Friday, September 23, 2011

USA: Developments in Social Media Law in the US, Canada, and the European Union

By Robert B. Fitzpatrick, Partner, Robert B. Fitzpatrick PLLC, Washington DC

I. The United States – “Facebook Firings”

The NLRB and “Facebook Firings”

Since President Obama’s appointees to the National Labor Relations Board constitute a majority, the NLRB has taken an aggressive approach to employer work rules and policies which, in the NLRB’s view, restrict employees’ in the exercise of protected concerted activity on social media sites. In tandem with this aggressive approach to enforcement, the NLRB has advanced a very broad view of when employees’ social media activity constitutes “protected concerted activity.”
The NLRB’s recent behavior and statements all point toward a continuation and perhaps even an intensification of this trend. In August of 2011, the U.S. Chamber of Commerce completed a report analyzing the NLRB’s actions in cases related to social media. In the introduction to the report, the Chamber discusses the NLRB’s focus on this issue, noting that:

[T]he NLRB has reviewed more than 129 cases involving social media in some way…[t]here are at least seven settlement agreements involving social media cases and the Board’s General Counsel has issued complaints in an additional four cases. The General Counsel has also issued ten memoranda involving social media, eight of which are opinions from the Division of Advice. “A Survey of Social Media Issues Before the NLRB”, U.S. Chamber of Commerce, August 5, 2011 (online at

The Chamber’s review also revealed that the employer social media policies are the most common issue in NLRB actions. Despite the plethora of actions, however, there currently exists very little concrete guidance for employers on their obligations in this area.

On August 18, 2011, the NLRB published a Report of the Acting General Counsel Concerning Social Media Cases. Anne Purcell, “Report of the Acting General Counsel Concerning Social Media Cases”, Office of the General Counsel, Division of Operations-Management, Mem. OM 11-74 (August 18, 2011) ( This report described selected NLRB actions related to social media. Among the common features of the actions were that the employee conversations, however offensive, occurred in a broader context of a discussion relating to working conditions. Id. Another common feature was that the posts all involved discussions between multiple employees, either online or offline, even if the online post did not result in a discussion. Id. A third common element was the lack of a social media policy, or the perceived over breadth of an existing social media policy. Id.

In the NLRB’s view, an employee’s social media activity is protected as “concerted action” so long as it touches on a term or condition of employment, and falls short of making a physical threat. This view was largely endorsed recently by the recent decision in Hispanics United of Buffalo, Inc. v. Ortiz, No. 3-CA-27872 (NLRB Sept. 2, 2011) ( Hispanics United dealt with the termination of five employees for postings to one of the terminated employee’s Facebook page. That employee had posted a comment naming a co-worker who believed that her department did not do enough to serve their clients and soliciting input from her co-workers. The employee added that she had “about had it!” Id. at 4. The employees who participated in this discussion were terminated three days later, purportedly for violating the employer’s anti-harassment policies. In Hispanics United, Administrative Law Judge Arthur Amchan concluded that the employees’ Facebook discussions were protected because they represented the “first step towards taking group action.” Id. at 8. The ruling was based on the employees’ right “to discuss matters affecting their employment amongst themselves.” Ortiz, No. No. 3-CA-27872 at 9.

Neither did the sometimes vulgar nature of the discussion make it so “opprobrious” as to take it outside the protections of the National Labor Relations Act. While some posts lapsed into profanity – “what the f. .. Try doing my job I have 5 programs” or “Tell her to come do [my] fucking job n c [and see] if I don’t do enough, this is just dum [sic.]” – the NLRB characterized it as “objectively quite innocuous” in a Memorandum dated August 18, 2011. Anne Purcell, “Report of the Acting General Counsel Concerning Social Media Cases”, supra. ALJ Amchan appeared to substantially agree with the NLRB’s assessment, finding that simply mentioning an employee’s name together with these comments did not transform the conversation into harassment. ALJ Amchan accordingly found that the employer’s anti-harassment policy was not violated and that the employer had no rational basis for concluding that it had been.

This discussion of employer policies is typical of the NLRB’s focus in other social-media related actions that it has initiated. One of the NLRB’s primary concerns has been with what it views as “overbroad” restrictions by employers contained in their social media policies. The NLRB repeatedly targeted policies which might be interpreted to restrict employees’ ability to engage in protected concerted activity through the use of social media. While it would be premature at this time, based on the dearth of decisions on this subject, for employers to undertake a wholesale restructuring of their social media policies, it is certainly advisable that employers ensure that their social media policies are tailored to target only social media usage that implicates legitimate business interests. Employers may also want to consider including a clause carving social media activities that qualify as concerted activity out of any restrictions they place on social media usage. Preferably, these steps would be taken together – a truly overbroad policy is unlikely to be saved by a limited carve out, and a narrow policy which nonetheless restricts concerted activity may still attract attention.

This focus on social media policies may portend an attempt by the NLRB to effect wider-reaching changes to employer’s ability to control the use of their electronic resources. In late April, 2011, the NLRB’s Hartford Regional Director appeared in a panel discussion for the Connecticut bar Association. During that discussion, the Regional Director revealed that the NLRB is preparing to set the stage to reverse the NLRB’s December 2007 decision in Register Guard. In that case, the NLRB held that an employer can ban employee use of corporate e-mail systems for non-business reasons as long as the policy is enforced in a non-discriminatory manner. The Guard Publishing Co. d/b/a The Register-Guard, 351 NLRB No. 70 (2007). If reversed, employers ability to limit the use of social media by employees on employer electronic resources could be severely undermined.

II. A Canadian Perspective – Lougheed Imports, Ltd. d/b/a West Coast Mazda v. United Food and Comm’l Workers Int’l Union, 2010 CanLII 62482 (B.C. L.R.B. 2010)

In contrast, in Canada the British Columbia Labour Relations Board recently issued a decision permitting the termination of two employees for Facebook comments during and immediately following a unionization drive, though the comments were substantially more inflammatory and threatening than those described above. On October 22, 2010, in Lougheed Imports, Ltd. d/b/a West Coast Mazda v. United Food and Comm’l Workers Int’l Union, 2010 CanLII 62482 (B.C. L.R.B. 2010) (, the British Columbia Labour Relations Board upheld the termination of two employees for comments that they posted on Facebook about their employer. During and immediately after the drive to establish a union, the two employees involved in the unionization effort posted offensive, and potentially threatening, comments on their Facebook pages. In one post, one of the terminated employees wrote “If somebody mentally attacks you, and you stab him in the face 14 or 16 times… that constitutes self defence, doesn’t it????” Lougheed Imports, 2010 CanLII 62482 at par. 17 (ellipses in original). The employer began building a file on one of these employees, the most active union supporter in the shop, on the same day that the union applied for certification, and, despite the provocative nature of his posts, kept its concern secret from the employee until the date of his termination on October 7. Despite largely agreeing with the union that the employer’s behavior was “puzzling” and “suspicious,” the Board sided with the employer, relying primarily on the egregious nature of the postings and the employer’s alleged uncertainty as to how to address misconduct on Facebook.

III. The European Union

The European Union is considering adding a “right to be forgotten” as part of a planned update to bring the 1995 Data Protection Directive in line with new technologies. The controversial right would give individuals the right to withdraw their consent to data processing. This means that, for example, an individual could withdraw their consent to Facebook retaining or sharing a photograph of themselves. According to a spokesman for Viviane Reding, the EU Justice Commissioner, “after you have withdrawn your consent, there shouldn’t even be a ghost of your data left in some server somewhere. It’s your data and it should be gone for good.” Leigh Phillips, “EU to Force Social Network Sites to Enhance Privacy”, The Guardian (March 16, 2011) (cite online at:

The precise shape of this right remains unclear. It seems likely that it will contain a requirement that individuals “opt-in” to allow data processing, as opposed to the current “opt-out” regime. Matt Warman, “EU Proposes Online Right “To Be Forgotten”, The Telegraph (Nov. 5, 2010). It is also probable that data processors will face additional restrictions on the type of data which they can process and the length of time for which they can maintain it. While it may be that the right will do little more than heighten already-extant consent requirements in the 1995 Data Protection Directive, a recent request by the Spanish government to Google illustrates that such a right could have wide-reaching implications. John Hendel, “In Europe, a Right to Be Forgotten Trumps the Memory of the Internet”, New York Times (Feb. 3, 2011). On January 19, 2011, Google refused a request from Spain to remove 90 links. Id. Most of the links were to newspaper articles and other public information which portrayed individual Spanish citizen plaintiffs in an unfavorable manner. Id. For example, one request came from a domestic violence victim whose address can be found on the search engine. Another is from a woman, reports about whose criminal activity as a teenager are available online. Ravi Mandalia, “Google Receives Data Deletion Request from Spanish Government” ITProPortal, (August 12, 2011) ( Google argued that Spain’s request could do serious harm to freedom of speech and that responsibility for removing content rested with the publishers linked to, not Google. Google is currently fighting several lawsuits related to the removal of these links under the “right to be forgotten” in Spain’s National Court. The publications which maintain the data, primarily newspapers and other media sources, were not asked by Spain to remove the information Google linked to from their websites – presumably due to concerns about censorship or freedom of the press.

The outcome of the battle over this case has potentially wide-reaching implications for the shape of social media websites throughout the world. Ms. Reding has explicitly stated that “[p]rivacy standards for European citizens should apply independently of the area of the world in which their data is being processed,” and that “[t]o enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.” Ben Rooney, “Non-EU Websites Must Operate Under EU Privacy Laws”, The Wall Street Journal TechEurope Blog (March 16, 2011) (cite online at: If investigations into the procedures used by social media websites in handling personal data become common, providers could be faced with the choice of conforming their entire operation to comply with EU privacy regulations or somehow segregating accounts used by European citizens for different treatment – potentially a daunting task.

Civil rights organizations have taken a mixed view of any potential right to be forgotten. The American Civil Liberties Union (“ACLU”) has, in the past, advocated a potentially more limited “right to delete” which would “generally encompass the deletion only of any association with a given record, not necessarily the entire record itself,” except when such disassociation is impossible as for example, when a person’s face is captured by a security camera. Chris Conley, “The Right to Delete” AAAI Spring Symposium Series (March 23, 2010) (cite online at: This is a more limited right than that which appears to be under consideration in Europe. The ACLU also proposes safeguards to balance this right against rights of free speech and press by providing various exceptions, including exceptions for “newsworthy” content, but the ACLU acknowledges that the “right to delete” presents difficult issues in this regard. In the United Kingdom – already facing criticism for not complying fully with the 1995 Data Protection Directive – Mr. Kenneth Clarke, Secretary of State for Justice, has criticized the notion of a broad “right to be forgotten.” “Kenneth Clarke Warns on EU Data Protection Rules”, May 26, 2011 (cite online at: