An Employee’s Right to Privacy for their Social Media Posts

By Gwyn Powers

As children, we all heard the saying, “don’t post anything on social media that you wouldn’t want your boss to see.”[1] We know that anything a person posts on Facebook, Twitter, or Instagram has the possibility to be seen by millions of people.[2] However, people make their social media accounts private to limit who can see their posts.[3] Even though a person’s social media post may be private, what privacy rights do employees have for their private social media posts?

Employees have two potential avenues of protection from employers monitoring their employees’ social media activities.[4] The first is a cause of action under a common law intrusion upon seclusion tort claim arguing that the employer intruded on the employee’s private affairs.[5] The plaintiff would have to prove that their employer (1) intentionally intruded on the employee’s solitude, seclusion, or private affairs and (2) that the intrusion would be highly offensive to a reasonable person.[6] Courts have held that if a person posts something on the internet without restricting access to the post, the individual does not have a claim to privacy for that post.[7] However, if an individual takes steps to control who can access their Facebook posts, then a court may find that the person had a reasonable expectation of privacy for their Facebook post.[8] Still, some states do not recognize a common law intrusion on seclusion cause of action but have a privacy statute.[9] For example, the Massachusetts Privacy Act creates a right against a serious interference of their privacy which primarily protects the dissemination of private information.[10] Additionally, some states like Virginia do not recognize an intrusion of seclusion tort claim.[11] Therefore, employees in Virginia would need to find protection for their private social media posts from another source.

The second potential source of protection for an employee’s private social media post is under the Stored Communications Act (SCA).[12] The SCA protects a person’s stored communications, such as a person’s email.[13] While a criminal statute, the SCA does create a civil cause of action.[14] The plaintiff would need to show that the defendant “(1) intentionally accesses (2) a facility through which an electronic communication service is provided (3) without authorization or by exceed[ing] an authorization given and (4) thereby obtains . . . a wire or electronic communication (5) while that wire or electronic communication is in electronic storage.”[15] However, the SCA does not protect electronic communication that is “readily accessible to the general public.”[16] So, the plaintiff would need to show that their social media post was not accessible to the general public.[17]

Courts have held that posts made on private Facebook accounts, private online bulletin boards, and private websites may be protected under the SCA.[18] This is because the owners of the private sites took steps to control and limit access to their sites, which would make the information not readily accessible to the public.[19] However, courts are not likely to find SCA protections for posts made on private Facebook groups because the initial poster does not have control over who can be a member of the group and see their post.[20] Thus, the poster’s lack of control made the post “readily accessible to the public.”[21]

If an employer accesses an employee’s private social media post, the next step is determining whether the employer has authorization to access the employee’s post.[22] Courts have held that the employer violated the SCA if an employer did not have authorization to private posts and manages to access the private communication.[23] For example, in Pietrylo v. Hillstone, a group of employees created a private MySpace group to vent their problems with restaurant management.[24] A member of the MySpace group felt coerced by management to provide their MySpace login information so the management could access the employee group.[25] The court held that the coercion from the management did not have authorization to access the MySpace group.[26] Several state legislatures have passed statutes prohibiting employers from requiring their employees to provide their social media usernames and passwords.[27] However, these statutes do not prohibit employers from accessing social media posts that are publicly accessible.

In Ehling, the court stated that “[p]rivacy in social networking is an emerging but underdeveloped area of case law.”[28] As social media continues to be a constant part of our day-to-day life, courts must ensure that the law and protections do not fall too behind technology.

[1] Stephanie Smith, 11 Photos you should never post on social media, Business Insider (May 1, 2018, 5:24 PM), https://www.businessinsider.com/photos-you-should-never-ever-post-on-social-media-2018-5.

[2] Press Release, Meta, Reports Third Quarter 2022 Results (Oct. 26, 2022), https://investor.fb.com/investor-news/press-release-details/2022/Meta-Reports-Third-Quarter-2022-Results/default.aspx; Instagram Statistics and Trends, DataReportal, (Aug. 15, 2022), https://datareportal.com/essential-instagram-stats; Twitter Statistics and Trends, DataReportal, (Aug. 15, 2022), https://datareportal.com/essential-twitter-stats.

[3] 8 Reasons to Keep your Social Media Set to Private, Eset (Jun. 16, 2022), https://www.eset.com/uk/about/newsroom/blog/8-reasons-to-keep-your-social-media-set-to-private/.

[4] Marion G. Crain et al., Work Law: Cases and Materials, 407—09 (4th ed. 2020).

[5] See Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 872 F. Supp. 2d 369, 373 (D. N.J. 2012).

[6] Restatement (Second) of Torts § 652B (Am. L. Inst. 1977).

[7] Ehling, 872 F. Supp. 2d at 373.

[8] Id. at 374.

[9] Portnoy v. Insider, Inc., No. 22-10197-FDS, 2022 U.S. Dist. LEXIS 2020080, at *26 (D. Mass. 2022).

[10] Mass. Ann. Laws Ch. 214, § 1B (LexisNexis 2022).

[11] Cockrum v. Donald J. Trump for President, Inc., 365 F. Supp. 3d 652, 670 (E.D V.A. 2019).

[12] Marion G. Crain et al., Work Law: Cases and Materials, 407—09 (4th ed. 2020).

[13] 18 U.S.C. § 2701.

[14] 18 U.S.C. § 2707.

[15] Backhaut v. Apple, Inc., 74 F. Supp. 3d 1033, 1041 (N.D. Cal. 2014).

[16] 18 U.S.C. § 2511(2)(g).

[17] See Davis v. HDR Inc., No. CV-21-01903, 2022 U.S. Dist. LEXIS 102949, at *10 (D. Ariz. 2022).

[18] Id.

[19] See id. at *11.

[20] Id. at *22—23.

[21] Id. at *11.

[22] Pietrylo v. Hillstone Rest. Group, No. 06-5754, 2009 U.S. Dist. LEXIS 88702, at *7 (D. N.J. 2009).

[23] Pietrylo, 2009 U.S. Dist. LEXIS 88702, at *8.

[24] Pietrylo v. Hillstone Rest. Group, No. 06-5754, 2008 U.S. Dist. LEXIS 108834, at *1—2 (D. N.J. 2008).

[25] Pietrylo, 2009 U.S. Dist. LEXIS 88702, at *8—9.

[26] Id. at *9.

[27] Va. Code Ann. § 40.1-28.7:5 (2021).

[28] Ehling, 872 F. Supp. 2d at 373.

Image Source: Photo Source: https://medium.datadriveninvestor.com/social-networking-harmless-media-or-privacy-intrusion-9b8e30402d5

The first exclusively online law review.

An Employee’s Right to Privacy for their Social Media Posts

Related

An Employee’s Right to Privacy for their Social Media Posts

Related

As Expected, the FTX Investigation Is a Complete Fiasco

The Honorable ChatGPT: How AI Systems Could Alter and Perhaps Improve the Judiciary