Washington State’s Proposed Employer Social Media Law: The Legislature Should Take a Cautious Approach — SB 5211
[Post by Venkat Balasubramani]
[Washington State’s Proposed Employer Social Media Password Legislation – SB 5211]
Eric previously posted on his concerns about California’s law restricting employer access to social media accounts. The Washington State Senate recently proposed a law (SB 5211) and it suffers from many of the similar problems.
Summary: The proposed law prohibits both public and private employers from requiring “directly or indirectly . . . as a condition of employment or continued employment,” that an employee or prospective employee provide any password “or other related account information” for the employee’s profile on a “social networking web site.” The legislation defines “social networking web site” to be any internet-based service that allows individuals to (1) construct profiles; (2) create lists of connections; and (3) view and navigate those lists.
The legislation excludes information that is “in the public domain.”
Finally, the proposed statute says that in the event of a violation, the court may award $500, in addition to actual damages, and reasonable fees and costs to the prevailing party.
Possible problems with the legislation:
Is this really an issue that warrants legislative attention? First, it’s unclear that employers even engage in the practice of requesting access to the private profiles of prospective employers with any regularity. Most risk-averse lawyers would advise their clients to refrain from learning about the details of their prospective employees’ personal lives for reasons unrelated to the privacy issue (e.g., learning about a medical condition or religious belief; this would constitute a violation of the terms of service of most social networks). Given the bad publicity something like this generates, it also doesn’t seem like a good business practice. I would be surprised if employers engaged in this activity en masse. (A separate issue–and one this statute does not address directly–is whether employers engage the service of data aggregators to look into profiles or prospective employees and conduct de facto credit checks.)
Definitional issues: While the definition of “social networking website” does not suffer from the same flaws as the California statute (that statute applies to digital content, including content that is stored locally), the definition is still vague. It’s also unclear as to what the statute means by “password or other related account information.” Does this attempt to get at something like a protected Twitter account where the account-holder must accept a follow request? Is this the “other account information” that the statute has in mind?
Perhaps more importantly, the statute does not effectively distinguish between private and public accounts, which is a key distinction the statute should make. This is probably what the “public domain” language of the statute is getting at, but “public domain” is not the optimal choice of words here.
Inadvertent effect on ownership questions: We have blogged about many different cases where employer and employee battled over ownership of social media assets. (PhoneDog v. Kravitz; Eagle v. Morgan; Maremont v. SF Design Group; Ardis Health v. Nankivell). Because the proposed Washington statute does not distinguish between prospective and existing employees, the statute could inadvertently affect social media account ownership issues. Court disputes have not produced any definitive standards, but do point to the fact that accounts are often used for mixed purposes. By restricting employer access to “an employee’s . . . account or profile on a social networking site,” the rule arguably prohibits employers from requesting passwords for social networking accounts used by the employee for the benefit of both the employer and employee. Ideally, the statute would make clear that it is not intended to affect any ownership issues between employer and employee and is only intended to deal with a situation where an employer seeks access to a social media account in order to conduct a background check in advance of making an offer of employment.
No exceptions: The statute also does not take a very flexible approach and does not contain carve-outs for scenarios where employers would legitimately need to access information from a social media account used by the employee. These could include accessing information in order to conduct investigations or look into misconduct. The California statute contains a broad exception, but the proposed Washington legislation does not contain one.
Private cause of action: The proposed law also provides for a private cause of action and authorizes courts to award statutory damages. Most likely, this provision will result in the statute being just another routine cause of action that a disgruntled former employee asserts against an employer, rather than a meaningful check on employer snooping.
The statute has “unintended consequences” written all over it.
Given the uncertainty around whether this is really a rampant practice that needs legislative attention, along with the difficulties in making the statute reasonably precise, this looks like a great candidate to take a wait and see approach, rather than rushing in.
(h/t to William Carleton and Danan Margason for flagging it)
Seattle Times (Brian Rosenthal): Must job hunters reveal Facebook password?
Trade Secrets: Hands Off My Tweets: Washington State Senate Proposes Ban on Mandatory Disclosure of Employee Social Networking Passwords
William Carleton: Washington State to consider a social networking password protection law; Grading the social media savvy of six state legislatures
National Conference of State Legislature’s Survey: “Employer Access to Social Media Usernames and Passwords”
H.R. 5050: “Social Networking Online Protection Act”
Accessing an Employee’s Facebook Posts by “Shoulder Surfing” a Coworker’s Page States Privacy Claim — Ehling v. Monmouth Ocean Hosp.
Employee/Ex-Employer Lawsuit Over Twitter Account Settles – Phonedog v. Kravitz
Battle Over LinkedIn Account Between Employer and Employee Largely Gutted–Eagle v. Morgan
Another Set of Parties Duel Over Social Media Contacts — Eagle v. Sawabeh
Employee’s Claims Against Employer for Unauthorized Use of Social Media Accounts Move Forward–Maremont v. SF Design Group
Ex-Employee Converted Social Media/Website Passwords by Keeping Them From Her Employer–Ardis Health v. Nankivell
[image credit: Shutterstock “electronic biometric fingerprint scanning“]