Facebook Privacy Terms of Service

Law of Social Network Profiles and Tracking

Law, Divorce & Online Records Investigations

Privacy advocates such as NYU professor Clay Shirky argue people should be entitled to a degree of privacy for their postings in social networking sites like Facebook and Flickr. They argue employers (for example) should not as a matter of public policy be trolling these sites to spy on employees or prospective employees. See this video.

Post Banners and Terms of Service

Here's an idea: People could post legal terms of service on social networking pages declaring that employers and prospective employers are forbidden from looking at or copying from the pages or tracking people from there. Such terms would be like No Trespassing signs on land, or end user license agreements (EULA) on software. Some case law supports the notion that terms posted on a web site can restrict the right of visitors to gather information from the site. (See also Mark Rasch's discussion of web terms-of-services cases and my legal analysis of privacy contracts with robots.)

Arguably, if an employer grabs information off of a site in violation of posted terms, and that leads to termination of an employee, then the employee could sue the employer for violating the terms of the web site.

Like Footer At Bottom of Email

Note that the idea of posting privacy terms of service on a web page is similar to the accepted practice of placing a confidentiality notice at the footer of an e-mail.

Even if the terms are not legally binding on the employer, they could be ethically binding. An ethical obligation can be more than high-minded hot air. It can carry substantive implications. For example, suppose Bob posts a prominent notice on his MySpace page that his employer may not view the site. Suppose further that the employer ignores the notice, looks at the page, doesn't like what it sees, and fires Bob. The employer might be poisoning its relationship with its entire employee population. Many employees may feel the employer had crossed a line it should not have crossed. Moreover, many customers and suppliers of the employer might feel the same way when they learn about Bob's plight.

If Bob's employer falsely denies having seen Bob's terms, computer forensics could prove the employer wrong, just as it sometimes can uncover or explain impersonation or identity theft when it is committed on social sites.

--Benjamin Wright

 Mr. Wright teaches cyber defense, e-discovery and investigations law at the SANS Institute.

P.S. Facebook's terms of use limit what investigators, who are collecting evidence, can do.

Update: Trial lawyers are scrutinizing social network pages to decide who they do and do not want on a jury.

Another Update: A person in divorce proceedings with an estranged spouse might post terms on a social networking page stating that the spouse and the spouse's agents/attorneys may not access the page and agree not to use anything available on the page. Or, a social network denizen may desire to post terms that tell insurers or lenders to shoo.

Nothing I publish publicly is legal advice for a particular situation, but the foregoing is something to think about.  If you need legal advice, you should consult your lawyer.


  1. But wouldn't it be a rather trivial matter for the employer to simply add notification language to job applications and HR policy manuals, similar to notifications regarding the use of credit reports?

  2. You are correct. If an employer is aware of the issue, the employer could publish a standard notice that the employee agrees the employer may examine the employee's social networking site. But first, the employer has to be alert that employees are posting the privacy agreement I propose. Today employers are not alert to this. Also, a general notice in an HR manual may not be effective to overcome a conspicuous, specific agreement posted at the top of an employee's MySpace page.

  3. I'll also point out that the posting of a notice in an HR manual requires work on the employer's part. Many employers will not do the work. Many employers are too busy with other issues.

  4. Hi Ben,
    First off, I'd say this is a good post. What I'm about to say doesn't have too much to do with your post per se, but it's a different take on the same issue.

    Legally, what you're saying is right. I can always post a disclaimer of sorts to make sure I stay safe, even if my employer reads my MySpace page. But then you bring in the ethical angle here which you say binds the employer. But then, the employee has some ethical binding as well. Why would he bitch about a company which helps him earn a living? If he does so, it simply means he doesn't see eye to eye with the employer. In that case, he should call it quits and move to some other company where he can give his 100%. He shouldn't be bitching about the company he works for in a public space like the internet, right?

  5. I believe that an employer ought to have all of the information about an employee before s/he is hired.

    I would not want to go to a doctor who has been sued for malpractice. I would want to ensure that those working in the health field, education, or other crucial industries, to hire employees who are who they say they are. One perfect example of this is the Sue Grafton book: T is for Trespass. I am doing work in the field of Long-Term Care and aging seniors and with an unregulated industry such as Personal Support Workers (PSWs), we cannot track those who have been violent with seniors. I would rather we had all of the information based on facts. This should supercede the right to privacy of an individual.

  6. "I would rather we had all of the information based on facts. This should supercede the right to privacy of an individual."

    I sure hope you are not in any capacity of authority, and never hold any in the future in the United States. Our founding forefathers would be very upset at that statement.

    No right supercedes the right to privacy (or to more accurately state, to be secure in your effects). Otherwise, let's just set up cameras in your home, bathroom and shower. Why not? Hey, we need the facts to make sure you're not a terrorist.

    More on topic, once you put it on a MySpace or Facebook page, you should really read the TOS of those sites. Your disclaimer immediately becomes unenforceable. Once you place it up there, it's public domain. Even your ethical argument doesn't really hold up. I don't believe many people are going to sympathize when you bash your company, or perform stupid acts in a public forum and expect no action against you.

    Myspace's TOS excerpt: "By displaying or publishing ("posting") any Content on or through the MySpace Services, you hereby grant to MySpace a limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce, and distribute such Content solely on or through the MySpace Services, including without limitation distributing part or all of the MySpace Website in any media formats and through any media channels, except Content marked “private” will not be distributed outside the MySpace Website."

    In other words, unless you mark it "private", their TOS will supercede your own.

  7. The immediately foregoing comment (Feb. 8, 2009) quoted Myspace terms of service. I do not read those terms as being inconsistent with the legal terms I proposed in the blog post above (forbidding employers from looking or copying). Thank you for commenting. --Ben

  8. Jennifer J,
    A simple background check would provide all of the information required to determine if an indiviual is a threat to seniors. These checks are already done in great length both to work with or in close proximity to seniors or children.

    I'm a nurse in LTC. The field is very secure without having an employer snoop through your internet garbage.

    Federal and state criminal background checks as well as drug testing is pretty commonplace to work for a decent employer. This combined with the standard education, work history and references are all an employer needs to know.

  9. facebook has more complete guide for new privacy features. That's good.