California's Law Barring Demands For Social Media Passwords Sounds Good... But Might Not Be
from the ain't-that-always-the-case? dept
We've been seeing a fair bit of cheering around the news that California became the latest state to sign into law rules that bar organizations and schools from demanding social media passwords from employees and students. In theory, this seems like a good idea. After all, we've heard of more than a few cases where students and employees were asked for their passwords. But we've questioned if there should be a law here, or if people can just deal with it themselves.And while many people are cheering on California's new law, Eric Goldman points out that we should be wary of the potential for significant unintended consequences. He worries about the broad definitions of what's really covered (hint: it goes beyond just "social media" even though that's all anyone's discussing). More importantly, he worries about the line between "personal" and "professional" accounts. Obviously, if you are managing, say, your employer's Twitter account, it's reasonable for them to have your password. And if it's just your own personal account, it's not. But... that assumes that those two categories are mutually exclusive and distinct, when the reality is they're often not. People use personal accounts for work related things all the time. It wasn't that long ago that we wrote about a dispute concerning who owned a LinkedIn account -- the company or the employee -- when many of the contacts were due to the employment situation. It's not so easy, and Goldman sees trouble ahead:
Thus, the law assumes that social media accounts have only two states: personal or not-personal. Sadly, that’s completely contrary to the cases I’m seeing in court right now. Instead, social media accounts fit along a continuum where the endpoints are (1) completely personal, and (2) completely business-related–but many employees’ social media accounts (narrowly construed, ignoring the statutory overbreadth problem) fit somewhere in between those two endpoints. Indeed, employers and employees routinely disagree about whether or not a social media account was personal or business-related. See, e.g., Insynq v. Mann, Eagle v. Sawabeh, Maremont v. SF Design Group, Kremer v. Tea Party Patriots, and PhoneDog v. Kravitz.And, he points out, since it's important for companies to have the passwords to "corporate" accounts, while the law makes it illegal to ask for them on "personal" accounts, there's clearly going to be conflict when accounts fall somewhere into that blurry middle, as many of them do:
Putting the two concepts together, employers should require that employees provide them with login credentials for social media accounts relating to their business; but the law makes it illegal for employers to ask for login credentials to “personal” accounts. This puts employers in an obvious squeeze: employers may not know which employee accounts are purely personal and which are a mix of personal and business-related; the statute doesn’t expressly allow employers to access mixed account; and the statute doesn’t give employers a defense if they demand the login credentials because they reasonably but mistakenly thought the account was all or partially business-related. Courts will likely have to create common law exclusions for employers trying to get access to mixed accounts, but only after much angst, confusion and costly–and avoidable–litigation.So while the intent may be good, the actual law may have some significant problems and costs associated with it. And for what? Was this really that big of a problem? Yes, there were some stories of it happening, but there was no indication that it was really that common. On top of that, in many cases, individuals could handle the situation on their own, without needing the law to back them up.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: california, passwords, social media
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
It's stupid that there's even a remote need for a law, but if a company doesn't see the need to sort out who has control from the beginning, then they shouldn't be suing for access to an account on a third party service.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
They ask do you use Facebook and I reply no I fucking hate Facebook. Myspace? Fuck Myspace as well the rest. I only enjoy doing my job I have zero time to "make online friends"
Excellent sir you're hired.
Then I get off work grab something to eat and log on my FB,Myspace,Linkdin,Steam, and a handful more and game my life away.
Well at least till the "boss" gets sick of me on the pc lol. I guess I should have married my PC instead. JK, well not really, but yeah really.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
If I created the account with my own resources on my own time, it's my account. If I talk business on that account, that doesn't give my employer any right to learn the password. It may give them the right to sue me, depending on my contract, though.
[ link to this | view in thread ]
The ownership of the account will be by designation. Then if content gets on the wrong account -- tough, it doesn't affect the ownership of the account. Any more than keeping work records at home compromises your dominion over your apartment, or vice versa.
But -- as an academic, I always consider my professional account to be my own property. And it is fully mixed.
[ link to this | view in thread ]
The ownership of the account will be by designation. Then if content gets on the wrong account -- tough, it doesn't affect the ownership of the account. Any more than keeping work records at home compromises your dominion over your apartment, or vice versa.
But -- as an academic, I always consider my professional account to be my own property. And it is fully mixed.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Doesn't matter for big companies
While it's not required to get various forms of Trust and Durable Power of Attorney documents notarized, Wells Fargo requires all documents be notarized. Don't like it, bank somewhere else. Or sue.
[ link to this | view in thread ]
Re:
Wait. What?
What part of Mike's or Mr. Goldman's analysis are you referring to and how is it FUD?
From what I have gleaned, it seems like the new law itself is what is creating the FUD all by itself. Fear of litigation. Uncertainty as to what constitutes a personal or business account. Doubt as to how deal with the situation from either side.
[ link to this | view in thread ]
lets face the facts, had the ruling gone the other way you would be arguing against it with a different argument.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Hey AJ. I get that you're going to toss continuous ad homs at me all the time and attack anything I write because of whatever weird fetish you have for such things, but I'm a bit surprised that you'd now go after Professor Goldman, someone you've claimed to respect.
I can't think of anyone who doesn't respect Professor Goldman. If you have a disagreement with what he wrote, you might try actually laying it out, rather than your all too typical childish response.
[ link to this | view in thread ]
and the big deal is...?
But in this case, what's the major problem? Okay, so maybe the distinction between personal and company social media accounts isn't realistic. How is that going to lead to more problems? Companies were suing for access to personal accounts previously, so I don't see this increasing. Is this law going to harm companies, such that their employees steal all the business from them? Again, I could see that happening already anyway.
Please explain the "unintended consequences" in terms of actual damage.
[ link to this | view in thread ]
No penalty
[ link to this | view in thread ]
Already a loophole...
[ link to this | view in thread ]
Re:
And you wonder why everyone thinks you're an asshole.
[ link to this | view in thread ]
Facebook
I know of several police departments that have that policy.
[ link to this | view in thread ]
[ link to this | view in thread ]
Pretty sure it's because he's an asshole.
[ link to this | view in thread ]