Protecting Passwords from Prying Eyes: Keeping Social Media from Employers & Universities
On September 27, California Governor Jerry Brown announced via Twitter that he had signed both A.B. 1844 and S.B. 1349 into law. These bills prohibit employers and universities from demanding social media usernames and passwords from prospective employees and students, respectively.
He explained: “California pioneered the social media revolution. These laws protect Californians from unwarranted invasions of their social media accounts.”
Senator Leland Yee, who introduced S.B. 1349, defended the bill in a May 2012 radio interview, noting that the bill protects employees from having to disclose personal information they may wish to share on social networks with friends, but which potential employers are barred from considering in making employment decisions. This often includes religious affiliation and sexual orientation.
The need for this legislation was inspired, in part, by both the number of cases before the National Labor Relations Board regarding the social media policies of employers as well as reports of employers seeking what has been characterized as “inappropriate access” to Facebook profiles and other private information.
Other states, including Delaware, Illinois, and Maryland have passed similar legislation, while many states have similar bills pending. Federal legislation on this issue is also being considered in the United States Senate.
Beyond shifting the dynamic between employers and employees, this legislation is another factor in the ongoing debate regarding data ownership and Internet privacy.
Recently, the Federal Trade Commission proposed updates to children’s online privacy rules that would restrict the ability of social media sites, such as Facebook, to collect information from children under 13. This proposal includes a ban on the use of tracking files, such as cookies, which is used to display targeted advertising, for underage users.
Facebook and Google both challenge these restrictions as being unduly burdensome on First Amendment rights. While arguments have been made that this would restrict the ability of underage users to express themselves, it is clear that Facebook and Google have a keen financial interest in maintaining a large pool of customer data. As we have been learning, these sites make a great deal of money from the data users supply, even though users may be unaware.
Questions on the status of Internet data ownership and use inspires recollections of the Facebook terms of service controversy in 2009, in which Facebook claimed ownership of all material posted to the site and that its licenses to use posted material never expired, even upon account deletion. While Facebook never directly claimed to have a direct copyright interest in shared material, its license agreement included an irrevocable right to modify, calling moral rights into question.
Under Article 6bis of the Berne Convention, which the United States has adopted substantial sections of, creators of material have “the right to claim authorship of the work and to object to any distortion, mutilation or other modification of, or other derogatory action in relation to, the said work, which would be prejudicial to his honor or reputation.” Because Facebook had notoriously vague copyright preferences, it is unclear what rights were being maintained under the since-modified changes.
As it stands now, privacy law, particularly on the Internet, is largely composed of dissimilar state statutes and rulings. The Obama Administration attempted to reform the field, through the Consumer Privacy Bill of Rights, though it appears that there have yet to be any substantive changes.
The efforts to protect potential employees and students are yet another piece of the puzzle on the status of privacy law on the Internet. It appears that until we can clarify ownership status, there is little that can be done to uniformly protect our rights.