In what seems like no time at all, we now see the incredible speed, reach and influence of online postings. Quick tweets, retweets, backlashes and the “wisdom of the crowd” in the world of social media are a daily news item. Some postings can be defamatory or give rise to other civil or criminal liability. More and more, it is not only those who have hit the keyboard that can find themselves in the firing line, it can also be those who employ them, hire them or delegate tasks to them, with serious consequences for their individual and corporate reputation and, importantly, their bank balance.
Businesses will seek to promote products, services or newsworthy issues on their own or third party websites, or more often via social media in an effort to connect with what could be vast and engaged audiences. These posts will normally be vetted by marketing and communications teams in larger organisations, or at least by senior leadership in others. Much as the notion of control can become abstract in the social media world, where well-intentioned content can be misinterpreted (intentionally or otherwise) by other users, there should always be some element of control before content is posted to ensure a consistent tone of voice and set of brand values. That doesn’t completely insulate businesses from the risk of action by aggrieved third parties or regulators such as the ASA, it should at least limit instances where content “goes viral” for the wrong reasons, and make them more manageable.
However, direct control becomes harder to enforce in respect of personal devices in the possession of employees and leadership teams. Their posts will rarely have been pre-checked, with the risk that infringing, defamatory, racist, bullying, private, confidential or harassing material can sometimes, regrettably, be posted. If in doing so an employee is deemed to have acted “in the course of their employment”, then an employer can be held “vicariously liable” for such acts, In terms of what “in the course of employment” means in practice, this would fill a well-stocked library. Courts and tribunals will look at whether an employee’s actions have a “sufficient connection” to their employer and whether the employee had the opportunity in the workplace to act as he or she did. Another way of looking at this is if the “banner” of the business is evident, it may expose the business to adverse risk, in the form of damages, litigation and reputational damage as was the case in the recent Morrisons Data Breach and ensuing Group Civil Claim.
With this in mind, what we do know from case law so far? Whilst some historic decisions were not easy to reconcile, more recent rulings have confirmed that an employer was vicariously liable when an employee posted untrue comments about another employee’s sexual orientation on to that employee’s Facebook page during office hours. In another case, an employee posted offensive comments on their own Facebook page about a work colleague out of working hours, for which they were lawfully dismissed; it is not known whether any action was also taken against the employer. Equally, an employee who made racist and offensive comments in an email sent from his home computer and out of working hours to a friend who worked for the employer’s customer (and who forwarded the said email to the customer, his employer) entitled the employer to dismiss the employee for gross misconduct; it does not appear that the customer took any further action against the employer of the individual who sent the email, but it could be fairly assumed that at the very least, this was not an impression that the employer would have wished to convey to a key client.
From this, we can therefore see that an employee can be acting “in the course of employment” even outside office hours and when using their own personal devices. So, what can an employer do to mitigate any liability in these circumstances? As a minimum, an employer must take reasonable steps through appropriate policies, procedures, guidelines (all the more significant given the recent coming into force of GDPR) and training on the use of social media in the “always on” environment, so that its content is, as far as possible, sensibly controlled against the background of policies which can hold users to account and which also help to encourage best practice. If done properly, this should not only reduce the scope for employees to post controversial content, but also help the employer demonstrate to a court that an offending employee was truly acting outside the scope of their employment.
In terms of acting under the “banner” of an organisation, be it an employer or otherwise, how far would this stretch? Can we set out boundaries? What if, in a twist to the above scenarios, an employee publishes defamatory postings about the employer’s customer to an online chat group that includes a friend who works for the customer? What if they are republished? Will “reasonable steps” save the day?
There are no specific cases on this point as yet, but the recent “Twibel”case of Monir v Wood provides some useful guidance. Here, the Vice Chairman of the Bristol branch of UKIP (L) acted as the branch campaign manager for an upcoming election. He was delegated this task by the branch Chairman (W). W had set up a Twitter account which was registered with his email address. L was allowed to operate the account to send messages in his capacity as campaign manager, on the basis that content for posting would first be authorised by W (a procedure that was, in fact, not followed) and that no “racist or offensive material” was to be posted. W did not monitor L’s output on the Twitter account regularly or at all.
L wrote and posted, without any prior approval by W, a tweet of a picture of a Labour candidate in another constituency, with two men, one of whom was M. L referred to the candidate standing with “two suspended child grooming taxi drivers”. M was neither a taxi driver nor, critically, involved in child grooming – itself a very seriously defamatory allegation in that it suggested involvement in criminal activity. M sued W and L for libel, although L was ultimately not served. M produced evidence to show that the tweet was posted to a sufficient number of individuals that could identify M, a key element of any defamation claims. It was then reproduced on several platforms, only serving to increase its audience and, ultimately, the extent of the Defendant’s liability and the amount of damages the Court would be willing to award.
The Court was satisfied that M had suffered “serious harm” to his reputation as a result of the tweets in dispute, as required under the Defamation Act 2013. He was awarded £40,000, to be paid by W. In reaching its decision, the Court concluded that whilst W was neither the author nor the “publisher” of the tweet (again, a key concept in defamation law) and, moreover, had not authorised it (which were all arguments in W’s favour), W did have “ultimate control” of the account and that L had acted in the course of executing his delegated responsibilities as W’s agent. The court made its decision on the basis of that agency and the issue of W being vicariously liable was left open.
What may have tipped the decision in M’s favour in this case was the fact that W was not only failing in monitoring the output on the account, but also effectively ratified the posting by not deleting it following M’s complaint and failed to offer a prompt apology at any stage (which would likely have considerably limited the Court’s award in damages) or to discipline L; the implication being that W did not demur from L’s posting and thereby weakened contrary arguments.
So where does that leave us? Whilst we wait for more decisions to come to light, those with exposure to potential vicarious liability for social media postings and who ask designated employees to post on behalf of either a business or high-profile individual must not only have sound policies, procedures and where appropriate, training to control the content of postings, they must also “walk the walk” when alerted to issues arising, acting swiftly and consistently in line with them.
Please do get in touch if you would like any further information from our expert team.
Authored by Stuart Evans, head of commercial litigation London and business advisory partner Steve Kuncewicz