Employers aren't the only ones scrambling to craft and implement policies governing the use of social media these days. Countries are paying close attention to developments in this area and, in some cases, taking action. The dilemma for HR leaders is that social media raises too many questions -- and too few answers.
Just as social media has gone viral worldwide, so too has concern over privacy breaches and potential employment-related litigation.
The United States -- which has seen more than 99,000 charges of alleged discrimination filed with the U.S. Equal Employment Opportunity Commission in 2010 alone, including those due to social-media-background checks -- is not the only country now mired in confusion and court cases over employers' use of social media.
What varies, and will continue to vary, are each country's decision as to what constitutes going too far when making employment-related decisions.
At the heart of it, says Nancy Flynn, executive director of The ePolicy Institute in Columbus, Ohio, "it comes down to U.S. privacy law versus European privacy law: Electronic data in the United States is owned and controlled by the data collector, not the data subject."
In many European countries, it's owned by the subject, she says.
Further confusing is the fact that specific privacy rules differ from country to country. In Switzerland, for instance, it's illegal to post a subject's photo on your social-media site without specific written permission from the subject of that photo. In England, employees must be notified by their employers before being monitored electronically at all.
A bill recently introduced in the German Parliament would radically restrict the kind of information employers could collect through private social-networking sites.
Under the current version of the bill, employers would be prohibited from mining private ("friends only") information from job candidates' or employees' Facebook pages, but they would be allowed to look at sites expressly intended to help people sell themselves to future employers, such as LinkedIn.
Employers would also be allowed to collect personal data if such data are publicly available and -- unlike in the United States -- the employer has informed the employee in advance before collecting it.
"Since the law is still being discussed and its wording is still in flux," says Françoise Gilbert, founder and managing director of the IT Law Group based in Palo Alto, Calif., "it is probably premature to draw conclusions that are too definitive."
Nevertheless, Flynn says, HR leaders need to stay on top of current or pending privacy laws that may affect operations in any of their foreign branch offices.
"At the end of the day, for employers operating internationally, you cannot assume that U.S. privacy and monitoring laws apply to the rest of your corporation," says Flynn, author of The Social Media Handbook, due on bookshelves February 2012.
"I tell my [U.S.-based multinational] clients they must hire a legal expert to make sure they're adhering to all the rules in all the countries they do business in," she says.
"There tends to be a lot of confusion in [the social-networking] area ... with no federal privacy law in the United States yet [though some experts see movement in this direction] and national privacy laws elsewhere in the world [many dating back to the 1970s]," Flynn says.
Gilbert, author and editor of a two-volume treatise entitled Global Privacy and Security Law, says the apparent intent of the proposed German legislation is "to protect personal information that would have been inadvertently disclosed through the naiveté or incompetence of the user who does not know how to program his or her settings, or when the information has been disclosed to the world through independent decisions of a service provider to publish information."
"We have seen many of these mishaps in the past," she says.
Considering Facebook volume alone, "the issue is far from academic," writes attorney Philip L. Gordon, posting on Littler's Workplace Privacy Counsel blog:
"Facebook, which surpassed 500 million users earlier this summer, has hundreds of millions of non-U.S. users. In fact, according to a survey by NielsenWire, monthly time-per-user spent on Facebook exceeds the U.S. average of six hours and 43 minutes in Australia (seven hours, 45 minutes) and Italy (seven hours), with the United Kingdom not far behind at six hours, 19 minutes."
And then there's Twitter. "Latin America was Twitter's fastest-growing market between June 2009 and 2010," Gordon writes, "with users increasing by 300 percent, followed by Asia Pacific, with a 240-percent growth rate, and the Middle East and Africa, where users more than doubled."
While the German law still needs to work its way through the legislative process, "U.S. employers should expect that data-protection authorities and privacy advocates in other countries, and in the United States, are watching," Gordon writes.
"In the meantime, multinational employers should consider surveying foreign laws in the areas of access to electronic communications, privacy and data protection, and labor rights before applying a U.S.-based social-media policy to applicants or employees located in other parts of the world."
A global social-media policy will always need to take into account cultural differences, Gilbert says, noting that privacy concerns differ in various countries.
"Take India," she says. "Nothing is private in India because India is not a private culture." Posting personal information on doors and trains is a regular way of serving the public and doing business there, she says. "Privacy in India would require a lot of efforts."
Nevertheless, there are good reasons for parameters, particularly in industries and sectors where personal-information breaches could threaten an organization's credibility or survival. The financial industry, for instance, has a much stricter view of social-media activity by employees, she says.
There's also a place for rules prohibiting employers from using secretive or clandestine means to gain access to job candidates' or employees' personal information on social-media sites, the focus of many lawsuits already, says Gilbert.
But as the social-media phenomenon continues barreling along, and with countries and companies playing catch-up when it comes to the rules, Gilbert says she hopes "there will be clarifications on the basics."
For instance, she says, "what is a 'social network'? Is a list-serv a social network? Is a blog where people post comments a social network?" Already, there needs to be a distinction between a personal social network and one intended to "present the professional qualifications of its members."
"For example," she says, "what if a certain platform is intended for people to comment on technical developments? Does this platform constitute a 'social network intended to present professional qualifications of their members?' Probably, yes.
"But it is likely that, on this platform, the participants will comment on laws or bills that affect their profession. For example, a new law might require changes to an application. Where does this discussion fit? Protected? Not protected?
"And what if," she says, "in the course of analyzing this law, they also comment on laws, bills and politics in general? Protected? Not protected?"
The global discussion, she says, continues to evolve.