ABA –- National Symposium on Technology and Labor and Employment Law
April 21-23, 2013
Berkeley, CA
SOCIAL MEDIA AND NEW TECHNOLOGY
ISSUES FOR UNIONS AND EMPLOYEES:
THE NLRA AND BEYOND
Pamela Jeffrey
Levy Ratner, P.C.
80 Eighth Avenue, 8th Floor
New York, NY 10011
(212) 627-8100
[email protected]
Katy Dunn
SEIU Local 32BJ
25 W. 18th Street
New York, NY 10011
(212) 388-3970
[email protected]
Alvin Velazquez
Service Employees International Union
1800 Massachusetts Avenue, NW
Washington, DC 20036
(202) 730-7000
[email protected]
TABLE OF CONTENTS
Page
INTRODUCTION: NAVIGATING THE OPPORTUNITIES AND RISKS OF SOCIAL MEDIA
AND NEW TECHNOLOGY ......................................................................................................... 1
PROTECTIONS FOR AND RESTRICTIONS ON THE CONTENT OF ONLINE ACTIVITY . 2
1.
Developing Protections Under Section 7 ............................................................................. 2
a.
The Facebook Case and the Beginning of a Section 7 Analysis...................................... 2
b.
Guidance from the Office of the General Counsel: Protected, Concerted Activity or
Individual Gripe? ............................................................................................................. 3
c.
The Board Finds Facebook Postings To Be Protected Concerted Activity ..................... 5
d.
The Application Of Section 7 To Social Media Policies And Related Work Rules........ 7
2.
Protected Statements vs. Disparagement, Defamation, or Worse ....................................... 9
a.
Statements by Employees ................................................................................................ 9
b.
Protection For Unions – The Communications Decency Act ........................................ 11
c.
New Avenues of Attack against “Watch” Websites and Other Union Online Activity 15
TIME, PLACE, AND MANNER: PRACTICAL CONSIDERATIONS FOR USE OF SOCIAL
MEDIA ......................................................................................................................................... 16
1.
The Register-Guard Saga ................................................................................................... 16
2.
Employee Privacy Rights and the Use of Employer Resources ........................................ 19
BIG BROTHER AND SOCIAL MEDIA: IS YOUR EMPLOYER WATCHING YOU? .......... 22
1.
Cyber-Surveillance and Section 8(A)(1) ........................................................................... 22
2.
Statutory Protections Against Employer Surveillance – the Stored Communications Act 23
CAN SPAM AND THE TCPA: TEXTING AND EMAILING UNION MEMBERS ................ 25
1.
CAN SPAM ....................................................................................................................... 26
a.
Applicability to Labor Unions ....................................................................................... 26
b.
Requirements ................................................................................................................. 27
c.
Messages to Wireless Devices ....................................................................................... 28
d.
Penalties and Safe Harbors ............................................................................................ 29
e.
Text Messages and Emails ............................................................................................. 29
f.
Robocalls........................................................................................................................ 30
g.
TCPA Private Right of Action and Damages ................................................................ 32
THE SMALL PRINT: OTHER REGULATORY CONCERNS .................................................. 32
ii
INTRODUCTION: NAVIGATING THE OPPORTUNITIES AND RISKS OF SOCIAL
MEDIA AND NEW TECHNOLOGY
Social media is increasingly becoming a way of life for people of all ages, at work and at
home, for personal and work related matters. Almost every employer, union local, and
international union has a website. Many provide features that allow viewers to post comments,
read comments of others, and post or view photos and videos. Sites routinely ask users to sign up
for ongoing updates by “following” them via Twitter or RSS feeds, or “liking” them on
Facebook. Individuals also use social media sites like Facebook, Instagram, Google+, and
Tumblr to maintain their own online presences. In addition, people communicate via Twitter in
their personal and professional capacities, at home, at work and from various locations in
between.
All of these online tools, combined with advances in mobile phone technology like web
browsers, high-definition cameras, GPS chips, and social media apps, present previously
unimagined opportunities to communicate and to view communications of others. Many people
use their phones to check and post to their own social media pages, and to those of their friends,
numerous times throughout the day. It is now commonplace to shoot photos and videos
constantly – whether at brunch with friends, 1 a concert, 2 a demonstration 3 or a union meeting –
and upload them directly from their mobile phones to the web where friends and others can view
and comment on them within a matter of moments. Moreover, photos can be “tagged” with the
names of those appearing in them, and often carry embedded data reflecting the date, time and
place they were taken.
Legislatures, courts and regulators are having a hard time keeping up with the evolution
of social media. While Section 7 of the National Labor Relations Act (“NLRA” or “Act”)
continues to protect workers engaging in union activity, it can be hard to prove the concerted
aspect of certain communications when individuals speak up in cyberspace, and the public nature
of social networking can blur the lines between protected activity and disloyalty, disparagement
1
See Kate Murray, First Camera, then Fork, N.Y. Times, April 6, 2010, at D1 (Describing the
rapidly growing trend of taking pictures of everything one eats and posting them online).
2
See, e.g. Lorne Manly, This Is Not Spinal Tap: A Concert Film by Fans, N.Y. Times, January
19, 2006, at E1 (reviewing “Awesome!” a concert film by the band the Beastie Boys inspired by
a picture of the band taken using a fan’s cellphone).
3
See, e.g. Sarah Maslin Nir, Wall Street Protesters Broadcast Arrests on Social Media, N.Y.
TIMES CITY ROOM BLOG (Sept. 24, 2011),
http://cityroom.blogs.nytimes.com/2011/09/24/wall-street-protesters-broadcast-arrests-on-socialmedia/?scp=85&sq=use%20of%20video%20occupy%20protests&st=cse.
or defamation, which fall outside the protection of the Act. Moreover, the developing
interpretation of Section 7 by the National Labor Relations Board in the context of social media
might lead to rude awakenings when employees discover that their speech is less protected than
they believed from reading the flurry of headlines about the 2010 “Facebook case” and
headlines about recent NLRB decisions and activity. 4
Meanwhile, outside of the NLRA, courts are struggling to adapt existing privacy law and
wiretapping statutes to emerging technologies and the nature of electronic communication in
today’s workplace, and legislatures are adopting new statutes to address issues associated with
life in the social network. How can we help our clients harness the benefits of social media
while avoiding the pitfalls?
PROTECTIONS FOR AND RESTRICTIONS ON THE CONTENT OF ONLINE
ACTIVITY
1. Developing Protections Under Section 7
a. The Facebook Case and the Beginning of a Section 7 Analysis
In October 2010, NLRB Region 34 in Hartford, CT issued the now-famous complaint
against an employer that fired an employee who posted negative remarks about her supervisor on
Facebook after she was denied union representation in a meeting regarding a work incident. The
employee posted the comments to her personal Facebook page using her home computer, and
continued to post comments after coworkers who were also her Facebook “friends” posted
comments in support. The Office of the General Counsel’s Division of Advice concluded that
the Region should issue a complaint alleging that the employer violated Section 8(a)(1) by
denying the employee her Weingarten rights, by threatening her for invoking those rights, by
terminating her for engaging in protected activity and by maintaining unlawfully overbroad
internet and blogging, standards of conduct and solicitation policies. 5 See American Med.
Response of Conn., Inc., OGC Advice Memo, NLRB Case No. 34-CA-12576 (Oct. 5, 2010).
The Region’s complaint addressed the discipline and the policy issues, and alleged that (1) the
employee’s use of Facebook constituted protected concerted activity under the NLRA, and (2)
the employer’s policies were unlawfully overbroad in that they prohibited employees from
making disparaging remarks about the company or supervisors, or depicting the company name
4
See, e.g. Steven Greenhouse, Even If It Enrages Your Boss, Social Net Speech Is Protected,
New York Times (Jan. 21, 2013)
5
The employer’s policy prohibiting all solicitations by e-mail was found facially lawful under
Register-Guard as it prohibited all solicitation.
2
or logo in any way over the internet without permission. 6 See Complaint, American Med.
Response of Conn., NLRB Case No. 34-CA-12576 (Oct. 27, 2010).
The complaint drew enormous national attention as the first reported instance of the
Board alleging that Section 7 protected an employee who was discharged for speaking out
against her supervisor on Facebook. The New York Times quoted Acting General Counsel Lafe
Solomon as stating “This is a fairly straightforward case under the National Labor Relations Act
– whether it takes place on Facebook or at the water cooler, it was employees talking jointly
about working conditions, in this case about their supervisor, and they have a right to do that.”
Steven Greenhouse, Company Accused of Firing Over Facebook Post, New York Times (Nov. 8,
2010). Ultimately the case settled through a private agreement with the individual and a Board
settlement by which (1) the employer would revise its overly-broad rules to allow employees to
discuss terms and conditions of their employment with their co-workers and others while not at
work; and (2) it would not discipline or discharge employees for engaging in such discussions.
While the complaint and settlement did not provide any new guidance on social media
per se, it was clear – particularly after the Advice memo was released – that the Board was using
well-established law to analyze, and hold employers accountable for, Section 7 violations that
occurred via social media. 7
b. Guidance from the Office of the General Counsel: Protected, Concerted Activity or
Individual Gripe?
The “Facebook case” left a remarkable e-trail. Countless news agencies and bloggers
quickly started rehashing the limited public details of the case and speculating about what it
meant for the future. The news stories and blogs gave one the impression that Section 7 would
protect any worker who criticized her boss on Facebook. In reality, the requirement of proving
the “concerted” nature of online activity can significantly limit the application of Section 7 to
social media activity. And unprotected statements – having little or no connection to terms and
conditions of employment – continue to be unprotected even if made on Facebook.
In the Facebook case, the fact that coworkers appended comments of support to the fired
employee’s original post was clearly a factor in establishing the concerted nature of the activity,
and in the decision to issue the complaint (the postings were considered to be a discussion).
Moreover, the Facebook posting arose out of the employer’s unlawful response to the
employee’s request for union representation at an investigatory meeting. It does not take much
6
The Employee Handbook stated under its “Blogging and Internet Posting Policy” that
employees were “prohibited from making disparaging, discriminatory or defamatory comments
when discussing the Company or the employee’s superiors, co-workers and/or competitors.”
7
The Board had previously applied a traditional Section 7 analysis to other new forms of
technology, including e-mail. See Timekeeping Systems, Inc., 323 NLRB 244 (1997).
3
imagination, however, to foresee a situation where a worker, desiring to incite change in the
workplace, makes a comment via social media and cannot provide evidence showing that she
acted concertedly. Absent substantive responsive comments from co-workers, such a
contribution to discourse about working conditions via social media could stand alone and
perhaps unprotected, despite the fact that under Board law “the guarantees of Section 7 of the
Act extend to concerted activity which in its inception involves only a speaker and a listener, for
such activity is an indispensable preliminary step to employee self-organization.” Meyers
Industries (Meyers II), 281 NLRB 882, 887 (1986), quoting Root-Carlin, Inc., 92 NLRB 1313,
1314 (1951).
The NLRB General Counsel’s Office recognized that the growing use of social media
was likely to raise issues without clear direction from the Board. On April 12, 2011, Acting
General Counsel Lafe Solomon issued a memo on Mandatory Submission to Advice that
included “[c]ases involving employer rules prohibiting, or discipline of employees for engaging
in, protected concerted activity using social media, such as Facebook or Twitter.” See
Memorandum GC 11-11 (April 12, 2011). Although submission to Advice is no longer
mandatory for all such cases, since that directive, the Division of Advice has issued numerous
memoranda (“Advice Memos”) in cases involving social media use by employees and the Office
of the General Counsel, Division of Operations-Management has issued three reports (“GC
Reports”) concerning social media cases. See Memorandum OM 11-74 (August 18, 2011),
Memorandum OM 12-31 (January 24, 2012) and Memorandum OM 12-59 (May 30, 2012). 8
These Advice Memos and GC Reports show the Office of the General Counsel, in case after
case, applying traditional Section 7 analyses under the Meyers cases, 9 to determine whether
social media activity constitutes concerted activity, under Atlantic Steel to determine whether an
employee’s outburst at work is sufficiently opprobrious to result in the loss of protection, and
under Jefferson Standard to determine whether employee statements to third parties constitute
unprotected disparagement, disloyalty or defamation. The lion’s share of these published Advice
Memos conclude that the social media conduct at issue was not protected activity because the
topic of the posting, tweet, etc. was not related to terms and conditions of employment or, if so
related, was not concerted in that there was no “call to action” or substantive comments from
coworkers indicating a group concern, as opposed to individual griping. 10
8
Advice Memos and GC Reports can be found on the NLRB’s website (www.NLRB.gov).
9
Meyers Industries (Meyers I), 268 NLRB 493(1984), revd. Sub nom Prill v. NLRB, 755 F.2d
941 (D.C. Cir. 1985), cert. denied 474 U.S. 948 (1985), on remand Meyers Industries (Meyers
II), 281 NLRB 882 (1986), affd. sub nom Prill v. NLRB, 835 F.2d 1481 (D.C. Cir. 1987), cert.
denied 487 U.S. 1205.
10
Although the Facebook case involved a unionized workplace, most of the cases that have
published Advice Memos do not, or at least do not reference union activity.
4
These Advice Memos contain a wealth of cautionary tales that employees would do well
to heed. A recent example, Cox Communication, Inc., OGC Advice Memo, NLRB Case No.
17-CA-087612 (October 19, 2012), is a good reminder of the dangers of venting on social media
about work related frustrations, and the importance of knowing (and remembering) how your
chosen social media platform operates and your specific privacy settings and listed affiliations.
In Cox, an employee, frustrated by an interaction with a customer, vented by posting an
inappropriate comment about the customer (ending with “F--K YOU!”) on his Google+ account,
failing to realize or remember (or care, at that moment) that his Google+ account affiliated him
with his employer (and was publicly accessible). A supervisor saw the post and reported it to
management, and the employee was ultimately terminated. It is no surprise that Advice found
his post to be unprotected.
As the numerous Advice Memos make clear, mere posting on a social media site does not
by itself trigger Section 7 protection of an employee’s comments. In order for Section 7 to come
into play, online comments must be about union activity or otherwise about terms and conditions
of work, and the employee must either discuss the post with coworkers in person, have at least
one coworker substantively comment on the post, or include in the post language clearly
intended to spur coworkers to action. Coworker comments demonstrating a general affinity
(such as “liking” a Facebook post) have not been perceived by the Office of the General Counsel
as providing the same indication of concerted activity as comments in which co-workers add
substantively to a discussion about terms and conditions of employment. Hopefully this will
change, in light of a recent ALJ decision holding “liking” to be sufficiently meaningful
participation to constitute concerted activity. 11
c. The Board Finds Facebook Postings To Be Protected Concerted Activity
In Hispanics United of Buffalo, 359 NLRB No. 37 (Dec. 14, 2012), the Board issued its
first decision in an 8(a)(1) discharge case where the Section 7 activity at issue occurred on
Facebook, finding that the Facebook postings were concerted and protected activity.
11
See Triple Play Sports Bar and Grille, NLRB Case No. 34-CA-12915;12926, (NLRB Div. of
Judges, Jan. 3, 2012) (Esposito, ALJ) (ALJ Op. Jan. 3, 2012) in which the ALJ found “liking” to
constitute concerted activity. “I further find that Spinella’s selecting the ‘Like’ option on
LaFrance’s Facebook account constituted participation in the discussion that was sufficiently
meaningful as to rise to the level of concerted activity. Spinella’s selecting the ‘Like’ option, so
that the words “Vincent VinnyCenz Spinella…like[s] this” appeared on the account, constituted,
in the context of Facebook communications, an assent to the comments being made, and a
meaningful contribution to the discussion.” Judge Esposito further noted that “[t]he Board has
never parsed the participation of individual employees in otherwise concerted conversations, or
deemed the protection of Section 7 to be contingent upon their level of engagement or
enthusiasm.” Triple Play Sports Bar and Grille at 8-9.
5
The five employees involved were discharged for posts and comments referring to a
coworker who had made comments about their poor work performance. The coworker had
expressed, to the employee who initiated the Facebook postings, her intention of taking her
complaints about their work performance to management. The Board stated that “[a]lthough the
employees’ mode of communicating their workplace concerns might be novel, we agree with the
judge that the appropriate analytical framework for resolving their discharge allegation has long
been settled under Meyers Industries and its progeny.” Hispanics United, slip op. at 1. Applying
the Meyers cases, the Board agreed with the ALJ that the employer violated 8(a)(1) when it
discharged the employees for their protected, concerted Facebook activity.
A useful fact in this case was that the initial employee post that alerted the other
employees to the coworker’s work performance complaints ended with the question “[m]y fellow
coworkers how do u feel?” The Board noted that “[b]y responding to this solicitation with
comments of protest [the] four coworkers made ‘common cause’ with her and, together, their
actions were concerted within the definition of Meyers I because they were undertaken
‘with…other employees.’” The Board further found the actions of the five to be concerted under
the expanded definition of Meyers II because they were taking a first step towards group action
to defend themselves against the accusations they could reasonably believe [their coworker] was
going to make to management. Hispanics United, slip op. at 2.
The Board found this to be true even though only the employee who initiated the first
post was aware that the complaining coworker was going to voice her criticism to management.
In his dissent, Board member Hayes contended that a “group defense” argument was therefore
not applicable here.
The Board, however, found that the initial poster’s Facebook
communication with her coworkers, immediately after learning of the planned complaint about
them to management, had the clear “mutual aid” objective of preparing her coworkers for a
group defense to those complaints and that she was not required to discuss this objective with her
coworkers or tell them it was made necessary by the impending visit with management. The
Board noted that the initial poster’s “‘mutual aid’ object of preparing her coworkers for group
action was implicitly manifest from the surrounding circumstances.” Hispanics United, slip op.
at 3.
While Hispanics United reflects the Board’s long awaited embrace of social media
activity within the protection of Section 7, the outcome is based on the unique facts of the case
and it must be remembered that “the question of whether an employee engaged in concerted
activity is, at its heart, a factual one, the fate of a particular case rising or falling on the record
evidence.” Meyers I, 268 NLRB at 497.
6
d. The Application Of Section 7 To Social Media Policies And Related Work Rules
While the protected concerted nature of employees’ online activity has been the subject
of numerous Advice Memos and much media attention, until recently there has been less
attention paid to the application of Section 7 to employers’ overbroad social media policies.
When the Facebook case was reported, practitioners were confused because the Division of
Advice found the employer’s policy in American Medical Response to be overbroad, while it did
not find a seemingly similar policy to be overbroad in the earlier Sears Holdings (Roebucks)
case. See OGC Advice Memo, NLRB Case No. 18-CA-19081 (Dec. 4, 2009). The reasons for
the different outcome became clear as more details became known, and once the Advice Memo
was published it was also clear that Advice analyzed the policy under the same well settled
Board law it had applied in the earlier Sears Holdings (Roebucks) case.
It is well settled that in determining whether an employer’s work rule violates Section
8(a)(1), the appropriate inquiry is whether the rule would reasonably tend to chill employees in
the exercise of their Section 7 rights. See Lafayette Park Hotel, 326 NLRB 824, 825 (1998),
enf’d. 203 F.3d 52 (D.C. Cir. 1999). In Sears Holdings (Roebucks), the Division of Advice
recommended dismissal of the charge because the policy could not “reasonably be interpreted to
prohibit Section 7 protected activity” under Lafayette Park Hotel, as refined by Lutheran
Heritage Village – Livonia, 343 NLRB 646 (2004). Under this line of cases, when a rule does
not explicitly restrict Section 7 protected activity, a violation of 8(a)(1) will be found only “upon
a showing of one of the following: (1) employees would reasonably construe the language to
prohibit Section 7 activity; (2) the rule was promulgated in response to union activity; or (3) the
rule has been applied to restrict the exercise of Section 7 rights.” Id. at 647. In Sears Holdings,
there was no evidence that the employer used the policy to discipline anyone (as was the case in
American Med. Response of Conn.) or that it was promulgated in response to a union campaign
or other Section 7 activity. Left to review the policy for whether an employee would reasonably
read it as limiting Section 7 activity, Advice concluded that because the rule included a list of
“plainly egregious conduct” no employee “could reasonably construe” the social media policy as
prohibiting Section 7 activities. 12
12
Subsequent Advice Memos continue to apply Lafayette Park Hotel and Lutheran Heritage
Village-Livonia in reviewing challenged employer policies and rules. See, e.g., Flagler Hospital,
OGC Advice Memo, NLRB Case No. 12-CA-27031 (May 10, 2011), (Broadly-written policy,
when applied to protected conduct and in the absence of limiting or clarifying language, was
unlawful as it could reasonably be interpreted to prohibit protected discussions, despite a
generally phrased “savings clause”); Giant Eagle, OGC Advice Memo, NLRB Case No. 6-CA37260 (June 16, 2011) (Certain rules, including prohibition on employee use of company logos
and photos unlawful in the absence of clarifying or limiting language, but rule prohibiting
employees from pressuring co-workers to connect via social media was sufficiently narrowly
drawn to restrict only unprotected harassing conduct).
7
On May 30, 2012 the Office of the General Counsel, Division of OperationsManagement issued a third GC Report concerning social media cases, focused solely on
employer policies and rules that impact employee use of social media. See Memorandum OM
12-59 May 30, 2012. The Acting General Counsel’s cover memo notes that “Employee use of
social media as it relates to the workplace continues to increase, raising various concerns by
employers, and in turn, resulting in employers’ drafting new and/or revising existing policies and
rules to address these concerns.” The Report discusses seven unnamed cases, the first six of
which involve policies and rules that are, at least in part, overbroad and unlawful, including rules
on “appropriate” use of social media technology and policies on “friending co-workers” and “use
of good judgment about what you share and how you share” on social media. Examples of
specific problematic provisions include: instructions to employees to “[t]hink carefully about
‘friending’ co-workers” (unlawfully overbroad because it discourages communication among coworkers) and instructions to employees to “[r]eport any unusual or inappropriate internal social
media activity” (unlawful because it encourages employees to report to management the union
activities of other employees). OM 12-59 at 9. The last reported case involves a social media
policy that is found to be lawful, as revised with examples of prohibited conduct. A copy of this
lawful policy is included in the Report.
Subsequently, in September 2012, the Board issued its first social media decisions in
Costco Wholesale Corp., 358 NLRB No. 106 (Sept. 7, 2012) and Knauz BMW, 358 NLRB No.
164 (Sept. 28, 2012). In both cases the Board applied the same Lafayette Park Hotel/Lutheran
Heritage Village-Livonia analysis in determining whether the policies and rules violated 8(a)(1).
In Costco, the Board found the employer’s policy of prohibiting employees from
electronically posting statements that damage the company, defame any individual or damage a
person’s reputation to be unlawful because employees would reasonably construe this rule as one
that prohibits Section 7 activity. The Board noted there is nothing in the rule to suggest that
protected communications are excluded and no accompanying language that would tend to
restrict its application. See Costco, slip op. at 1-2. In Knauz, the Board found the employer’s
“courtesy rule,” which prohibited “disrespectful” conduct and “language which injures the image
or reputation” of the employer, to be unlawful, because nothing in the rule or elsewhere in the
employee handbook “would reasonably suggest…that employee communications protected by
Section 7…are excluded from the rule’s broad reach.” See Knauz, slip op. at 1. Moreover, the
Board notes that ambiguous employer rules – rules that reasonably could be read to have a
coercive meaning – are construed against the employer. Id. at 2, citing Flex Frac Logistics, LLC,
358 NLRB No. 127, slip op. at 2 (2012). 13
13
In his dissent, Board Member Hayes argued that the majority departed from precedent,
reaching its result by reading words and phrases in isolation and effectively determining that the
Act invalidates any policy that employees conceivably could construe to prohibit protected
activity, regardless of whether they reasonably would do so. In debunking this argument, the
8
Finally, a recent Advice Memo in The Boeing Company, 19-CA-088157 (February 28,
2013), issued after Costco and Knauz, reminds us of the importance of context. In Boeing, a
“Code of Conduct” maintained as part of the Employer’s business ethics policy was found to be
lawful because employees would not reasonably construe its potentially overbroad language to
restrict protected concerted activities in the context of voluminous explanations and examples
immediately following the Code. Again applying the Lafayette Park Hotel/Lutheran Heritage
Village-Livonia analysis, the Advice Memo reminds us that “[t]he Board has cautioned against
‘reading particular phrases in isolation,’” and that potentially violative phrases must be
considered in the proper context. Although some of the language of Boeing’s Code is troubling
and seemingly at odds with the guidance from the General Counsel and the Board’s recent
decisions, it is the context of the challenged policy within the broader framework of the
Employer’s detailed Ethical Guidelines that saves Boeing’s Code. 14
2. Protected Statements vs. Disparagement, Defamation, or Worse
a. Statements by Employees
Under well settled Board law, statements that would otherwise be protected can lose the
protection of the Act if they are intentional appeals to outsiders and constitute disloyalty,
disparagement or defamation of the employer. See NLRB v. Electrical Workers Local No. 1229
(Jefferson Standard), 346 U.S. 464 (1953). Moreover, employees can lose protection if, during
the course of otherwise protected activity, their conduct toward a supervisor is sufficiently
egregious and undermines or disrupts shop discipline. See Atlantic Steel Company, 245 NLRB
814 (1976). 15 Social media conduct generally fares well under the Atlantic Steel analysis as the
postings occur and exist outside the workplace in cyberspace and cannot, for the most part, be
said to disrupt work or pose any kind of real threat. However, the more public nature of social
majority points out that Lutheran Heritage Village does not stand for the proposition that an
employer rule must be upheld if employees could reasonably construe its language not to
prohibit Section 7 activity. Slip op. at 2-3.
14
The Advice Memo notes that the Union’s presence at the new employee orientation where the
policy is presented to employees is a factor that would lead employees to believe that restrictions
on use of Employer assets and information would not extend to employee communications with
their Union representatives, although that fact alone would not save an overbroad or ambiguous
policy.
15
Under Atlantic Steel, the Board considers the following four factors in determining if
employee conduct forfeits protection: (1) the place of the discussion; (2) the subject matter of the
discussion; (3) the nature of the employee’s “outburst”; and (4) whether the outburst was, in any
way, provoked by an employer unfair labor practice. Atlantic Steel, 245 NLRB at 816.
9
media communications make them vulnerable to potential loss of protection under Jefferson
Standard.
Interestingly, there has been a slight shift in the traditional “loss of protection” analysis
seen in Advice Memos and GC Reports resulting in using a “modified Atlantic Steel analysis”
that incorporates relevant considerations from the Jefferson Standard test when analyzing social
media communications. An in-depth discussion of this modified analysis can be found in in GC
Report OM 12-31, issued January 24, 2012. 16
Because the traditional application of Jefferson Standard does not provide a suitable
framework to analyze most Facebook postings – which are more analogous to a conversation
among employees overheard by third parties than to an intentional dissemination of employer
information to the public seeking support – an Atlantic Steel analysis seems more appropriate.
Nevertheless, an Atlantic Steel analysis typically focuses on whether the communications would
disrupt or undermine shop discipline, and presents some complications when applied to
Facebook comments. See GC Report OM 12-31, at 24. Because the Atlantic Steel analysis does
not usually consider the impact of disparaging comments made to third parties, OGC “decided
that a modified Atlantic Steel analysis that considers not only disruption to workplace discipline,
but that also borrows from Jefferson Standard to analyze the alleged disparagement of the
employer’s product and services, would more closely follow the spirit of the Board’s
jurisprudence regarding the protection afforded to employee speech.” Id.
Applying Atlantic Steel to the case under discussion in the Report, the GC notes that the
“location of the conversation” and “nature of the outburst” factors must be adapted to reflect the
inherent differences between Facebook discussion and a workplace outburst. The GC notes that
because the conversation was also viewed by a small number of non-employee members of the
public, the impact of the posting on the employer’s reputation and business must be considered.
In such a context, the GC notes, “the ‘nature of the outburst’ and ‘location’ inquiries of Atlantic
Steel merge to require consideration of the impact of the fact that the discussion could be viewed
by third parties.” Id. at 25. In the case under discussion, the GC ultimately felt that the
language, while critical, was not defamatory or otherwise so disparaging as to lose protection of
the Act.
This modified analysis represents a significant leap – but where we will land is not
exactly clear. We must wait to see whether the Board adopts this modified Atlantic Steel
analysis or not. Either way, one thing is clear: The nature of social media activity and the
potential impact of statements made in that realm are a challenge for those charged with ensuring
16
See also, Wolters Kluwer, OGC Advice Memo, NLRB Case No. 18-CA-64873 (Nov. 28,
2011)(applying modified analysis and finding no loss of protection); Detroit Medical Center,
OGC Advice Memo, NLRB Case No. 7-CA-06682 (Jan. 20, 2012)(applying modified analysis
and finding racially inflammatory and threatening posts to be unprotected, even though related to
Sec. 7 concerns).
10
that the protections of the Act keep pace with advances in technology and the resulting changes
in how employees discuss workplace issues.
b. Protection For Unions – The Communications Decency Act and the Digital
Millennium Copyright Act
Workers are using social media tools to communicate with each other, and sometimes
going to union forums to talk about workplace issues with co-workers. Unions are increasingly
using company “watch” websites as part of so-called corporate campaigns, to expose information
such as labor law violations, dubious business practices, and quality of care or health and safety
issues, and encourage employers to respect the union and be more cooperative with employee
demands. These campaigns are an important tool in new organizing to get employers to agree to
card check and neutrality and in contract campaigns.
Unions can be found liable for making defamatory remarks or engaging in product
disparagement, claims often levied against unions’ corporate campaigns. Even so, unions can
comment negatively on an employer’s product if the critique is true. As unions’ use of
interactive online media increases, they have an even more important protection against liability
for comments made by the public on their union websites: Sec. 230 of the Communications
Decency Act.
The Communications Decency Act (“CDA”) of 1996 was Congress’s response to the
New York state court decision in Stratton Oakmont holding Prodigy liable to the plaintiffs as a
publisher for allowing people to post defamatory material about Stratton Oakmont (and therefore
subject to liability for defamation regardless of actual or imputed knowledge). Stratton Oakmont
v. Prodigy Services, Inc., 23 Media L.Rep. 1974 (1995 LEXIS 229). Congress enacted the CDA
to provide Internet Service Providers (“ISP”) a shelter from liability by preventing state law from
treating the internet service provider as the “publisher” of any material it did not remove or of
any online content posted by third parties. 17 Interpreted broadly, CDA precludes liability from
third-party republication.
In most cases, the CDA provides a union, as well as its lawyers, with a measure of
comfort that a court will not hold the union liable for engaging in defamation when someone else
writes a post on a union sponsored Facebook page or blog. The CDA states, in pertinent part,
that “[n]o provider of or user of an interactive computer service shall be treated as a publisher or
speaker of any information provided by another information provider.” 47 U.S.C. §230(c)(1).
Practically speaking, in evaluating whether a court will find that a union is protected from
liability under Sec. 230 a union lawyer should ask three questions. First, is the union an
17
Pete Kennedy, Symposium, The Internet and the Law: Internet Libel—the Anonymous Writer
and the Online Publisher, 52 The Advocate 509 (2010).
11
interactive computer services provider? In other words, does the union own or sponsor the web
page or blog? Second, is the union an information content provider with respect to the disputed
activity? In other words, did the union draft the posting with the potentially defamatory content
on the web site? Third, is an adverse party seeking to hold the union liable for information
originating with a third party user (such as a worker, or an anonymous commenter)? Doe II v.
MySpace Inc., 175 Cal. App. 4th 561 (Cal. App. 2d Dist. 2009). Generally, a union creating a
website or Facebook site will not be responsible for the content that third parties put on the page.
Courts have broadly construed subpart 230(c)(1) to preempt virtually all speech-based
claims (not merely defamation) brought against interactive computer services or users for content
created by others. The issue under 230(c)(1) is frequently, “whether a given defendant should be
treated as an information content provider (in which the exemption is not available) or merely
the publisher or speaker of information provided by another information content provider?” 18
The Fourth Circuit articulated the theme of Section 230:
Taken together, these provisions bar state-law plaintiffs from holding interactive
computer service providers legally responsible for information created and
developed by third parties. Congress thus established a general rule that providers
of interactive computer services are liable only for speech that is properly
attributable to them. State-law plaintiffs may hold liable the person who creates
or develops unlawful content, but not the interactive computer service provider
who merely enables that content to be posted online.
To further the policies underlying the CDA, courts have generally accorded § 230
immunity a broad scope.
Nemet Chevrolet, Ltd. v. Consumeraffairs.com, 791 F.3d 250, 254-55 (4th Cir. 2009) (internal
citations omitted).
There is an important caveat to keep in mind when advising a union on how to create a
web site that will maximize the protection afforded pursuant to Sec. 230 of the Act. Sec. 230
immunity does not apply to a website owner or publisher who solicited defamatory or
inflammatory comments, or who knew or should have known that she or he was soliciting
defamatory material. In certain heated contract campaigns, it is entirely possible for a union to
use its website as a forum for engaging its members including encouraging members or potential
members to post on the website. The problem is that employees using a union’s website to
discuss matters concerning their working conditions or engage in mutual concerted activity may
unwittingly make defamatory comments, and it is unclear what the union’s liability would be in
such a situation. Workers may feel like they were invited by the union to make defamatory
18
Ian C. Ballon, E-Commerce & Internet Law: Treatise with Forms, 2d Ed. Volume 3, 37-49
(2009).
12
statements about their employer, and the union may think that the CDA would insulate them
from liability.
To that end, counsel for unions should review two new cases that have come out recently:
Directory Assistant’s, Inc. v. Supermedia, Inc., 884 F.Supp. 446 (E.D. Va. 2012) and Jones v.
Dirty World Recording, Inc., 840 F.Supp. 2d. 1008 (E.D. Ky. 2012). These cases provide fresh
insight into how federal courts are deciding who is soliciting defamatory material, and reinforce
the fact specific nature of inquiring whether a web site host solicited users to post defamatory
comments on its website.
In Directory Assistant’s, the Plaintiff alleged that that the Defendant’s emails containing
links to websites such as RipOffReport.com and ScamInformer.com that contained negative and
defamatory comments. The Plaintiff claimed that Supermedia’s emails containing links to such
information were defamatory as well. Directory Assistant’s Inc., 884 F.Supp. at 447-48. The
court rejected that argument. In dismissing the complaint, the court held that the act of emailing
links, without editorial comment, without solicitation, and without further development of
defamatory material, does not constitute the creation of new information or otherwise defeat Sec.
230 immunity. Id. at 453.
The facts in Jones led the court in that case to arrive at a different conclusion. In that
case, the Defendant ran a website called theDirty.com, a gossip site. A user posted comments
about a Bengals cheerleader and her personal activities. The host of the website also replied to
user comments, and in doing so announced his negative opinion about the plaintiff. See Jones,
840 F.Supp. at 1009-10. The court concluded in that case that the CDA does not insulate the
publisher of theDirty.com from liability because he had an active role in soliciting defamatory
information. Specifically, the court noted that the name of the website itself indicated that it was
a website for posting salacious information. The court also noted that the publisher of the site
decided which posts he would publish of the thousands he received a day in his email. Finally
and most significantly, the court noted that the posting of his own commentary showed he was
no mere publisher, but an information content provider. Id. at 1012. In the court’s opinions,
these facts were sufficient to show that the proprietor of the website was soliciting defamatory
material and not entitled to immunity under Sec. 230 of the CDA.
Even though the courts have decided hundreds of CDA cases, the NLRA is just starting
to grapple with the Communications Decency Act. In ACTU Local 1433 v. Veolia Transit, 28CB-078377, the ALJ held that the Communications Decency Act shielded the union for liability
for comments placed by non-agent union members on the union’s Facebook page. In that case,
union members on strike had made general threats against co-workers who refused to join the
strike on the union’s Facebook page. The General Counsel took the position that the union had a
duty to disavow any threats made on its Facebook way in a complete and thorough manner. The
ALJ held that Section 230 of the Communications Decency Act immunized the union from
13
liability because the union acted solely as a publisher, and not an information content provider,
nor did it encourage members to make threats. ALJ Decision at 8.
The case is currently before on the Board on exceptions. This is a case union lawyers
interested in social media issues should follow closely because it will give a sense of how the
Board will address laws affecting internet usage and its relationship with the National Labor
Relations Act.
Also, counsel should familiarize themselves with the Digital Millennium Copyright Act
(DMCA) and its safe harbor provisions. See 17 U.S.C. §512. The “Safe Harbor” may provide a
union with immunity from liability when third parties post trademark or copyright infringing
content on the union’s website. Specifically, 17 U.S.C. §512(c)(1) states:
A service provider shall not be liable for monetary relief, or, except as provided in
subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of
the storage at the direction of a user of material that resides on a system or network controlled or
operated by or for the service provider, if the service provider—
(A)
(i) does not have actual knowledge that the material or an activity using the material on the
system or network is infringing;
(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which
infringing activity is apparent; or
(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable
access to, the material;
(B) does not receive a financial benefit directly attributable to the infringing activity, in a case in
which the service provider has the right and ability to control such activity; and
(C) upon notification of claimed infringement as described in paragraph (3), responds
expeditiously to remove, or disable access to, the material that is claimed to be infringing or to
be the subject of infringing activity.
The DMCA’s safe harbor can be used as an effective tool for limiting trademark related
risk when the union acts quickly in response to take down notices. Since the union cannot
control what third parties put onto its website at all times, the DMCA insulates parties from
liability who act quickly to address the harm whether the content is found to ultimately infringe
on an employer’s trademark or copyright. It may be useful for union counsel to search for music
videos of their favorite artists on YouTube. Most times the artists or their labels will send a
“take down” notice to YouTube, and it will promptly take down the video, leaving a user with a
notice that it has been taken down. Unions should have on their website an address and a email
14
link that will send any take down notices to the correct staff to deal with the issue in an
expeditious matter.
c. New Avenues of Attack against “Watch” Websites and Other Union Online Activity
Even though there are new defenses that unions can take advantage of, employers are
suing unions pursuant to other federal statutes. With the increasing use of “watch” websites
there has come increased employer interest in new avenues of attack for use against unions. In
2009, the Cintas Corporation brought a Racketeer Influenced and Corrupt Organizations Act
(“RICO”) suit against UNITE HERE and the Teamsters for their “Cintas Exposed” website, in
addition to trademark claims under the Lanham Act. Cintas Corp. v. Unite Here, 601 F.Supp.2d
571 (SDNY 2009), aff’d No. 09-1287-cv, 355 Fed.Appx. 508 (2d Cir. Dec. 8, 2009). This
website encouraged customers to check their invoices and contracts carefully, as well as
generated complaint and cancellation letters to send to Cintas. The court found that the union’s
actions did not rise to the level of extortion, required to prove the RICO claim, or trademark
infringement, and dismissed the case. While the union website succeeded in the end, the case
demonstrated a new and creative approach to attack online tools for organizing.
Another, more successful attempt by an employer to get creative in blocking union
activity arose recently in Pulte Homes v LIUNA, 2011 U.S. App. Lexis 15828 (6th Cir 2011). In
that case, the union asked supporters and members to mass call and mass email Pulte Homes, the
employer, to ask that it reinstate a union supporter. So many calls came in that Pulte’s email
system and phone system shut down. Pulte sued LIUNA, alleging that its actions constituted a
violation of the Federal Computer Fraud and Abuse Act (CFAA), and the District Court for
Eastern Michigan dismissed the suit on the basis of the anti-injunction provisions of the NorrisLaGuardia Act. The Sixth Circuit, however, held that even though the call-in and mass emails
by LIUNA members constituted Sec. 7 concerted activity arising out of a labor dispute, the
independent federal remedy doctrine provided the courts with subject matter jurisdiction over the
action. See Id. at *4-*5. The Court further held that neither Machinists nor Garmon preemption
barred Pulte’s CFAA claim from moving forward.
15
TIME, PLACE, AND MANNER:
PRACTICAL CONSIDERATIONS FOR USE OF SOCIAL MEDIA
At a time when social media has helped organize protests and the US Government has
announced that internet access is a fundamental human right, employees are still struggling over
electronic rights at the workplace.
Although the General Counsel’s office has been policing the implementation of social
media policies for possible chilling of Section 7 rights in cases that – for the most part – do not
implicate employer property rights, the Board’s decision in The Guard Publishing Company
d/b/a The Register-Guard, 351 NLRB 119 (2007), continues to tie the General Counsel’s hands
in situations that involve the use of an employer’s equipment and systems. Even though many
unions have challenged Register Guard, the challenges continue forward.
In determining what rights, if any, employees have to use social media for Section 7
purposes at work, using the employer’s equipment and systems, the Board’s decision in RegisterGuard poses a fundamental problem for employees because it gives employers the nearly
unfettered right to restrict electronic access – indeed almost an affirmative right to interfere with
Section 7 rights – absent a showing of discriminatory motive or disparate treatment of similar
Section 7 activities.
1. The Register-Guard Saga
The Board’s 3-2 decision in The Guard Publishing Company d/b/a The Register-Guard, 351
NLRB 119 (2007), dealt a blow to the exercise of Section 7 rights at the workplace in the context
of e-mail communications. In Register-Guard, the company disciplined an employee, who was
also the union president, for sending out solicitations and other e-mails about union business that
the company claimed violated its policy on computer use. The majority held that employers
have a basic property right in their e-mail systems, that employees have no statutory right to use
the company’s e-mail system for Section 7 purposes 19 and that an employer does not violate the
Act by maintaining a policy prohibiting the use of its e-mail system for all non-job-related
solicitations, including Section 7 activity.
The majority also adopted a new discrimination standard distinguishing between different
types of non-work-related use, finding unlawful discrimination only where employers engage in
19
The majority noted that there was no contention that the employees rarely saw each other in
person, communicate solely by electronic means, or that the use of e-mail had rendered
traditional forms of workplace communication useless. Register-Guard, 351 NLRB at 1116.
This argument would not hold true in many workplaces today.
16
disparate treatment of activities or communications of a similar character because of their union
or other Section 7 status.
Because the employer supposedly permitted personal e-mail solicitations but not e-mails
soliciting support for any outside group or organization, and because the majority viewed the
union as an outside organization,20 the majority determined that the employer’s enforcement of
its policy was lawful with respect to two e-mails that constituted a solicitation for union support.
Thus, under the majority’s reasoning, an employer can lawfully allow employees to use e-mail to
send personal solicitations, while prohibiting employees from using e-mail to send union
solicitations, as long as the employer bans solicitations on behalf of all types of organizations.
The D.C. Circuit reversed in part, 21 holding that the company violated the Act by
discriminatorily enforcing its non-solicitation policy, and remanded the case back to the Board
for further consideration consistent with its opinion. See Guard Publishing Co. v. NLRB, 571 F.
3d 53 (D.C. Cir. 2009).
Denouncing the discrimination standard enunciated in Register Guard, the Court called the
majority’s rationale a “post hoc invention,” noting that the company had never made a
distinction between personal and organizational solicitations and had included outside
organizational solicitations only as an example of the category of “all non-job related
solicitations” forbidden under its policy. The Court further noted that the disciplinary warning to
the employee failed to invoke any difference between organizational and personal solicitations,
and instead reprimanded her and told her to refrain from using the system for union/personal
business. The Court also found that the only employee emails that had ever led to discipline
were those union related e-mails involved in the case.
The year after the Board’s decision in Register-Guard, but before the D.C. Circuit’s remand,
the Office of The General Counsel issued a memorandum that gave an overview of its
application of Register-Guard through the discussion of five specific scenarios. See
Memorandum GC 08-07 (May 15, 2008). Although the outcomes in each case are fact-specific,
the memo sets forth the following relevant principles:
20
The acting GC has taken the position that Register-Guard should be overruled and has stated
continued adherence to GC positions previously articulated in Register Guard including the
argument – ignored by the majority – that when employees communicate about protected,
concerted activity, whether those communications mention a union or not, they are not working
on behalf of an “outside organization” but are invoking their fundamental statutory rights. See
General Counsel’s February 22, 2007 Responsive Brief to the Board at p. 3.
21
The Union petitioned for review solely of the Board’s finding that the discipline regarding two
e-mails was lawful, not of the Board’s finding that the e-mails policy was lawful.
17
•
•
•
If an employer permits employees to send non work related solicitations that include
institutional, commercial solicitations, it cannot apply its internet policy to forbid
employees from sending union solicitations.
Where the motive for line-drawing is anti-union, the action is unlawful. Thus, an
otherwise valid rule promulgated for anti-union reasons is unlawful. 22
Direct communications with management seeking improvements in working conditions
do not constitute solicitation and cannot be prohibited under a no-solicitation policy. 23
In addition, a June, 2008 Advice Memorandum issued in the Uloop case, OGC Advice
Memo, (21-CA-038223), made it clear that Employees have a Section 7 right to use an
employer’s electronic communication system in situations where they cannot communicate by
traditional means and would otherwise be entirely deprived of their Section 7 rights to
communicate at work on their own time.
Although the facts in Uloop were unusual in that the employees had no common workplace
and were scattered throughout various states and campuses, work situations increasingly involve
a comparable degree of isolation, rendering “traditional means” of communication difficult, if
not impossible. For example, as a result of new technology employees are increasingly working
in environments isolated from co-workers (i.e., cyber-commuting). Also, employees in certain
industries (i.e., homecare) have similar isolation issues, particularly now that direct-deposit of
paychecks is the norm and other HR and personnel functions and even routine meetings are often
handled electronically. Moreover, the combination of work place pressures to produce and new
desktop technologies have resulted in decreased physical mobility for employees at the
workplace. There is, quite simply, no real opportunity to engage in “traditional means” of
communication for many employees.
Indeed, the concept of “traditional means” of
communication needs to be revisited and updated to reflect today’s workplace reality, as
recognized by the Board in its electronic notice posting decision J. Picini Flooring, 356 NLRB
No. 9, slip. op. at 3 (Oct. 22, 2010). 24
On July 26, 2011 the Board finally issued a Supplemental Decision and Order on the
Register-Guard remand on July 26, 2011, solely on the issue of whether the employer had
violated 8(a)(1) and (3) by disciplining the union president/employee for sending the two union
22
See also the Advice Memo in Sears Holdings (Roebucks), OGC Advice Memo, Case 18-CA19081, discussing Lutheran Heritage Village, 343 NLRB 646 (2004).
23
In “case 4” Advice found that the Employer had not drawn a meaningful distinction between
personal e-mails that it allowed and those that it prohibited, and that employee e-mails to
management seeking improvements in terms and conditions of employment were more jobrelated than personal as they were not a call for action in support of an outside organization.
24
“We find that given the increasing prevalence of electronic communications at and away from
the workplace, respondents in Board cases should be required to distribute remedial notices
electronically when that is a customary means of communicating with employees or members.”
18
related e-mails to unit employees using the employer’s e-mail system in August 2000. The
Guard Publishing Co. d/b/a The Register-Guard, 357 NLRB No. 27 (July 26, 2011). The Board
found violations with respect to the discipline for both e-mails at issue. The appeal did not raise,
and the remand did not include, the issue of the discrimination standard itself, so the Board did
not address it.
The General Counsel’s office had clearly recognized that the Register Guard issue was still
problematic and unsettled and included all “cases involving the issue of whether employees have
a Section 7 right to use an employer’s email system or that require application of the
discrimination standard enunciated in Register Guard,” as part of the April 12, 2011
Memorandum GC 11-11, on Mandatory Submissions to Advice.
To date the GC’s office is still reviewing all cases involving Register-Guard issues and will
hopefully find an appropriate case to overturn Register-Guard and reinstate Republic Aviation as
the controlling standard for determining the rights of employees to use the employer’s computer
equipment and e-mail/internet systems to engage in otherwise protected Section 7 conduct. 25
2. Employee Privacy Rights and the Use of Employer Resources
Beyond labor law, employees’ privacy rights provide important, though somewhat limited,
protections against employer monitoring and surveillance. These rights come into play
especially in the context of employee use of employer-provided technology. Employees who
spend their days in front of an employer-owned desktop might spend part of that time on
personal internet use; an employee’s “home” computer might actually be a work-issued laptop;
an employer-provided BlackBerry or cell phone might be an employee’s only telephone, her
camera, and her most-used conduit to Facebook, Twitter, Instagram and the internet. As
employees’ social media usage – and their personal lives in general – increasingly involve the
use of employer resources, the question of employees’ privacy rights becomes more and more
important. While there is very little privacy law addressing employees’ use of social media for
union purposes, case law governing the right of privacy in employer-provided resources raises
interesting questions about what protections will be available as technology and usage evolves.
For public employees, employer monitoring of an employee’s work computer may be
evaluated in the context of the employee’s Fourth Amendment protections against unreasonable
search and seizure. In O’Connor v. Ortega, 480 U.S. 709 (1987), the Supreme Court announced
that “[s]earches and seizures by government employers or supervisors of the private property of
their employees are subject to Fourth Amendment restraints.” Whether a particular search
25
Although the GC has apparently authorized complaints to issue on alternate theories including
that Register-Guard should be reversed, to date none of these cases have been addressed by ALJs
or discussed in posted Advice Memos.
19
violated the Fourth Amendment depended on an employee’s reasonable expectation of privacy,
but that reasonableness depended largely on the “operational realities of the workplace.” Id. at
717. Office practices and procedures, as well as legitimate regulation, might therefore make
some employees’ expectations of privacy unreasonable. Id. Given the importance of these
operational realities, courts would need to address the question of the reasonableness of
employees’ expectations of privacy on a case-by-case basis. Id. at 718.
Although private employees have no such Fourth Amendment protections against employer
monitoring, some employer searches may constitute the tort of invasion of privacy. Courts have
applied tort law to physical searches of employees’ exclusive space. In Doe v. Kohn, Nast &
Graf, 862 F.Supp. 1310 (E.D. Pa 1994), a law firm partner allegedly searched an associate’s desk
and found a doctor’s letter about the associate’s treatment for AIDS. The court found that the
intentional tort of intrusion upon seclusion – involving a defendant who knowingly and
substantially invades the plaintiff’s privacy without legal authority to do so in a way that a
reasonable person would find offensive – can apply to “a search of an employee’s workplace
which is done in such a way as to reveal matters unrelated to the workplace.” Id. at 1326.
Ultimately, the permissibility of monitoring employee use of work-issued technology
tends to turn on whether the employee has a reasonable expectation of that privacy in that use.
To determine whether such a reasonable expectation exists, courts often look to behavior of
employers – such as adopting and giving notice of an unambiguous monitoring policy – and
employees – for example, using a password-protected personal e-mail account rather than a work
account.
Some courts begin with a baseline view that employers have an absolute right to adopt
policies regarding monitoring of their own technological resources. Finding no violation where
an employer inspected an employee’s company-issued laptop, the Seventh Circuit announced
that because the laptop was the employer’s property, the employer “could attach whatever
conditions to [the laptop’s] use it wanted to. They did not have to be reasonable conditions.”
After all, the Court reasoned, “the abuse of access to workplace computers is so common… that
reserving a right of inspection is so far from being unreasonable that the failure to do so might
well be thought irresponsible.” Muick v. Glenayre Elecs., 280 F.3d 741, 743 (7th Cir. 2002).
In order to reserve the right of inspection, courts generally require employers to adopt
unambiguous monitoring policies. See Leventhal v. Knapek, 266 F.3d 64 (2d Cir. 2001)
(employee had a reasonable expectation of privacy in files stored on a work computer in the
absence of a clear monitoring policy). Generally, once employees are given notice that the
employer plans to exercise the right of inspection, their expectations of privacy are undercut.
For example, in United States v. Mosby, 3:08-CR-127, 2008 U.S. Dist. LEXIS 56583 (E.D. Va.
2008), an employee had no such reasonable expectation when he acknowledged a detailed
warning of the employer’s monitoring policy every time he logged into his work computer. See
also United States v. Bailey, 272 F.Supp. 2d 822, 824 (D. Neb. 2003) (“an employer’s notice to
20
an employee that workplace files, internet use, and e-mail may be monitored undermines the
reasonableness of an employee’s claim that he or she believed such information was private and
not subject to search”).
Given the broad power of employers to institute monitoring policies, courts have closely
examined the content and wording of those policies when evaluating employees’ privacy claims.
In Stengart v. Loving Care Agency, Inc., 990 A.2d 650 (N.J. 2010), the employer’s monitoring
policy declared that e-mails “are not to be considered private or personal to any individual
employee” but also acknowledged that “[o]ccasional personal use [of e-mail] is permitted.” Id.
at 659. That ambiguity was a factor in the court’s decision that the employee had a reasonable
expectation of privacy in privileged e-mails sent from a private account, even though she used an
employer-provided computer. Id. at 663; see also National Economic Research Associates v.
Evans, Mass L. Rptr. No. 15. 337 at 338-39 (Mass.Super.Ct. Sept. 25, 2006) (finding that where
an employee manual “did not expressly declare, or even implicitly suggest, that [the employer]
would monitor the content of e-mail communications made from an employee’s personal e-mail
account via the Internet whenever those communications were viewed on an [employer]-issued
computer” an employee’s expectation of privacy in those e-mails was reasonable).
Moreover, even with unambiguous monitoring policies in place, employers may still
create a reasonable expectation of privacy by providing employees with resources intended for
their individual use. An employee might reasonably expect computer files to be private when
they are stored on a computer in an office meant for that employee’s exclusive use. United
States v. Ziegler, 474 F.3d 1184 (9th Cir. 2007). There may also be a reasonable expectation of
privacy with respect to files stored in computer directories created by employers for an
employee’s personal use. Haynes v. Office of the Attorney General, 298 F.Supp.2d 1154 (D.Kan
2003).
Finally, employee behavior might also be a factor in determining whether an expectation
of privacy is reasonable. In Stengart, 990 A.2d 650, even though the plaintiff employee used a
company-provided computer to exchange messages with her attorney, she did so using a
password-protected, personal, third-party email account, and the messages were clearly labeled
as privileged; the New Jersey Supreme Court took all of those factors into consideration when
finding that she had a reasonable expectation of privacy in those messages.
The law on employer searches of employer-provided technological equipment is still
developing. When it recently considered the question of an employer’s audit of an employee’s
personal text messages, sent from an employer-provided pager during work hours but paid for by
the employee and stored on a third-party server, the Supreme Court urged “caution before the
facts in the instant case are used to establish far-reaching premises that define the existence, and
extent, of privacy expectations enjoyed by employees when using employer-provided
communication devices.” City of Ontario v. Quon, 130 S. Ct. 2619, 2629 (2010). Rather than
set such precedent, the Court decided to look to “settled principles determining when a search is
21
reasonable.” Id. 2624. But given the potential for rapidly expanding use of social media on
employer-provided technology, such settled principles may ultimately be inadequate to address
conditions in the modern workplace. When considering employer searches of employee social
networks, will courts follow Stengart and find that employees have a reasonable expectation of
privacy in password-protected Facebook pages or restricted-access groups? Will employers be
allowed to inspect GPS tags from pictures taken on or posted from employer-provided camera
phones? As employees become ever more likely to use employer resources to access social
media, courts may find themselves forced to take bold new steps in interpreting the law.
BIG BROTHER AND SOCIAL MEDIA: IS YOUR EMPLOYER WATCHING YOU?
1. Cyber-Surveillance and Section 8(A)(1)
A Division of Advice Memorandum issued in May 2010 presented the first case in which the
Board has considered employer surveillance in the context of social media. See MONOC, OGC
Advice Memo, NLRB Case No. 22-CA-29008 (May 5, 2010). In MONOC the employer
disciplined a group of employees based on Facebook comments they made suggesting they did
not provide appropriate medical care to patients. “Concerned co-workers” allegedly printed out
copies of the statements and gave them to management. Advice determined that because the
employer received the postings from other employees “without soliciting them” and informed
them of that fact, it did not create the unlawful impression of surveillance. Also troubling is
Advice’s naïve conclusion that because the employee restricted access on her Facebook page to
her “friends” she could not “reasonably conclude that the Employer was directly monitoring her
Facebook page.”
The Advice memo in Buel, Inc., NLRB Case No. 11-CA-22936 (July 28, 2011) adds another
layer to the Facebook surveillance picture. In Buel, the Charging Party had “friended” his
supervisor, allowing the supervisor access to the Facebook conversation at issue. Advice said
that by “friending” his supervisor, the employee “essentially invited her to view his Facebook
page.” Since there was no evidence that the employer’s sole purpose for being on Facebook was
to monitor employees, the standard Board law applies that “there can be no unlawful surveillance
if the employer’s agent was invited to observe.”
The Ninth Circuit has provided additional guidance in Konop v. Hawaiian Airlines, 302 F.3d
868 (9th Cir. 2002), a case involving the Railway Labor Act in which an employer gained access
to a password protected website to view what its employees were saying. The Ninth Circuit
noted there that employers are generally prohibited from engaging in surveillance or organizing
activities, absent a legitimate justification. The court found no “principled distinction” between
unlawful employer eavesdropping and the employer’s access of Konop’s secure website. This
decision also reversed a lower courts’ grant of summary judgment against Konop on his claims
22
that the viewing of his website under false pretenses constituted interference with organizing
activities.
Although an employer may observe open union activity, it “may not do something ‘out of the
ordinary’ to give employees the impression that it is engaging in surveillance of their protected
activities.” Sprain Brook Manor Nursing Home, LLC, 351 NLRB No. 75 (2007). There are
recognized limits to how an employer may monitor activities, even those that occur “in public.”
In NLRB v. Collins & Aikman Corp., 146 F.2d 454, 455 (4th Cir. 1944) the court found that
unlawful surveillance occurred when a supervisor spent hours every night watching union
activities that occurred in a public space. The Board has found it unlawful even to create the
impression of surveillance through the statement that “it’s an open secret that you’ve joined the
union.” Daikichi Corp. d/b/a/ Daikichi Sushi, 335 NLRB 622, 623 (2001); see also Flexsteel
Indus., Inc., 311 NLRB 257 (1993). While the Division of Advice recommended dismissal of
portions of the MONOC charge dealing with unlawful employer surveillance, it may have been
overly persuaded that no unlawful monitoring occurred because the employer had actual
printouts of the Facebook posts allegedly given to it by an employee. The MONOC Advice
Memorandum applies existing case law to social media in a way that may yet be helpful in
curbing employer surveillance of employees on social media.
Situation that have not yet been squarely addressed by the Board include situations where an
employee is required as part of her job duties to utilize social media -- and then the boss uses
his/her access to that information to violate the Act or where a boss requests to be “friends” with
his employees on Facebook and uses the connection to determine that employees are forming a
union. There are situations being reported now where employers are requiring applicants and
employees to provide their passwords to protected sites. It remains to be seen how the Board and
the courts apply existing 8(a)(1) case law to these new scenarios.
2. Statutory Protections Against Employer Surveillance – the Stored Communications Act
Beyond labor law, employees have some statutory protections against employee monitoring
of their online behavior. Foremost among these is the Stored Communications Act, part of the
broader Electronic Communications Privacy Act, 18 U.S.C. §2501 et seq. The Stored
Communications Act (“SCA”) prohibits unauthorized intentional access to “a facility through
which an electronic communication service is provided” and creates a further offense when one
“intentionally exceeds an authorization to access that facility; and thereby obtains, alters or
prevents authorized access to a wire or electronic communication while it is in electronic storage
in such system.” 18 U.S.C. § 2701(a). Courts have found the SCA to apply to e-mail systems,
blogs, and Facebook accounts. 26
26
See, e.g., United States v. Councilman, 418 F.3d 67, 79 (1st Cir. 2005) (e-mail); Hall v.
EarthLink Network, Inc., 396 F.3d 500, 503 n.1 (2d Cir. 2005) (e-mail); Baily v. Bailey, No. 07
Civ. 11672, 2008 U.S. Dist. LEXIS 8565, 2008 WL 324156 (E.D. Mich. Feb. 6, 2008) (e-mail);
23
The SCA provides an important protection to bloggers and users of social media who post
anonymously about their employers. A common response by employers to such anonymous
postings is a defamation suit allowing the employer to issue subpoenas to learn a poster’s
identity. The SCA, however, protects electronic communications services, including Facebook
and Twitter, from divulging such records. Courts have found that "unauthorized private parties
and governmental entities are prohibited from using Rule 45 civil discovery subpoenas to
circumvent the Privacy Act’s protections.” In re Subpoena Duces Tecum to AOL, LLC, 550
F.Supp. 2d 606, 611 (E.D. VA 2008)(internal quotations omitted).
The SCA’s protections are limited by some important exceptions. First, they do not apply to
conduct authorized “by the person or entity providing a wire or electronic communications
service.” 18 U.S.C. § 2701(c)(1). The SCA therefore cannot be used to prevent an employer
from searching files stored on its own electronic systems. See Fraser v. Nationwide Mutual
Insurance, 352 F.3d 107 (3d Cir. 2003) (rejecting a claim under the SCA when an employer
inspected e-mails stored on its server).
The SCA also excepts from its coverage conduct authorized “by a user of that service with
respect to a communication of or intended for that user.” 18 U.S.C. § 2701(c)(2). While this
exception might allow an employer to gain access to an employee’s e-mail or social networking
account with the employee’s authorization, it does not give blanket permission for employers to
make use of employee passwords in their possession. In Pietrylo v. Hillstone Restaurant Group
d/b/a Houston’s, No. 06- 5754, 2008 U.S. Dist. LEXIS 108834 (D.N.J. 2008), employees of
Houston’s restaurant created a MySpace group for coworkers to vent their feelings about their
employer. Access to the group was restricted only to those invited to join, and those invitees
could view the group’s comments only through their personal, password-protected MySpace
pages. Upon learning about the group, a Houston’s manager requested the MySpace password of
one of the employees; fearing adverse employment consequences, that employee divulged her
password. Denying the employer’s motion for summary judgment, the court found that a
password given under duress did not constitute authorization for the employer to access the
MySpace group. Id. at 12.
Konop limited § 2701(c)(2) upon a close examination of the word “user” as defined by the
SCA. 302 F.3d 868. In Konop, an employee of Hawaiian Airlines established a passwordprotected employee blog. He created a list of employees with the right to log in and create
passwords for themselves. One of those coworkers voluntarily allowed a manager to use his
name to log into the system and create a password. Id. at 873. In the absence of duress, the
court looked to the fact that the authorizing employee had not logged in before, and found that
Konop, 302 F.3d 868 (9th Cir. 2002) (blog); Crispin v. Christian Audigier, Inc., 717 F.Supp.2d
965 (C.D. Cal. 2010) (social media websites); Juror No. One v. California, 2011 U.S. Dist.
LEXIS 16834 (E.D. Cal. 2011) (Facebook).
24
because he had not yet used the blog, he was therefore not a “user” for the purpose of §
2701(c)(2).
In a recent development, the Fifth Circuit found another exception to the SCA ban on access
to facilities in Garcia v. City of Laredo, 702 F.3d 788 (5th Cir. 2012). In that case the Laredo
police department accessed private text messages of the employee, an employee of the
department, that it claimed violated various policies of the Laredo police department. On the
basis of those emails, the department terminated the Plaintiff. The Plaintiff claimed that the
police department’s action violated the SCA because the department had improperly and without
authorization accessed a facility storing electronic information, namely, her cell phone. 5th
Circuit held that the SCA’s protections do not apply to data stored in a personal cell phone.
Specifically, the Court held that the definition of unauthorized access did not include personal
devices, but only information stored with a communications facility. In other words, the Court
held that the only information the SCA protects is information stored with the telephone
company, etc. Id. at 792-93.
Beyond the SCA, other federal and state statutes might provide protections for employees’
online activity. For example, both Delaware and Connecticut require employers to give notice
before monitoring employees’ e-mail or internet access. See DE Code § 19-7-705; Gen. Stat. CT
§ 31-48d. Colorado and Tennessee require all public employers to adopt monitoring policies.
See CO Rev. Stat. § 24-72-204; TN Code § 10-7-512. Addressing employer monitoring of
employees’ online behavior outside of work, the Maryland legislature considered but ultimately
did not adopt Senate Bill 971, which would have prohibited employers from requiring employees
and applicants to divulge their online accounts and passwords, and would have made it illegal for
employers to access those accounts without authorization. See Meg Tully, Status update: Bill
would stop bosses’ prying in social media, Frederick News-Post (Mar. 9, 2011). Finally, as
more and more states adopt statutes prohibiting cyber-bullying and cyber-stalking, it will be
interesting to see how those laws will be used to protect employees’ privacy from employer
intrusion, and anti-union coercion.
CAN SPAM AND THE TCPA: TEXTING AND EMAILING UNION MEMBERS
Just as unions have given significant attention to legal issues surrounding social media
tools, they should also think about other telecommunication laws, especially as unions integrate
social media platforms with other communication medium. Unions are not using only Facebook,
Digg, Instagram, and Twitter, also integrating those technologies with text messaging and
robocalling. Two main federal laws apply to the use of these technologies: the Controlling the
Assault of Non-Solicited Pornography and Marketing Act (“CAN SPAM”) and the Telephone
Consumer Protection Act (“TCPA”). 27
27
As briefly noted below, there may also be state laws within your jurisdiction that are applicable.
25
1. CAN SPAM
CAN SPAM, 15 U.S.C. §7701 et seq. was passed in 2003. The Act was Congress’
attempt to address on a nationwide level the large amount of unwanted, deceptive and
pornographic emails being generated by professional spammers, which were slowing down
internet traffic and requiring Internet Service Providers to purchase additional equipment to
handle the onslaught. Id. at §7701.
CAN SPAM, by its terms, preempts state laws which regulate electronic commercial
messages, except those state laws which attempt to regulate “falsity or deception” in electronic
messages. 15 U.S.C. §7707(b)(1). It does not preempt state laws that do not specifically target
electronic messages—such as privacy and tort claims, or fraud or computer crime laws or causes
of action. Id. at § 7707(b)(2). See also Gordon v. Virtumundo, Inc., 575 F.3d 1040 (9th Cir.
2009).
a. Applicability to Labor Unions
CAN SPAM applies to two types of e-mail messages, “commercial electronic mail
messages” and “transactional or relationship messages.”
A commercial message is any
electronic message “the primary purpose of which is the commercial advertisement or promotion
of a commercial product or service.” 15 U.S.C. §7702(2)(A). Transactional messages are
expressly excluded from the definition of commercial messages. Id. at §7702(2)(B). In general,
a transactional email is a message which provides information (such as warranties, notifications,
or confirmations of a purchase) about a completed commercial transaction or commercial
relationship. Id. §7702(17)(A). Importantly, a “transactional message” also includes an email
to “provide information directly related to an employment relationship or related benefit plan in
which the recipient [of the email] is currently involved, participating, or enrolled.” Id. at
§7702(17)(A)(iv).
A message can be a mix of commercial, transactional, or other content. Under the
statute, a message is primarily commercial if: a) a reasonable person reading the subject line of
the email would believe that it contains commercial content; b) the transactional elements of the
message do not appear at the beginning of the body of the message; or c) a reasonable reader of
the entire message would conclude that the message is a commercial advertisement or
promotion. 16 C.F.R. 316.3(2) and (3). A message is considered “transactional” only if the
content is exclusively transactional. Id. at 316(3)(b).
26
Although, CAN SPAM mainly regulates commercial speech (see 16 C.F.R. 316.3) and
does not appear apply to labor unions, as any communications would presumably be
transactional, the limited case law available has found otherwise.
Aitken v. Communications Workers of Am., 496 F. Supp. 2d 653 (E.D.VA 2007),
concerned the application of CAN SPAM to emails sent by CWA organizers during an
organizing campaign. After Verizon, which had a unionized workforce, purchased MCI, which
was non-union, two organizers created fake email addresses for Verizon supervisors and sent out
a series of emails under these email addresses to the MCI employees. Id. at 657. The emails
urged the MCI workers to join the union and contained information about the unionized workers
wages, benefits and job security. Id. The emails contained no disclaimers, no way for workers to
unsubscribe, and the majority of the emails did not identify either the real senders of the emails
or the physical address of the union. Id. at 657-58.
Although the Court acknowledged that CAN SPAM regulates only commercial speech
within the meaning of the First Amendment, it found that the emails sent by the organizers
during the organizing campaign were commercial speech within the meaning of the Act because
they were “in essence, a sales pitch for union representation along with CWA contact
information,” and found that the emails were commercial messages. Aitken, 496 F. Supp. 2d at
663-664. But see Nyak Hosp. v. Moran, 2010 U.S. Dist. LEXIS 111651 (S.D.N.Y. 2010) (dicta
indicates that communications between unions and members are likely transactional, not
commercial).
Further, while the Court recognized that speech during organizing campaigns typically
receives some protection, because the emails in Aitken were misleading they were not protected
by the First Amendment. Aitken, 496 F. Supp. 2d at 664-665.
b. Requirements
1) Email
CAN SPAM requirements differ depending on whether the email message is commercial,
transactional or a mix of commercial and transactional.
2) Requirements for both Commercial and Transactional Emails
27
Companies and individuals are prohibited from sending either commercial or
transactional messages which contain materially misleading or false information or “header
information.” 28 15 U.S.C. §7704 (a)(1).
3) Additional Requirements for Commercial Emails
More stringent requirements apply to the transmission of commercial email messages,
whether they are wholly or partially commercial. Commercial messages may not have deceptive
“subject” headings. 15 U.S.C. §7704(2). In addition, for every commercial email message that
is sent, the sender must maintain, for at least thirty (30) days, either a functioning return
electronic email address (i.e. the recipient could reply back to the email that was sent), or there
must be an internet-based mechanism that is “clearly and conspicuously displayed,” which
permits email recipients to opt-out of future email messages. Id. at § 7704(3).
In addition, each commercial email that is sent out must contain a “clear and
conspicuous” notice that the email is a commercial solicitation and a notice that the recipient
may unsubscribe from additional messages. 15 U.S.C. §7704(5). Moreover, each email sent
must contain the physical address of the union at the bottom of the message. Id. If the recipient
of the email has given the union prior affirmative consent to receive emails, the email message
does not need to contain the notice that the email is a commercial solicitation. Id. at
§7704(5)(B).
Finally, if a member unsubscribes from receiving either text or email messages, a union is
required to remove his cell phone and/or email address from the list of individuals it emails or
texts within ten business days. 15 U.S.C. §7704(4). The transmission of additional emails or
texts after ten business days to an individual who has opted out is unlawful, unless the union later
receives affirmative consent that the individual would like to again receive emails or texts. Id.
A union cannot charge people to unsubscribe. 16 C.F.R. 316.5. Liability is not limited to the
entity who physically sends the offending email, but to anyone who procures the origination of
the email. 15 U.S.C. §7702(9); FTC v. Phoenix Avatar, LLC, 2004 U.S. Dist. LEXIS 14717
(N.D.IL 2004).
c. Messages to Wireless Devices
CAN SPAM provides that its requirements should be extended include text messages to
mobile phones. See 15 U.S.C. §7712 (directing the FCC to promulgate regulations to extend
CAN SPAM requirements to mobile phone messages). In 69 FR 55765-01, the FCC issued
28
A header is the “source, destination, and routing information attached to an electronic mail
message, including the originating domain name and originating electronic mail address and any other
information that appears in the line identifying, or purporting to identify, a person initiating a message.”
28
rules implementing 47 C.F.R. Part 64 (“2004 Rules”). Included within CAN SPAM coverage
are electronic mail messages that have a “unique electronic mail address that includes a reference
to an Internet domain” and are “designated by carriers specifically for mobile service messaging,
“which includes internet-to-phone SMS messages. Id. The comments to the 2004 Rules clarified
that Section 14 of CAN SPAM does not include phone-to-phone wireless messages, although
these messages are covered by the TCPA.
The 2004 Rule flatly prohibited all commercial messages to wireless devices, unless the
sender had obtained express prior authorization. Id.; 47 C.F.R. § 64.3100(a)(1). The sender has
the burden to establish that it has obtained consent, and authorization may be obtained orally, or
in writing, including electronically. Id.; 47 C.F.R. § 64.3100(d) All authorizations must specify
the number to which messages can be sent and contain the recipient’s signature. Authorizations
obtained orally must be reasonably subject to verification, and all authorizations must be
affirmative, contain clear disclosures, and the recipient must be able to reply to a request for
authorization without an additional cost. Id. Finally, much like email authorizations, subscribers
to wireless messages must be able to unsubscribe at any time, and without additional cost. 47
C.F.R. § 64.3100(b).
d. Penalties and Safe Harbors
Damages under CAN SPAM are calculated by multiplying the number of violations by
the penalty amount. 15 U.S.C. §7706. The statutory damages range between $25 per email up to
$250, with caps from one million to two million dollars; attorneys’ fees and costs are also
recoverable. Id. For aggravated violations, treble damages may also be awarded over and above
the caps. Id. However, some damages may be reduced if “the defendant has established and
implemented, with due care, commercially reasonable practices and procedures designed to
effectively prevent such violations.” Id. at §7706(3)(D).
2. TCPA
Another law that labor unions should be aware of is the Telephone Consumer Protection
Act, as it may impact labor union operations in certain circumsntances.
e. Text Messages and Emails
The TCPA is codified at 47 U.S.C. §§227 et seq. Pursuant to the TCPA, no entity may
“initiate any mobile service commercial message” (“MSCM”) unless it has the “express prior
authorization” of the recipient. 47 C.F.R. §64.311(a)(1). 29 The 2004 Rules clarified that MSMC
under the TCPA included both internet-to-phone and phone-to-phone messaging.
29
There are certain exceptions to this requirement, not applicable here.
29
1) Requirements
Commercial electronic mail messages are defined by reference to the CAN SPAM, so
Aitken likely has bearing on TCPA claims. 47 C.F.R. §64.311(c)(2). In order to send a
commercial message, a union must include a functioning email address or other internet-based
way that allows a recipient to stop receiving texts or emails, which is free of charge to the
member and that remains in service for at least thirty days after any message is sent. Id.
§64.311(b)(2), (4) and (6). Any message sent must also allow the recipient to reasonably
identify from whom or where the message was sent. Id. §64.311(b)(5).
When creating the opt-out mechanism, after a person has chosen to opt out, a union must
cease sending further messages within ten days after the request, and the opt out mechanism
itself cannot generate further commercial messages. Id. at §64.311(b)(1) and (2).
If a union intends to gather emails and text messages via electronic means, it must permit
members to unsubscribe by the same electronic means by which they signed up. 47 C.F.R.
§64.311(b)(3).
2) Authorizations
Express prior authorization may be obtained by written (including electronic) or oral
means. 47 C.F.R. §64.311(d). For the written authorization to be valid, the subscriber must
provide his signature (or electronic equivalent). Id. at §64.311(d)(1). All authorizations must
permit the subscriber to identify the specific address(es) to which emails or texts may be sent.
Id. at §64.311(d)(2). In addition, the authorization applies only to the specific entity that is
named in the authorization. Id. at §64.311(d)(3).
All text message authorizations must contain the following notices: a) that the subscriber
agrees to receive messages from the entity; b) that the subscriber may be charged for by their
wireless provider for receipt of the messages; and c) that the subscriber can revoke their
authorization at any time. 47 C.F.R. §64.311(d)(5). The notices must be sufficiently large and
legible and be presented separately from other authorizations; if a union chooses to translate the
authorization, the entire authorization must be translated. Id. at §64.311(d)(6).
f. Robocalls
TCPA also regulates the use of automated telephone equipment, also known as
“robocalls.” With the 2012 election and increasing reliance on cellphones, restrictions on
robocalling have been the topic of recent litigation and FCC advisories. The TCPA forbids a
30
union from knowingly robocalling cellular telephone numbers, 47 U.S.C. §227(b)(1)(A)(iii),
however, regulations clarify that, where a union has express consent, robocalling cellular
telephones is permitted. 47 C.F.R. §64.1200(a)(iii) and (iv). A union may robocall a home
telephone number, even without express consent if it is a tax-exempt non-profit organization, 47
C.F.R. §64.1200(a)(2)(v), or if it has the recipient’s express consent. Id. at §227(b)(1)(B). In
February 2012, the FCC issued rules concerning telemarketers and robocalling. While the rules
are inapplicable here, the comments attached to the rules clarified that express permission for
non-telemarketing informational robocalls may be obtained by oral, written or electronic means.
FCC 12-21, “Report and Order.”
Robocalls must identify who is calling at the beginning of the message and at some point
during or at the end of the message, must provide a telephone number where the entity can be
contacted. 47 U.S.C. §227(d)(3); 47 C.F.R. §64.1200(b)(2). Importantly, states have also passed
laws placing restrictions on autodialers that are more restrictive than the TCPA. For example, in
New York, all telephone calls to a “consumer” using an autodialer must state the “nature of the
call” at the beginning of the robocall and identify the name of the person making the call, and
include the entities address and telephone number at the end of the call. NY CLS Gen Bus §399p. Accordingly, it is prudent to check state laws to see if there are additional restrictions on
robocalling in a particular jurisdiction.
In September 2012, the FCC issued an enforcement advisory concerning robocalls under
the TCPA. 30 The advisory emphasized that, with limited exceptions, all robocalls to wireless
devices must have express prior authorization. The advisory also stressed the identification
requirements for prerecorded calls. Finally, the FCC clarified that requirements concerning
robocalls apply to all calls made from equipment with the “capacity to dial numbers without
human intervention, whether or not the numbers called actually are randomly or sequentially
generated or come from calling lists.”
Finally, to date, there is one case applying the TCPA restrictions on robocalling to a labor
union, Ashland Hospital Corp. v. SEIU, District 1199, 195 LRRM 2077 (6th Cir. 2013). In
Ashland Hospital, two labor unions orchestrated robocall campaigns where they used autodialed,
pre-recorded messages to contact private residents, offering to connect them to hospital
personnel to express concern over the hospital’s treatment of its workers. Id. at 2. If a resident
wished to be connected, she pressed “1” and was redirected to a direct extension at the hospital,
where she could speak directly with a hospital representative. Id. at *2-3. Although the prerecorded calls did not have prior authorization from residents, identify who the robocalls were
from, or contain a phone number or address for SEIU, the robocalls generated hundreds of “live
calls” to the hospital. Id. at *3-4.
30
http://www.fcc.gov/document/political-campaigns-restrictions-autodialed-prerecorded-calls.
31
The hospital sued, alleging inter alia, that SEIU had initiated robocalls without prior
express consent and that it had “failed to comply with identification and disclosure
requirements” of the TCPA Id. at *4-5. Both the district court and the Sixth Circuit found that
the TCPA did not apply to the hospital’s complaint—that SEIU did not robocall the hospital.
Rather, SEIU robocalled residents, and then facilitated the residents live calls to the hospital. Id.
at *9-12. The court found that the facilitation of live calls is not, even if it is a result of an
automated message, regulated by the TCPA. Id. at *14-17. Furthermore, the hospital did not
have standing to enforce the TCPA’s identification and disclosure requirements—only
government agents have such standing. Id. at *17-20. Importantly, in examining the calls made
to residents, the Sixth Circuit found that calls made by SEIU were for a non-commercial
purpose. Id. at *18-19. As of late March 2013, the hospital has applied for reconsideration by an
en banc panel of the Sixth Circuit.
g. TCPA Private Right of Action and Damages
The TCPA provides for a private right of action for certain claims. 47 U.S.C. §227(b)(3).
A person may seek to enjoin any further transmissions, recover actual monetary loss, or receive
$500 per violation, whichever is greater. Id. at §227(b)(3)(A) and (B). If an entity is found to be
a willful violator, the damages may be trebled. Id. at §227(b)(3)(C). In addition, the TCPA
expressly does not preempt state laws. 47 U.S.C. §227(e). Federal courts do have exclusive
jurisdiction over TCPA claims. Id. at §227(f)(2).
Additional Text Messaging Restrictions
In addition to legal restrictions, internal guidelines concerning text messaging must also
comply with CTIA (the International Association for the Wireless Telecommunications
and
MMA
(Mobile
Marketing
Association)
Industry),
http://www.ctia.org,
http://www.mmaglobal.com requirements.
THE SMALL PRINT: OTHER REGULATORY CONCERNS
Another potential pitfall for online activity comes not from the employer, but from
federal and state regulators; rather than relating to a site’s main content or user comments, these
regulations focus on a website’s small print. The California Online Privacy Protection Act of
2003, Cal. Bus. & Prof. Code § 22575 et seq. requires that these privacy policies be
conspicuously posted. 31 California requires that the privacy policy identify the information
31
California Online Privacy Protection Act of 2003, CAL. BUS. & PROF. CODE § 22575 et seq.
(2007); see also JONATHAN D. HART, INTERNET LAW: A FIELD GUIDE 349 (5th ed. 2007).
32
collected by the site, identify any third persons with whom the info may be shared, describe any
process by which a consumer may review or change collected information, and describe the
process by which the site operator will notify consumers of policy changes. 32 Because the
statute covers any website that collect personally identifiable information (PII) from consumers
“who reside in California,” all websites are effectively covered by the statute and must therefore
include privacy policies. 33
While California law states that essentially every website is required to have a privacy
policy, federal law provides the Federal Trade Commission (FTC) with the authority to take
action under § 5 of the Federal Trade Commission Act (§ 5) to insure that a company follows its
stated privacy policy. Section 5 declares that unfair methods of competition and unfair or
deceptive acts or practices are unlawful. 15 U.S.C. § 45. The FTC considers that a company
not following its own privacy policy is an unfair or deceptive act.
The following are key facts from recent FTC complaints against companies who violated
their own online privacy policies:
In June 2010, the FTC entered into a settlement agreement with Twitter over violations to
its privacy policy. Twitter’s policy stated: “Twitter is very concerned about safeguarding the
confidentiality of your personally identifiable information. We employ administrative, physical,
and electronic measures designed to protect your information from unauthorized access.”
However, after several hacker attacks on the company, the FTC found that Twitter had not taken
reasonable precautions to protect its system and user’s information as it said it would.
Similarly, in March 2011 the FTC entered into a settlement with Google over the
launching of its “Buzz” social network. The complaint alleged that Google’s privacy policy for
its existing email services stated: “When you sign up for a particular service that requires
registration, we ask you to provide personal information. If we use this information in a manner
different than the purpose for which it was collected, then we will ask for your consent prior to
such use.” FTC claimed that Google violated its policy by using information provided for its
email service for its social networking product without first obtaining consumers’ permission.
32
CAL. BUS. & PROF. CODE § 22575.
33
Id. § 22576. See also Allyson W. Haynes, Online Privacy Policies: Contracting Away Control
Over Personal Information, 111 PENN ST. L. REV. 587, 601 n.82 (2007) (noting that operators
must either generally abide by the California statute, forbid use by California residents, maintain
a special policy for California users, or “go through the trouble of finding out where the
consumer resides” before collecting any information). But see Doe v. Network Solutions, LLC,
No. 07-5115, 2008 U.S. Dist. LEXIS 7397 (N.D. Cal. 2008) (upholding defendant website
operator’s forum selection clause, naming Virginia, notwithstanding the fact that the choice of
law provision would preclude plaintiff’s recovery under California’s privacy statute).
33
Additionally, the FTC falsely claimed that it was collecting personal information in accordance
with the US-EU Safe Harbor privacy framework.
The FTC also entered into a settlement agreement with Facebook over violations of its
privacy policy. The FTC found several violations of Facebook’s policy, primarily that
Facebook:
•
•
•
•
•
•
changed its website so that user’s previously private information was made public
without user warning or approval as required under the policy.
represented that third-party applications would only have access to a user’s personal
information that the application needed to operate, when in fact applications had access
nearly all of a user’s personal data.
represented that users could limit access to their personal information to their “Friends,”
when in fact third-party applications that their “Friends” used also had access to the
information.
falsely claimed that it certified the security of certain applications.
falsely claimed that it would not share their personal information with advertisers.
falsely claimed that when users deactivated or deleted their accounts that their
information would be inaccessible.
While the claims against these companies were never adjudicated, they serve to
underscore the importance of handling private information. Unions are using their website to
collect information from members and potential members, and they should ensure that their
privacy policy correctly describes how they use information and track web usage in order to
comply with both the California Online Privacy Protection Act and the Federal Trade Act.
CONCLUSION
The Board’s recent social media decisions, GC Reports on social media cases and the
Board’s own presence on Facebook and Twitter has made practitioners hopeful that the agency –
once accused of being the Rip Van Winkle of administrative agencies - finally “gets it” and that
the future of electronic and cyber Section 7 activity is in good hands. Social Media sites have
clearly become the new water cooler, around which employees “gather” and discuss workplace
issues. But there are problems with this analogy. For example, there still is no cyber-equivalent
to employees gathered around a water cooler listening to a co-worker speak about a workplace
issue. Just because employees do not comment on a post about a workplace issue does not mean
that they were not listening and considering joining with their co-worker(s) in addressing the
topic of the post – a first step toward concerted action. “Liking” has been found to be concerted
activity by an ALJ but the Board has yet to decide this issue. And what about “sharing” and
“retweeting” by employees? Do these reflect a first step toward concerted action?
34
In many ways the Board’s application of Section 7 law surrounding traditional fora may
not sufficiently account for the realities of the online world, leading to permutations of
traditional analyses such as that seen in the modified Atlantic Steel analysis discussed earlier. As
the Board deepens its familiarity with, and understanding of, the ways in which employees and
unions use new technologies and social media to communicate about Section 7 matters, it will
need to be flexible and creative in its application of precedent grounded in traditional forms of
communication to ensure the continuing vitality of Section 7 rights in lives of new generations of
workers.
In similar fashion, counsel for labor unions will have to adopt and think about a myriad
of new legal issues. Unions also will have to consider how laws meant to regulate the online
behavior of tech giants regulate their behavior and their engagement with workers. Unions will
also have to adapt to laws about online privacy, email communications, and robocalling.
Luckily, a lot of these laws do not apply once the union obtains consent. A union’s success in
navigating these laws will hinge on the same things that have served as hallmarks of trade
unionism: worker engagement and effective organizing.
35