Employer appropriates an ex-employee’s LinkedIn account

LinkedIn Centipede Participants in the 2010 ING Bay to Breakers

An American executive unsuccessfully sought to have her LinkedIn profile restored to her after her former employer appropriated her profile when she left the company. According to Internet Cases:  

After plaintiff was fired as an executive, her former employer (using the password known by another employee) took over plaintiffs LinkedIn account. It kept all of plaintiff’s contacts and recommendations but switched out plaintiff’s name and photo with those of the new CEO.

Plaintive sued in federal court under the Computer Fraud and Abuse Act, the Lanham Act, and a slew of state law claims including identity theft, conversion and tortious interference. The former employer moved for summary judgment on the CFAA and Lanham Act claims. the court granted the motion, but continued to exercise supplemental jurisdiction over the state law claims. 

The court described the facts as follows:

Eagle used her account to promote Edcomm’s banking education services; foster her reputation as a businesswoman; reconnect with family, friends, and colleagues; and build social and professional relationships. [Another employee] assisted Eagle in maintaining her LinkedIn account and had access to Dr. Eagle’s password.

Venkat Balasubramani, writing on the Technology & Marketing Law blog, added the following:

After Edcomm got acquired, the new owner eventually terminated Dr. Eagle. The company immediately took over her LinkedIn account, changing the account’s login credentials and substituting in the name and photo of Dr. Eagle’s replacement. Unfortunately for Dr. Eagle, the court grants defendants’ motion to dismiss her federal claims based on the Computer Fraud and Abuse Act and the Lanham Act. 

This case raises a few interesting questions and although the court did not deal with the remaining claims (and may arrive at different conclusions were considers those claims in due course), I found myself wondering what the legal position would be if a local employer attempted to appropriate a former employee’s LinkedIn profile when an employee leaves the company. This hypothetical employee would probably have 2 causes of action based on the LinkedIn User Agreement and the Electronic Communications and Transactions Act. A claim based on the LinkedIn User Agreement word, primarily, be directed at LinkedIn itself in the form of a complaint based on a violation of the User Agreement’s terms and conditions. A claim based on the Electronic Communications and Transactions Act would likely be based on the chapter 8 Cyber Crime provisions.

LinkedIn User Agreement

The User Agreement contains a number of provisions dealing with the basis on which a person may make use of the LinkedIn service and restrictions imposed on those usage rights. One of the initial provisions under the heading, Scope and Intent, states the following: 

If you are using LinkedIn on behalf of a company or other legal entity, you are nevertheless individually bound by this Agreement even if your company has a separate agreement with us. If you do not want to register an account and become a LinkedIn User, do not conclude the Agreement, do NOT click “Join LinkedIn” and do not access, view, download or otherwise use any LinkedIn webpage, information or services. By clicking “Join Now,” you acknowledge that you have read and understood the terms and conditions of this Agreement and that you agree to be bound by all of its provisions. By clicking “Join Now,” you also consent to use electronic signatures and acknowledge your click of the “Join Now” button as one. Please note that the LinkedIn User Agreement and Privacy Policy are also collectively referred to as LinkedIn’s “Terms of Service.”

The User Agreement also requires users to agree to keep their passwords secure and confidential; not permit others to use their accounts as well as to refrain from using other users’ accounts. It goes on to further incorporate these restrictions into the rights LinkedIn grants users –

On the condition that you comply with all your obligations under this Agreement, including, but not limited to, the Do’s and Don’ts listed in Section 10, we grant you a limited, revocable, nonexclusive, nonassignable, nonsublicenseable license and right to access the Services … 

The User Agreement doesn’t allow for much of what happened in this particular case. Dr Eagle should not have shared her login credentials with her colleague (during this was a violation of the User Agreement and would have entitled LinkedIn to remove her account or otherwise deny her access to the service) and her colleague was not entitled to assist the company in taking over her account and changing the profile’s details to the new CEO’s.

The Electronic Communications and Transactions Act

Section 86 deals with “Unauthorised access to, interception of or interference with data”. This section criminalises efforts to overcome security measures designed to protect data, which includes password to access codes, or accessing that date. This is, arguably, what Dr Eagle’s colleague did on Dr Eagle’s former employer’s behalf. Although Dr Eagle gave her colleague access to her LinkedIn profile, it appears that the extent of that authorisation (although not permissible in terms of the User Agreements) was to assist in managing their profile on Dr Eagle’s behalf.

Appropriating Dr Eagle’s LinkedIn account for the benefit of a new CEO exceeds the parameters of this authorisation Dr Eagle granted to her colleague, is likely a criminal act under the Electronic Communications and Transactions Act (were this case to be adjudicated by a local court under this Act) and may even be a violation of a number of other rights Dr Eagle had in the profile content. Depending on the content of the profile after its misappropriation, the company may even have attracted liability on the basis of unlawful competition, privacy violation and so on.

This scenario touches on concerns companies have regarding employees who establish prominent profiles using social services like LinkedIn, who subsequently leave the company and may be in a position to leveraged those profiles for the benefit of a competitor or even for their own benefit as they engage in potentially competitive business activities. The actions taken by the company in this particular case or highly problematic for a number of reasons which I have mentioned in this post and highlight the importance of some sort of agreed contractual framework between employers and their employees regarding ownership of the social profiles and the extent to which a company may wish to lay claim to those profiles. From an employee’s perspective, it is a good idea to draw a distinction between a personal profile and a profile dedicated to promoting the employer’s business. In some respects, this is similar to employees limiting their personal correspondence to personal email accounts and only making use of their business email accounts for business purposes.

I’m interested to find out how the court in this particular case rules on the additional state law claims Dr Eagles has brought against her former employer. Although this sort of case is yet to reach our courts (although our courts have already dealt with a situation where a former employee breached the terms of his restraint of trade and this was partly evidenced by his activity recorded in his LinkedIn profile). Employers are seeking to appropriate their employees’ LinkedIn profiles may well encounter a number of difficulties ranging from violations of LinkedIn’s User Agreement to unlawful conduct and various pieces of legislation and infringements of employees’ rights, generally.

Image credit: LinkedIn Centipede Participants in the 2010 ING Bay to Breakers by smi23le, licensed CC BY 2.0

Comments are closed.

Powered by WordPress.com.

Up ↑

%d bloggers like this: