KMU-Magazin No. 01/02 January/February 2022 Social Media: When employment law strikes
Every day, social network users generate immense amounts of data and read or disseminate information. This happens in both the private and professional spheres. It is therefore not surprising that this use also gives rise to intersections with employment law. A few of these are highlighted below.
In principle, the employer must protect and respect the personality of the employee (Art. 328 OR). Art. 328b OR states that the employer is entitled to process personal data, insofar as it relates to the employment relationship or is necessary for the performance of the employment contract. In addition, the Data Protection Act and the principles contained therein apply. This stipulates in particular that data may only be processed lawfully and proportionately and that the purpose of the processing must be recognizable for the person concerned.
In the application process
In the context of application processes, therefore, the question arises as to which clarifications the employer is allowed to make on social networks at all. The applicant's interests in protecting his or her privacy and the employer's information needs are in conflict here. However, apart from the legal sources mentioned at the beginning, there are no laws (yet) or rich case law that explicitly regulate the use of social networks in the application process. In practice and teaching, the following section outlines a few key points that can be used as guidelines for HR managers.
If social networks have a professional context (Linkedin, Xing, etc.), the connection to the professional activity is given and the employer can make clarifications. On the other hand, social networks that are usually classified as private (Facebook, Instagram, Tiktok, Twitter, etc.) and are only open to a limited, private group of people and not related to professional activities may not be used as a source of information. This also applies if the profile can be viewed in whole or in part by the public.
When filling particularly sensitive positions, the employer's need for information may be greater, which also allows more comprehensive screening of the applicant. This includes queries on search engines and the evaluation of the results obtained. However, the screening can be extended with the consent of the applicant, as long as this is indicated in the individual case and - ideally - the applicant must be given the opportunity to comment on the search results.
Private social networks
As already mentioned above, private social networks are generally unrelated to the employment relationship and are of no further interest to the employer. This applies insofar as no reference to the employer can be established. In this area, the employee can invoke, among other things, his constitutionally protected right of freedom of expression.
If a reference to the employer can be established, the employee must observe his duty of loyalty under the employment contract. According to this, the legitimate interests of the employer must be safeguarded in good faith by the employee (Art. 321a para. 1 OR). A justified interest of the employer is his reputation; this can be damaged by thoughtless statements of the employee. Likewise, employees must also protect the employer's business secrets in social networks.
Depending on the industry, position and function of the employee as well as the reach of the post on the private social network (public, friends, etc.), the employee may violate his or her fiduciary duty. In the case of a CEO, posts on private social networks are more quickly attributed to the employer and a critical statement about the employer or its activities is more likely to constitute a breach of fiduciary duty. A statement on Instagram by an employee without a management function that he or she is really fed up with having to go to the "office" today is unlikely to constitute a breach of fiduciary duty.
Slanderous, defamatory or business secret disclosing statements that are directed against the employer or its employees assessment is difficult in individual cases and involves the risk of not obtaining a clear statement as to whether a breach of fiduciary duty has occurred or not. Illustrative media, of a federal parliamentary secretary who freely shared selfies with nearly 11,000 followers from her private Twitter account, in some cases directly from her office.
Following her release, the contract was terminated by mutual agreement without the courts having to deal with this case. It cannot be ruled out that a court would not yet have qualified this permissive content shared on private social networks as a breach of fiduciary duty and would have given greater weight to the free expression of personality in the private sphere.
Professional social networks
With regard to professional social networks, it is common for the employee to mention the employer and his position precisely. In this way, the employee establishes a relationship with the employer and runs the risk of violating his or her duty of loyalty through unsuccessful posts. Although many companies already use guidelines on the use of social networks, a surprisingly large number of SMEs have so far shied away from issuing internal directives. Even with little effort, it would be possible to define the type and manner of permissible use as well as the consequences in the event of non-compliance and thus also to obtain clarity as to when a breach of fiduciary duty exists in a specific case.
Without this provision, the employer will never be able to accurately assess whether it was justified in issuing a warning for the alleged breach of duty. This can pose considerable risks for the employer, especially in the case of repeated breaches of duty and a subsequent termination without notice; if the court comes to the conclusion that the warning was not justified, the subsequent termination will also be flawed. In addition, the same applies as for the use of e-mails for private purposes: as long as there is no regulation, the private use of social networks is generally also permissible during working hours, as long as the work performance is not jeopardized and the usual extent is not exceeded.
New data protection law
The date on which the new data protection law will come into force has not yet been determined. It is now assumed that this will probably not be the case until 2023. Companies operating in Europe have already had to deal with this and are already well positioned in this regard, as they have implemented the European General Data Protection Regulation (GDPR).
HR professionals who work in companies that were previously outside the scope of the GDPR must prepare themselves to comply with the framework conditions of the new Swiss data protection legislation in the area of HR once it comes into force. A key factor here will be that HR managers must inform applicants and employees about the new data protection legislation. The data controller must inform the data subject about what personal data is processed, for what purpose, how and where, and also about the data subject's rights to information.
It is therefore advisable to integrate this information as early as the tendering process. If the data is exported or processed by third parties, the relevant agreements must be concluded with the service providers and it must be ensured that the target country guarantees adequate data protection.
With the new data protection law coming into force soon, HR managers are well-advised to review the application process and to initiate implementation of data protection measures throughout the HR process.
Click for the article: