Social Enterprise

Monitoring or snooping? When employers' social media checks cross the line

Some employers might decide it's essential to monitor the use of social media by employees and potential hires to manage certain risks. But that decision carries its own dangers.

Monitoring employees' use of social media may be essential but it can create its own risks if it is done wrong. Photo: Shutterstock

There have been some high-profile reports about US businesses requiring job applicants to hand over Facebook logins so employers can collect candidate information from the social media site before making a recruitment decision.

This practice has caused a storm in the US, but it's not yet commonplace in Europe - and there are a number of reasons why UK employers might not want to follow suit.

1. Data protection law

According to UK data watchdog the Information Commissioner, the practice breaches the Data Protection Act provisions that prohibit organisations from holding excessive information about an individual.

2. Discrimination risk

It could also put an organisation at risk of discrimination allegations if the employer discovers and rejects the job applicant because of information about, for example, sexual orientation, religion, belief or age.

3. Litigation

Constructive dismissal litigation could result where login details are handed over for recruitment vetting but the employer later accesses the Facebook account for other purposes.

Although requiring login details to gain access to a job applicant's Facebook account seems heavy-handed, there are a number of legal risks inherent in employee use and misuse of social media, which make it important for employers to know what their staff are up to online.

For example, an organisation's reputation or brand might be damaged by an employee posting derogatory comments or controversial opinions. Confidential information might be deliberately or inadvertently disclosed. An employer can be held liable for an employee's cyber-bullying. There can also be significant loss of productivity when employees spend excessive time at work on social media sites.

On the one hand, monitoring employees' use of social media is essential for a business to be able to control these risks. On the other, such monitoring can create its own risks if it is done in the wrong way or for the wrong reasons.

Any monitoring must not intrude into employees' private lives, breach their data security or interfere with the trust and confidence which lies at the heart of the employment relationship. A crucial issue is that employees must be aware of the methods and extent of the monitoring that their employer is carrying out.

In terms of monitoring social media profiles during the recruitment process, the Information Commissioner's guidance is that "vetting" should only be used where a recruitment decision imports significant risks to the employer, clients, customers or others and there is no alternative available.

Trawling social media sites to sift applicants is, in reality, a form of vetting and, to avoid comeback, employers should make sure they give clear guidance to managers about how social media can and cannot be used in recruitment.

Monitoring sites visited and time spent on social media in working hours will rarely be contentious, provided employees have been informed that their usage will be monitored and the reasons for doing so. Monitoring content, however, is more intrusive and will require tighter safeguards.

Employees' work-related use of social media can be monitored provided that data protection principles are complied with and, as part of this process, it will be important to consider if there are less intrusive alternatives.

The really tricky area is monitoring an employee's personal social media activity. The courts' attitude to this issue so far remains largely untested but what is clear is that the key to effective legal monitoring and control of social media usage is a well-drafted, and business specific, social media policy. This policy should include

  • Rules on social media activity during working hours.
  • Rules on use of personal social media accounts.
  • The dos and don'ts of social media, including a reminder that social media activity is not necessarily private and the employer may discipline for inappropriate activity that breaches the policy whether work-related or personal, inside or outside the workplace and on personal or company IT equipment.
  • An explanation that the organisation monitors social media use and how and for what purposes this monitoring is carried out.


Kate Hodgkiss is a partner in DLA Piper's Employment, Pensions & Benefits practice. She advises on all aspects of employment law, encompassing practical advice and support on day-to-day issues, together with advice on major reorganisations and strate...


My take in this that while employers should respect the privacy of their employees, they have a reputation to maintain for their business. I think that maybe it is better off that during work hours there should be limit on Facebook activities at work and that employers should not have access to their employees social networking stuff and try to use it to discriminate them in the work place. Anyone that tries to monitor the information should take responsibility to maintain the anonymity of the person or people involved in the incident. Now you work at sensitive organizations say like top-secret government branch for example, I think you as the individual should realize that certain rights do not apply and that you surrender ALL privacy in the name of national security. However, this is an extreme case. A good compromise is that if you maintain a responsible composure in the workplace, you must also practice the same responsible composure outside the workplace. That said, with the distribution of the internet at the speed of light, you never know what personal and private information can emerge, and the consequences could be regrettable and problematic. When in doubt, post little information of yourself and activities and try to keep a low mild manner profile. This ensures the professionalism in the workplace.


I would relish the opportunity to decline any such request, and make it very public about who demanded such information. I would also suggest that if you are put in that situation, your reaction should be to shout down the requestor and run screaming through the office, jumping on and over tables and tipping over various appliances. This would have the effect of discouraging future questioning of this type if this reaction were expected from ALL. LOL


Any candidate that would be prepared to give me one of their logins during an interview would be shown the door immediately.

HAL 9000
HAL 9000 moderator

Currently I'm even happier that I don't live in the US as it now appears that if you are silly enough to work for a Boss, which in reality most of us are, apparently somehow in the US you give away all your rights to any sort of Private Life and accept that whoever you work for should have control over what you say and do. I really though that [b]Slavery[/b] had been outlawed even in the US but apparently I was wrong and it's alive and well there. Now all I have to do is start a movement to bring in Trade Restrictions on any company who deals with US interests or companies. Seems that Zukky has brought back to light this discussing practice and all US Business are only too willing to go along for the free ride and turn their staff into brain dead zombies. I now think I better understand the[b]" American Fetish"[/b] with Zombies as they accept that most of them are already one of the Undead and are just wanting to watch movies/read books of what the others get up to so that they feel better in themselves. ;) Col


They identify themselves as your employee. By actively stalking employee facebook pages you may end up creating a problem where none exists... That is, by looking at all of their pages and relying on your HR staff to decide what's "okay" or not. Your staff has a right to live a semi-private life among their friends without you spying on their every wall-post on Facebook... Have them sign something that says if there's a problem brought to our attention, you'll be terminated, and If there's a problem, deal with it. Otherwise? Unless "something happens" that needs to be addressed, the best policy is to ignore your employees' social media pages because of the massive risk of litigation it opens you up to. Suddenly, you can find out things that you're not entitled to use to make hiring/firing decisions--but if the person who loses his job finds out you've been stalking his profile, his attorney may decide that's "evidence" that you really fired him over that picture of him kissing another guy or participating in a non-mainstream religion.

Editor's Picks