06. Social Media and Data Privacy in India

Restrictions in the Workplace

India is also in the process of framing a comprehensive legislation on data protection, which would certainly have an impact on the employer’s right to monitor and review employees’ electronic communications.

Can the employer monitor, access, review the employee’s electronic communications?

In terms of the IT Rules, employers can access, review and monitor an employee’s official electronic data (i.e. work-related data) subject to obtaining his/her consent, as clearly stipulated in the concerned employment contract / appointment letter and internal policy / employee’s handbook. Employers would also have to formulate a privacy policy and upload the same on its website and the intranet. This privacy policy would detail all its obligations regarding collecting, storing, and processing of employees’ personal information. Additional obligations are prescribed under the IT Rules in case the employer collects / has access to ‘sensitive personal information’ of employees such as credit card information, biometric information, passwords and medical records. Moreover, there are a couple of landmark judgments in India on the fundamental right to privacy.

Employee’s Use of Social Media to Disparage the Employer or Divulge Confidential Information

While there are no specific laws that govern employees’ use of social media, any disparagement of employers and/or any divulging of confidential information would attract consequences under existing civil and criminal laws that govern defamation, breach of contract, divulging trade secrets and infringing intellectual property. Further, keeping in mind the rapidly evolving regulatory framework in relation to technology laws and data protection, employers are also defining policies that would affect their employees’ participation on social media during work hours. Several companies, especially technology and outsourcing companies, have installed firewalls that prevent employees from accessing social media sites at the workplace, whereas several other companies have defined social media usage policies that educate employees on the implications of misuse of social media (especially given that employers could be held vicariously liable for any actions of employees in this regard).

In addition, employers can include strong provisions in their employment contracts / appointment letters for protection of confidential information, trade secrets, intellectual property, and other proprietary information. Indian Courts, typically, take claims of confidentiality breaches and disclosure of sensitive information very seriously; it is an established principle under Indian jurisprudence that an employer has full and exclusive ownership of the information that the employee comes in contact with during the course of employment, including any and all information contained in the employee’s official email accounts. Also, employers can, subject to obtaining employee consent, monitor employees’ activities on social media during work hours for the reasons outlined above.