful comments about her manager on the social networking site Bebo was proportionate. One aspect of the employee’s argument was that her posting was private, being a message to her friend. In response, the employer said that the site was linked to the employer’s website. When the employer became aware of the postings, it initiated disciplinary proceedings. A disciplinary meeting was held in accordance with the usual procedures and the employee was subsequently dismissed for gross misconduct.

The employee then initiated unfair dismissal proceedings. The EAT held that, while the company’s disciplinary procedures were fair, the sanction imposed was not. It said that the sanction of dismissal was disproportionate to the offence. The misconduct deserved strong censure but was not gross misconduct. The EAT directed that €4,000 be paid to the employee. This case clearly illustrates that, even if they have a fair and objective disciplinary procedure in place, employers must also ensure that the sanction applied is proportionate to the offence.

Similarly in the case of Walker v Bausch & Lamb (UD179/2008), the dismissal of an employee for posting a comment on the company's intranet site that 500 jobs were to go was held to be disproportionate, particularly as the employee did not seem to be aware of the company's internet policy.

...but not always

In contrast, in the decision of O’Mahony v PJF Insurance Limited (UD933/2010), the EAT found that the posting of derogatory comments by the employee about her employer amounted to a breach of trust justifying her dismissal.

Dismissal for use of social media at work

Another case from the EAT, Jane Loughran v Mullingar Electrical Wholesale Ltd UD1098/2012), saw an award of €7,000 being directed to a marketing assistant for her dismissal for use of social media during the working day. The EAT found that the dismissal was unfair as there was no social media policy in place and was also lacking in procedural fairness as no warnings were given.

Online harassment

The case of McCamley v Dublin Bus (ADE/15/37) addressed the issue of harassment online. In this case, the company's rule prohibiting conduct prejudicial to the reputation and welfare of fellow employees was held to be an effective provision to protect employees from harassment. While the company rule was not an adequate substitute for a well-defined policy against the use of social media as an instrument of harassment, it was nonetheless a comprehensive provision aimed at protecting employees. It was held that the employer could avail of the defence that preventative measures were taken before the occurrence of the offending conduct.

Flawed procedures over offensive post

One of the most recent cases on social media in the workplace is Daly v Donnybrook Fair (UD334/2015). In this case, the employee posted a derogatory statement about his manager following an argument over the phone. He subsequently apologised twice and offered his resignation, but was told to cool off. Following this, he was dismissed with the company considering no other option. In June 2016, the employee was awarded €5,000 from the EAT who determined that although the social media post was offensive and rude, there were inexcusable flaws in the internal disciplinary policies and procedures of the company.

Another aspect of social media which is slowly creeping into the employment sphere is the fact that it may be relied upon as a tool for recruiters and job seekers alike. It is also playing an increasingly important role in how jobs are advertised and candidates are assessed. There is a huge amount of information available in the public domain from social media sites, such as LinkedIn or Facebook, which may be of great interest to recruiting employers and recruitment agencies.

There is no legislation in Ireland that expressly prohibits employers from using information gained from social media sites in the context of a recruitment decision. Recruiting employers, however, need to be in a position to state convincingly that they did not discriminate on the basis of any of the prohibited grounds in the Employment Equality Acts 1998-2015 when making a decision if they have looked at information relating to a candidate’s nationality, age or family status online.

The Employment Equality Acts 1998-2015 provide that an employee is entitled not to be discriminated against or harassed in the course of their employment on nine grounds: gender, civil and family status, sexual orientation, religion, age, disability, membership of the travelling community and race. The Acts define harassment very broadly to include the circulation of written words, pictures or other material which a person may reasonably regard as offensive. Consequently, the circulation of offensive emails or accessing of inappropriate websites in the workplace can constitute harassment.

It is not uncommon for an employee to post negative comments about fellow employees on social media websites. The comments could be offensive, degrading and humiliating to fellow employees. If an employee were to make such comments in the course of employment there is a danger that such comments could constitute bullying or alternatively harassment under the Employment Equality Acts. In such circumstances an employer could be vicariously liable for the actions of the employee. An employer could also risk facing other discrimination claims if employees use information they have obtained from social media sites about other employees as a basis for treating them in a detrimental way.

To minimise liability and also act as a defence, employers should be able to show that they took all reasonable steps to prevent the discrimination or harassment.

In order to meet the challenges presented by the internet and social media, it is strongly recommended that employers put clear policies in place. The policy should have provisions:

  • Setting out the parameters of what IT systems can and cannot be used for.
  • Reminding employees that social media activity may or may not be private. Employees need to be aware that reckless use of social media inside or outside of working hours may have consequences from a disciplinary perspective and any social media policy should be linked to the company's disciplinary and grievance policy.
  • Prohibiting discrimination, harassment or bullying of other employees which could include negative comments about employees posted on social media sites.
  • Prohibiting comments about the employer, its employees or third parties.
  • Prohibiting the disclosure of any confidential information that relates to the employer and/or other employees.
  • Setting out the consequences of a breach of the policy which could include disciplinary action and ultimately dismissal.
  • Training should be provided to employees on conduct that could constitute discrimination, harassment and bullying.
  • It is also important that policies are enforced evenhandedly. There have been a number of recent cases where the Employment Appeals Tribunal (now the Workplace Relations Commission) has found dismissal to be inappropriate because of the selective application of the policy where internet misuse is widespread within an organisation.
  • Policies should also be reviewed and updated regularly to take account of the changing needs of the business.

This factsheet was written by A&L Goodbody, Solicitors, IFSC, North Wall Quay, Dublin 1.

© A&L Goodbody Solicitors. The material is not intended to provide, and does not constitute, legal or any other advice on any particular matter, and is provided for general information purposes only.