Do ownership rights exist in a social media account?

11 November 2015

A business’ client list is often the keystone of its success – particularly for businesses trading in the provision of professional information and advice.

It is unsurprising therefore that Courts across the Commonwealth and United States have regularly offered protection to businesses who have their client lists and other confidential information ‘misappropriated’ by departing employees and venturers.

It is also unsurprising that modern businesses are increasingly involving social media as a central component of their marketing strategies and their efforts to attract and retain clients and customers. New employment positions have been created, and existing positions reimagined, to accommodate this rapidly changing landscape. Facebook, LinkedIn, and Twitter are increasingly used by businesses, through such employees, to collect clients, customers and connections, and promote their products and services to the audiences they cultivate.

It is perhaps surprising therefore, that those same Courts have been hesitant to determine what, if any, ownership rights might exist in the pages, connections, likes, followers, fans and ‘friends’ that are created through a business’ social media marketing efforts. In this article, we look at the differing approaches that Courts in the UK, Australia and the United States have taken to shoehorn misuse of social media accounts by employees into established legal doctrines, and offer some recommendations as to how businesses may best protect the value they derive from their involvement in social media.

Misuse of social media as a breach of fidelity

The prevailing view, appears to be that, in the absence of any formalised contractual arrangements between employers and employees regarding social media use and account ownership, rights in social media accounts are most effectively crystallised by reference to the equitable doctrine of breach of fidelity.

Senior employees and company directors owe duties to act in the best interests of their employer/company. Practically, this duty manifests itself by obliging employees not to divert business away from their employer for their own personal benefit. Social media can, however, give employees a robust vehicle to do exactly that.

In Hays Specialist Recruitment (Holdings) Ltd v Ions [2008] EWHC 745, one of the earliest recorded decisions concerning an employee’s misuse of social media, the Applicant requested pre-action disclosure of an ex-employee’s LinkedIn ‘connections’ added since a certain date. In acceding to the application, the English High Court considered that an ex-employee recruiter may have breached his duty of fidelity to his ex-employer by using ‘connections’ he added to his LinkedIn account during his employment as a springboard for his competing recruitment company.

More recently, in Whitmar Publications Ltd v Gamage [2013] EWHC 1881 (Ch), the English High Court awarded an injunction against three employees of the applicant publishing company from using its confidential information for a competing business set up by those employees – which was held to include a LinkedIn account maintained by one of those employees. Central to the High Court’s decision was the finding that the manager of the relevant LinkedIn account had only created and maintained that account as a consequence of her employment with the Applicant – in other words, the Court held that all of the employee’s cultivation of ‘connections’ was done for the benefit of the Applicant. The Court ordered the employee to give the login details and passwords to her employer as part of its orders.

Misuse of social media as a breach of confidence

An alternative claim for control of a misappropriated social media account can be framed by characterising either the account itself, or the contacts contained within, as part of the employer’s confidential information. An employee’s attempt to misuse their employer’s confidential information for their own personal benefit creates a right of recovery for any consequent losses suffered by the employer. This appears to be the preferred approach of the Courts in the United States that have considered the issue.

In Christou v Beatport, LLC, 849 F.Supp.2d 1055 (2012), the Applicant nightclub operator survived a motion to dismiss his claim that the Defendant, a fellow nightclub operator and former employer of the Applicant, had, by accessing the Applicant’s MySpace account and sending promotional messages to the Applicant’s “friends”, misappropriated the Applicant’s confidential information (labelled ‘trade secrets’ under US law). In so deciding, the United States’ District Court for the District of Colorado however had significant difficulty in defining just how the MySpace account could be so characterised as a ‘trade secret’ under the Colorado Uniform Trade Secrets Act (which effectively codifies the equitable doctrine of confidentiality). The Court recognised that the list of “friends” itself could not be a trade secret, as the list is publically available to any viewer of the MySpace profile in question. However, District Judge Jackson still recognised that the MySpace account could be characterised as a trade secret because the account provided its controller value by allowing for promotional messages to be broadcast to the “friends” contained within. In this sense, it is perhaps more accurate therefore to characterise the username and password to the social media accounts as the trade secret/confidential information which should really be the focus of any claim.

The same approach was taken in PhoneDog v Kravitz (11-03474, N.D. Cal. Nov. 8, 2011). In PhoneDog, the Applicant brought a claim against the departing Defendant in an attempt to regain control to his Twitter handle, @PhoneDog_Noah, which had amassed 17,000 followers at the time the Defendant left the Applicant to work for a competing tech review website. The Applicant claimed that the Defendant only maintained the Twitter account as part of his employment with PhoneDog, and that it, and the 17,000 followers, therefore constituted a protectable ‘trade secret’ under the Californian Uniform Trade Secrets Act. Again, while only dealing with the matter at the ‘application to dismiss’ stage, the United States District Court for the Northern District of California raised that a relevant factor to the characterisation of the Twitter account as a ‘trade secret’ of the Applicant was whether the Twitter account was opened by the Defendant at the Applicant’s direction, and whether it was maintained purely to further the Applicant’s business interests. That the handle itself was a portmanteau of both the Applicant and Defendant’s names did not assist this inquiry. Unfortunately, the parties in PhoneDog ultimately reached a confidential settlement, and no conclusion was reached on this question.

The Applicants in the Whitmar case also framed their claim for relief by reference to the misappropriation of certain pieces of the Applicant’s confidential information by the employees – including the login details for the LinkedIn account. The judgment does not delineate between the breach of fidelity and breach of confidence claims when awarding the relief pleaded. We consider however that, given the direction taken by US authorities on the point, an employer would have a good claim to regain access to social media accounts that might be commandeered by a departing employee where they can prove that the accounts were created and managed for the sole benefit of the employer.

Finally, in Naiman Clarke Pty Limited v Tuccia [2012] NSWSC 314, the Applicant claimed that the Defendant recruiter was in breach of her duty of confidentiality and under s 182(1) of the Corporations Act 2001 (Cth) (which prohibits the misuse of company information by an employee for the employee’s personal benefit) by taking ‘leads’ that she had developed during her employment and creating ‘connections’ on her personal LinkedIn account – which she then used to solicit candidates as part of her subsequent employment with a competing recruitment agency. Unfortunately, this is another interlocutory decision which does not definitively deal with whether a breach of confidence can capture a LinkedIn account in the way the Applicant pleaded – but it provides a demonstration of the willingness of Australian Courts to adopt the same legal principles used in the UK and US to shoehorn social media misuse as an actionable right.

Misuse/theft of identity?

Rights however also exist in favour of an employee who might use their personal social media accounts for the benefit of their employer during their period of employment. A pertinent demonstration of a scenario where a Court has protected an ex-employee’s personal social media account from misappropriation by an employer can be found in Eagle v Morgan (E.D. Pa. 11-4303, Mar 12, 2013). In Eagle, a director of a banking education company maintained a LinkedIn account, through which she claimed she generated a significant proportion of her business (by communicating with ‘connections’ contained therein). She shared the username and password to this account with her employees. After selling her company to the Defendants, the Defendants proceeded to terminate her position and took control of her LinkedIn account, changing only the name and photograph on the account to one of the directors of the parent company.

The Applicant in Eagle succeeded on a number of claims including unauthorised use of name, appropriation of identity, and the ‘tort’ of misappropriation of publicity. All of these doctrines have questionable, if any, basis in Australian law. Significantly however, the Applicant did not succeed in her claim that the LinkedIn account amounted to a ‘trade secret’ pursuant to the Pennsylvania Uniform Trade Secrets Act – the Federal District Court for the Eastern District of Pennsylvania held that the LinkedIn account did not have the essential characteristic of a trade secret, by not being sufficiently ‘secret’, as a user’s connections can be viewed by the public.

How can businesses protect their social media presence?

With respect to the Federal District Court, we do not consider that the correct approach regarding rights in social media accounts was taken in Eagle. The approach taken in Christou, PhoneDog, and Whitmar, which focuses on the account itself, rather than the ‘connections’ or ‘friends’ contained therein, should be preferred.

The disconnect between the decisions in Christou v Beatport and Eagle v Morgan does not assist in clearly determining whether there is a basis for protection of a social media account at general law. These decisions are yet to be reconciled by a superior Court in the United States.

Further, the decision in Whitmar can be explained by both the clear wrongdoing committed by the ex-employees, and the accepted evidence that the relevant LinkedIn account was created and maintained solely for corporate purposes. In reality, employees will readily mix their personal and professional social media pursuits – with “friends”, “connections” and “followers” being consequently collected by those employees both in their personal and professional capacities. Following the inconclusive inquiry undertaken in PhoneDog v Kravitz, it is apparent that the rights found in common law and equity cannot satisfactorily resolve the question of who might own a social media account. With this in mind, we provide the following recommendations to any business that might wish to protect the goodwill created in their social media pursuits:

  1. Develop a comprehensive social media policy, which conclusively deals with the employer and employee’s agreed rights regarding ownership and control of social media accounts – and which seeks to specifically identify
  2. Accounts created by the employer, to be retained by the employer; and
  3. Accounts created and maintained by the employee (but which may be used by the employee in furtherance of the employer’s business interests).

It is imperative that any employee who will be given control or influence over your social media accounts understands and agrees, in writing, to any such policy.

  1. Ensure that you always retain control of ‘corporate’ Twitter and Facebook accounts, by keeping their passwords in your control – and ensuring that any employee given access to such accounts is closely monitored. ‘Recovery’ email accounts associated with the accounts should also be kept in the custody of the employer – so the employer will be immediately informed of any attempt by the employee to change the account password or otherwise take control of the account;
  2. Have robust non-compete and non-solicitation clauses drafted in your employment contracts – and ensure that the employees agree to these terms before commencing employment. Given that a significant element of the ‘value’ in a business’ social media presence is derived from the fact that the employee, if minded to misappropriate the account, can use that account as a ‘springboard’ from which to steal their employer’s business contacts and clients (or at least their focused attention), an employer must have a robust contractual framework which they can readily enforce against the employee to prevent any misuse of corporate social media accounts.It is important to note, however, that non-compete and non-solicitation agreements, while potentially powerful, must be carefully drafted, as Courts will refuse to enforce non-compete and non-solicitation agreements which can be characterised as an unlawful ‘restraint of trade’;
  3. Be open and frank with employees about their position, and the expectations of both the employer and employee regarding social media use. Disputes regarding control of social media accounts may be most effectively avoided if such expectations are made clear (and recorded) before the commencement of the employment relationship; and
  4. Accept that employees, no matter how loyal, will ultimately leave – and have in place a robust mechanism to properly identify and protect information that an employer may legitimately consider valuable and necessary to protect when they do.

In summary, it is important for employers to recognise that the general law will only provide limited, if any, remedies for a claim by an employer that their social media presence has been misappropriated or ‘hijacked’ by an ex-employee – any rights that an employer might want to preserve in relation to their social media accounts should be distilled in a clearly-worded and readily-enforceable contract.

This article was written by Peter Campbell, Partner and Sanjay Schrapel, Associate.

Subscribe to HWL Ebsworth Publications and Events

HWL Ebsworth regularly publishes articles and newsletters to keep our clients up to date on the latest legal developments and what this means for your business.

To receive these updates via email, please complete the subscription form and indicate which areas of law you would like to receive information on.

Contact us