Header graphic for print
Steptoe Cyberblog

Social Media Laws Can Be Positively Anti-Social

Posted in Privacy Regulation

According to Dan Balz’s new book, the Obama campaign had its employees and volunteers log onto the campaign’s “Dashboard” application using their Facebook accounts, which allowed the campaign to see each person’s Facebook friend list. The campaign would then match the friends’ names to other information the campaign had amassed showing which of those friends were registered to vote, which ones were not likely to vote, which were inclined to vote Obama’s way but could use more encouragement, etc. Campaign workers could then send personalized messages to a targeted group of their Facebook friends urging them to vote for Obama.

Some recent laws could pose a problem for any campaign that tried the same strategy today. Several states have enacted (and many more are considering) laws to prohibit employers from requiring, or even requesting, that employees or job applicants provide the password, or otherwise allow access, to their social media or other online accounts. These laws have a laudable goal—protecting the privacy of workers. But some of these laws are written so broadly that they could be read as barring even a truly voluntary effort like that of the Obama campaign (at least with regard to paid employees; unpaid volunteers might not be covered).

Illinois’ law, for example, makes it unlawful for any employer “to request…any employee…to provide any password or other related account information in order to gain access to the employee’s…account or profile on a social networking website.” California’s law contains similar language, and also bars employers from asking an employee to disclose any content on a social media site. Oregon makes it unlawful to “request an employee…to disclose or to provide access through the employee’s…user name and password…or other means of authentication that provides access to a personal social media account.”

These are just a few examples of privacy laws that are rapidly proliferating across the country, with too little thought to the adverse consequences they might have for legitimate activities of employers, including internal investigations and the monitoring of employee activity on company networks for the purposes of network security or protecting proprietary information.