It should come as no great shock that platforms such as Twitter, Facebook, and Instagram offer organizations low-cost avenues to reach customers. The advertising upside of reaching the 2.9 billion active users of Facebook and 1 billion active users of Instagram is obvious. ((Avery Hartmans, Rob Price, Instagram just reached 1 billion users, Business Insider (June 20, 2018, 1:58PM), https://www.businessinsider.com/instagram-monthly-active-users-1-billion-2018-6.)) Unsurprisingly, major businesses have caught on to this fact as at least 85% of the Fortune 500 have Facebook pages and 53% have active Instagram profiles. ((Nora Ganim Barnes, Shannen Pavao, The 2017 Fortune 500 Go Visual and Increase Use of Instagram, Snapchat, and YouTube, UMass Dartmouth Center for Marketing Research, https://www.umassd.edu/cmr/socialmediaresearch/2017fortune500/#d.en.963986 (last visited Oct. 13, 2018).))
Social media usage by companies and employees, however, is not without its risks. As best exemplified by the recent SEC claims against Elon Musk and Tesla, companies must also be aware of the potential downside risk that comes with social media. Improper social media use in businesses can “lead to serious negative consequences including fraud, intellectual property loss, financial loss, privacy violations and failure to comply with laws and regulations.” ((Steve Culp, Rafael Gomes, Jonathan Narveson, A Comprehensive Approach to Managing Social Media Risk and Compliance, Accenture, https://www.accenture.com/t20150523T022413__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_1/accenture-comprehensive-approach-managing-social-media-risk-compliance.pdf (last visited Oct. 29, 2018).))
While corporate social media policies aim to enable efficient use of social media while limiting the downside business risk, there are significant legal strictures within which these policies must reside. This blog post will first look at the legal guardrails for social media policies and usage, and will then look at the Securities and Exchange Commission (“SEC”) allegations against Elon Musk and Tesla as an example of the business and legal risk of failing to implement an effective social media policy.
Legal Considerations for Social Media Policies
Corporate social media policies can help businesses avoid many risks inherent in using social media, but these policies must be implemented so as not to create additional legal issues. In general, social media policies must navigate at least three legal pitfalls: (1) not inappropriately stifling employee speech; (2) appropriately defining and acting against inappropriate online behavior; and (3) ensuring that employees do not break the law.
Social Media Policies Cannot Infringe Employee Communications About Concerted Action
When defining policies that control employee conduct on social media, businesses must be cognizant that some employee communications are protected under the National Labor Relations Act (“NLRA”) Section 7. ((See 29 U.S.C. § 157; see also 29 U.S.C. § 158.))
In general, employers cannot interfere with an employee’s ability to exercise her right to unionize. ((Interfering with employee rights (Section 7 & 8(a)(1)), NLRB, https://www.nlrb.gov/rights-we-protect/whats-law/employers/interfering-employee-rights-section-7-8a1, (last visited Oct. 13, 2018).)) Central to employee rights in this area is the right to engage in “concerted activities for the purpose of collective bargaining or other mutual aid or protection.” ((29 U.S.C. 157.)) Concerted activities include any actions where “individual employees seek to initiate or to induce or to prepare for group action, as well as individual employees bringing truly group complaints to the attention of management.” ((Meyers Indus., Inc., 281 N.L.R.B. (1986).))
The NLRA explicitly states employers shall not “interfere with, restrain, or coerce employees in the exercise of the rights guaranteed in section 157 of this title.” ((29 U.S.C. 158.)) The National Labor Relations Board (“NLRB”) directly seeks to protect employee rights, and has repeatedly prevailed against employers not just to protect union activity such as planned work stoppages, ((see e.g. Greater Omaha Packaging Co. Inc. v. NLRB, 790 F.3d 816 (8th Cir. 2015).)) but also to protect communication via social media. ((See e.g. Karl Knauz Motors, Inc., 358 N.L.R.B. (2012).))
Many cases prior to December 2017 relied upon the test enunciated in Lutheran Heritage in order to assess whether a policy violated Section 7 of the NLRA. ((The Boeing Company, 365 N.L.R.B. No. 154, 1 (Dec. 14, 2017).)) The first and most widely used prong stated that an employer’s policy violated Section 7 if “employees would reasonably construe the language to prohibit Section 7 activity.” ((Martin Luther Memorial Home, Inc., 343 N.L.R.B. (2004).)) This test was generally employee-friendly, as written policies were essentially interpreted against the businesses. ((See Memorandum GC 18-04, Guidance on Handbook Rules Post-Boeing (June 6, 2018).))
However, after 13 years of applying the Lutheran Heritage test both at the ALJ and Circuit Court levels, the NLRB replaced this test in December 2017 with the Boeing decision. ((The Boeing Co., 365 N.L.R.B. No. 154 (Dec. 14, 2017).)) As the first listed defect with the prior standard, the Boeing majority concluded the prior standard had “single-minded consideration of NLRA-protected rights, without taking into account any legitimate justifications associated with policies, rules and handbook provisions.” ((Id. at 2.)) Under the new test, when assessing the validity of a corporate policy, a court will now evaluate a facially-neutral policy according to “(i) the nature and extent of the potential impact on NLRA rights, and (ii) legitimate justifications associated with the rule.” ((Id.))Under this test, policies will fall within three broad categories: (1) lawful policies, (2) policies warranting scrutiny, and (3) policies that are unlawful. ((Id. at 16.))
In the first category are policies that either do not interfere with NLRA rights or are outweighed by justifications. ((Id.)) In the second category are policies that are not obviously lawful or unlawful. ((Id.)) These are then evaluated by balancing (1) whether the policy would reasonably interfere with the exercise of employee’s NLRA rights and (2) whether a legitimate justification outweigh the potential interference. ((Id.)) In the third category are policies that prohibit or limit NLRA-protected conduct and are not outweighed by justifications. ((Id.))
Decided along a 3-2 split of the NLRB, Boeing involved a facially neutral policy that restricted the use of camera-enabled devices on Boeing property. ((Id. at 1.)) The ALJ had previously applied the Lutheran Heritage test and found the policy violated the NLRA. ((Id.)) For the majority in Boeing, however, this case turned on the weight of countervailing justifications for the policy, including that Boeing was a federal contractor that dealt with national security. ((Id. at 22.))
However, two NLRB members refused to sign on to the new test announced in Boeing, and vigorously defended the prior test while concluding that the “majority’s new standard lacks a rational basis and is inconsistent with the Act.” ((Id. at 26.)) Indeed, while the majority attempted to define a test with more clarity and justice for employers, dissenting Member Lauren McFerran posited that “to pretend that this ill-defined, multi-factor balancing test will yield ‘certainty and clarity’ is laughable.” ((Id.))
In June 2018, the NLRB General Counsel issued guidance on handbook rules to help clarify the new system post-Boeing. ((National Labor Relations Board, Office of General Counsel, Memorandum GC 18-04, Guidance on Handbook Rules Post-Boeing (June 6, 2018).)) Aside from the new test itself, “ambiguities in rules are no longer interpreted against the drafter, and generalized provisions should not be interpreted as banning all activity that could conceivably be included.” ((Id. at 1.)) Given the relative lack of precedent interpreting this new test, the General Counsel of the NLRB has provided some addition guidance in June 2018 in an attempt to further define what sorts of policies would fall within each category. ((Id. (stating these policies include “Civility Rules,” “No-Photography Rules and No-Recording Rules,” and “Rules Against Insubordination, Non-cooperation, or On-the-job Conduct that Adversely Affects Operations,” “Disruptive Behavior Rules,” “Rules Protecting Confidential, Proprietary, and Customer Information or Documents,” “Rules against Defamation or Misrepresentation,” “Rules against Using Employer Logos or Intellectual Property,” “Rules Requiring Authorization to Speak for Company,” and “Rules Banning Disloyalty, Nepotism, or Self-Enrichment.”) ))
Although there are few examples of cases argued under the new Boeing test, prior precedents highlight the need for employers to draft their social media policies carefully in order to respect the right for employees to engage in concerted action with other employees. “Employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees.” ((The NLRB and Social Media, NLRB, https://www.nlrb.gov/rights-we-protect/rights/nlrb-and-social-media (last visited Oct. 13, 2018).)) Narrowly tailored social media policies allow for both the protection of the companies as well as the protection of the rights of employees.
Social Media Policies Outline Unacceptable Behavior
Corporate social media policies function to fulfill a vital role in exerting control over communications from employees, but businesses must ensure that they are not overly broad. Even as it protects the rights of employees, the NLRB allows that:
work rules that prohibit employees from using offensive, demeaning, abusive, or other similar language in the workplace are not facially invalid . . . because employers have a legitimate interest in establishing a ‘civil and decent work place,’ free of racial, sexual, and other harassment that can subject them to legal liability under State or Federal law. ((General Motors, LLC, 07-CA-53570 2012 WL 1951391 (May 30, 2012).))
Indeed, employees will not be afforded protection under Section 7 if their actions “did not relate to the terms and conditions of his employment or seek to involve other employees in issues related to employment.” ((Lee Enterprises, Inc., 2011 WL 1825089, at 5 (Apr. 21, 2011).)) Given the revised test post-Boeing, employers may even have a broader scope to justify their rules as necessary in such a way to offset any possible Section 7 infringement. ((The Boeing Company, 365 N.L.R.B. No. 154, 1 (Dec. 14, 2017) (holding that a business could be found not in violation of Section 7 given sufficient justification).))
Social Media Policies Must Seek to Ensure Employees Do Not Independently Break the Law
Social Media policies must balance competing interests, in that both the rights of the employees and the needs of the business must be considered. However, core to the exercise of defining an acceptable social media policy is defining how the business can halt clear violations of laws. As most recently exemplified by the SEC’s 2018 action against Elon Musk and Tesla, federal law directly prohibits certain types of speech including the misstatement of material facts in the context of securities transactions. ((17 C.F.R. § 240.10b-5 (2018).))
SEC Rule 10(b)-5 lays out one source of liability for companies require controlled used of social media for public and private companies that engage in securities transactions. ((See Section 10(b) Litigation: The Current Landscape, American Bar Association (June 29, 2017), https://www.americanbar.org/groups/business_law/publications/blt/2014/10/03_kasner/.)) In relevant part, rule 10(b)-5 makes it unlawful:
To employ any device, scheme, or artifice to defraud, [t]o make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made not misleading, or [t]o engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security. ((17 C.F.R. § 240.10b-5.))
This rule likely applies to all securities transactions, regardless of whether the company is publicly traded or privately held. ((See Joint Submission in Support of Approval and Entry of Proposed Consent Judgments, SEC v. Musk, Case 1:18-cv-8865-AJN-GWG (S.D.N.Y. Oct. 11, 2018).)) This relates to any communication channel, but the application to the current social media landscape makes it particularly perilous as businesses rely on more varied modes of communication rather than just press releases.
The breadth of the enforceability of Rule 10(b)-5 has been narrowed in recent years by a series of cases, notably Janus Capital Group, Inc. v. First Derivative Traders ((See 564 U.S. 135, 142 (2011) (“maker of the statement is the person or entity with ultimate authority over the statement, including content and whether and how to communicate it.”) )) and Stoneridge Inv. Partners, LLC v. Sci.-Atlanta, Inc. ((See 552 U.S. 148 (2008) (holding that Rule 10(b) liability does not extend to vendors and customers).)) However, a corporation can be held liable for the actions of its officers directly through a failure to provide adequate controls under Rule 13(a)-15, ((29 U.S.C. 157)) or through a general rule of imputation if the fraud is “committed ‘within the scope of his employment’ or ‘for a misleading statement made by an employee or other agent who has actual or apparent authority.’” ((In re Chinacast Education Corporation Securities Litigation, 809 F.3d 471 (9th Cir. 2015) (citing Hollinger v. Titan Capital Corp., 914 F.2d 1564, 1577 (9th Cir. 1990)). This interpretation is also followed by the 7th and 10th Circuit Courts of Appeals. Even given the narrowed enforceability of Rule 10(b)-5, the scale of liability to the corporation itself adds to the importance of comprehensive controls of statements from corporate officers.
The potential fines for civil or criminal violations of Rule 10b-5 are not negligible even for well-capitalized companies. Under the criminal sanction of Rule 10b-5, the individual or business can be “fined not more than $5,000,000, or imprisonment of not more than 20 years if the defendant does not prove that he had no knowledge of the rule, or both, or fine not exceeding $25,000,000 in the case of a person other than a natural person.” ((15 U.S.C. § 78ff(a) (2002).)) Aside from the criminal penalties, the SEC may bring civil enforcement actions against violators that can reach into the millions of dollars, although the penalties arising from such actions vary both in magnitude as well as calculation methodologies. ((See Jonathan N. Eisenberg, Calculating SEC Civil Money Penalties, Harvard Law School Forum on Corporate Governance and Financial Regulation (Jan. 24, 2016), https://corpgov.law.harvard.edu/2016/01/24/calculating-sec-civil-money-penalties/.))
Failure of Corporate Social Media Policies and SEC Enforcement: Elon Musk and Tesla
Companies must take care not to tread on the rights of its employees, but it must still create and enforce a social media policy to ensure that no employee communications directly break the law. Most recently, Elon Musk and Tesla have flown too close to the sun and were exposed to action because of Musk’s social media postings.
As of August 1, 2018, Elon Musk was the Chairman and CEO of Tesla. He is broadly known as a prolific user of Twitter, and messages on his personal Twitter account (@elonmusk) range from purely personal, including his vendetta against a British cave diver, to business-related tweets about potentially taking Tesla private. ((See Maya Kosoff, Has Elon Musk’s Twitter Habit Become a Liability?, Hive (Aug. 28, 2018, 6:20pm), https://www.vanityfair.com/news/2018/08/has-elon-musks-twitter-habit-become-a-liability; see also Donna Fuscaldo, Elon Musk Has Tweeted 4,925 Times: WSJ, Investopedia (July, 21, 2018, 11:35am), https://www.investopedia.com/news/elon-musk-has-tweeted-4925-times-wsj/.)) Even before his tweets about taking Tesla private, Tesla’s share price experienced market swings directly related to Musk’s twitter usage. ((Rebecca Ungarino, Tesla stock sank after Musk tweeted, again, CNBC (July 17, 2018 11:54am), https://www.cnbc.com/2018/07/16/tesla-sinks-after-elon-musk-tweets-again.html.))
On August 7, 2018, Musk tweeted “[a]m considering taking Tesla private at $420. Funding secured.” ((Elon Musk (@elonmusk), Twitter (Aug. 7, 2018, 9:48am), https://twitter.com/elonmusk/status/1026872652290379776.)) Less than three hours later, he followed up with another tweet, stating “[i]nvestor support is confirmed. Only reason why this is not certain is that it’s contingent on a shareholder vote.” ((Elon Musk (@elonmusk), Twitter (Aug. 7, 2018, 9:48am), https://twitter.com/elonmusk/status/1026914941004001280.)) Tesla’s share price ended the day up 10%, but after the SEC filed its lawsuit against Musk Tesla share price plummeted 11% in value. ((Linette Lopez, The SEC sues Elon Musk, Wants to Bar Him From Being CEO of a Public Company, Business Insider (Sept. 27, 2018, 4:07pm), https://www.businessinsider.com/tesla-elon-musk-sued-by-sec-2018-9?utm_source=markets&utm_medium=ingest.))
In its complaint against Musk, the SEC alleges that Musk’s tweets on August 7th “that funding was ‘secured’ and investor support was ‘confirmed’ were false and misleading because, in reality, Musk had no ‘secured’ or ‘confirmed’ commitment from any source to provide any amount of funding.” ((Complaint at 62, SEC v. Musk, Case 1:18-cv-08865 (S.D.N.Y. Sept. 27, 2018).)) The SEC complaint then continued to allege the factual background and elements required to hold Musk liable under Rule 10b-5. ((Id. at 78.))
As of October 13, 2018, the SEC, Musk, and Tesla had come to a settlement agreement relating to the SEC charges under Rule 10b. ((See Joint Submission in Support of Approval and Entry of Proposed Consent Judgments, SEC v. Musk, Case 1:18-cv-8865-AJN-GWG (S.D.N.Y. Oct. 11, 2018).)) Amongst other items, Musk and Tesla agreed to a fine of $20 million each, to Musk stepping down from his role as chairman of Tesla’s board of directors, and to “mandatory procedures to oversee and preapprove Mr. Musk’s Tesla-related written communications that reasonably could contain information material to the company or its shareholders.” ((Id. at 2.))
Social Media Policies Can Protect Companies From Liability
While social media policies must certainly be tailored to the size, history, and culture of each company, ((see Desiree F. Moore, Erinn L. Rigney, Do Not Cut and Paste – Why Your Company Needs Tailored Social Media Policies and Procedures, The National Law Review (June 21, 2018), https://www.natlawreview.com/article/do-not-cut-and-paste-why-your-company-needs-tailored-social-media-policies-and)) complying with such policies are essential for every company in the age of social media. Given the way the Musk tweets unfolded and the inclusion of mandatory oversight of Musk’s written communications in the SEC settlement, it is no stretch to say that Tesla’s prior social media policy was inadequate to effectively control Musk’s social media posting and eventual breach of the securities regulations. Clear and defined social media policies that balance employee rights, business requirements, and controls against breach of legal prohibitions must enable companies to protect themselves against actions that can end up costing them and their officers millions.