Many companies have presence on social networks and do not know the consequences and repercussions that their online reputation and image could receive as a result of badly managing a communications crisis by the Community Manager or his/her staff.
Therefore, it is necessary to know the regulations applicable for the use of social networks which includes the regulations and policies of personal use of social networks (privacy policies, advertising regulations, conditions for use, rules, etc.), as well as the regulations in force, such as that related to personal data protection. These guarantee privacy, confidentiality, a proper use of the users data and of their rights; protection of the rights of the author of the online content, the right to honour, intimacy and personal image of the users is also guaranteed, disloyal competition practices are avoided, the right to trademarks are respected, regulations for promotional competitions are complied with, as well as the obligations of the LSSI (Law of Information Society Services and E-commerce).
The incompliance of these could cause civil and administrative liability of substantial amounts, and criminal liability of the company that could result in fines, prison sentences and even the dissolving of the company and ceasing of activity, for crimes committed online in the name or on behalf of a legal person, and for their benefit, by legal representatives and de facto or de jure administrators, or by internal or external staff (such as publicity or marketing agencies or community managers) when demonstrated that “the events have taken place without having exercised the due control concerned with the specific circumstances of the case.” (art. 31 bis of Spanish Criminal Code).
Consequently, the company must confirm that adequate monitoring has been exercised by the person in charge of the social media presence, through possible instruments as indicated (Marina Roig Altozano, 2012), of prevention, such as codes of conduct, programmes for compliance with legality, etc., where the company analyses the criminal risks that could arise in light of its activity, defines the ethical principles and regulations which should be employed for the behaviour of all agents of the company, and expressly prohibits those behaviours that could be considered as criminal, and all agents of the company must assume its values and cultures, which respect legality. Instruments of control (internal and external supervision), and Displinary instruments (sanctions) that guarantee compliance.
Said instruments must form part of a good social media compliance strategy that: (i) helps the company to avoid liabilities, to comply with the regulations in force and to prevent fines, sanctions or claims that could damage the online reputation, prestige and image of the company (brand), (ii) regulates the rules of behaviour for staff and community managers for the use of social networks (important when managing a communications crisis), and (iii) provides a uniform policy for conduct, with clear rules known by all staff, which improves the coordination and management of activities carried out, gains trust and security and protects a consistent image of the company in an online setting.
If you would like to implement a Social Media Compliance strategy, we recommend that you take the following into account:
- As a first step, it is necessary to do a “preliminary study and analysis”, of staff, the size of the company, the objectives for having a social media presence, the strategy you will implement, etc.
- Identification and prioritization of the risks that could affect the company regarding the Social Media strategy, and an evaluation of these risks.
- To create an “Internal social media policy” which the staff must comply with, which clearly and precisely specifies the measures needed to follow and lines of action for the use of social networks (hours, messages within the networks, downloads, rolls, planning, enquiries and messages in general). This internal policy may be based on clear and simple principles, for example the company Dell has 5 principles that could be used as a guide: protect information; be transparent and disclose; follow the law; follow the codes of conduct; be responsible, be nice, have fun and connect (and remember that the social media account ownership is from Dell).
- It is necessary to “prepare and train” staff, directors and employees on the regulations that need to be complied with, rules to be followed and the importance of the use of social networks, but also that they know its limitations and consequences of related actions.
- It is recommended that a uniform policy exists of “creation of content of third parties” published on the internet, and that it is also monitored, given that this could cause damage to the reputation and image of the company.
- Likewise, it should be clear to employees that they must not associate their personal profiles with the company. The employees must be reminded that they are ambassadors of the brand of the company they work in and also, although they may talk of the company’s activities, there are secrets, projects and situations that must be kept private.
- Finally, monitoring is important, “supervision and verification of compliance” and “updating”, of the policies. It should be an active document, and it is important to implement mediums and/or have people in charge of their supervision, and, where necessary, lines of action in order to eliminate, modify and even start internal or external actions when facing behaviour which could result in a risk for the reputation of the company.
The main risk areas for companies:
- Concerning data protection: having the express consent of the persons data to send them publicity or include them in promotional campaigns, guaranteeing the exercise of ARCO rights (access, rectification, cancellation and objection) and other guarantees in the LOPD (Organic Law for Data Protection) and its development regulation.
- Concerning LSSI: informing, as a lender of services on websites and social network profiles, about your name, address, e-mail address, etc. Also, having general conditions of service that regulate the contracting or purchase through internet, and sending publicity that makes the identity of the advertiser known, not sending unrequested promotional messages (SPAM), offering to the recipient, the possibility of objecting data processing for promotional aims both for data collection and commercial communications, and establishing mechanisms so that users may stop receiving something after it was authorized.
- In relation to the regulation on protection of the brand and disloyal competition: not using the trademark of a competitor as a key word in search engines, and not carrying out disloyal competition practices when connecting to competitors’ sites, which offer services or products that are similar or the same, or not using small spelling mistakes or similar words that can cause confusion for users, and result in the exploitation of the reputation of an unrelated company, and
- Concerning intellectual property: to copy (plagiarize) and reproduce the entire contents and images of websites, blogs etc. without respecting the rights of the author concerned, as well as publishing part of the contents without citing the author, and without including references or corresponding links.
These are some practical examples that should be followed in order to not go against the law in force, and so there is no risk of liability for companies.
If you would like further information on the contents of this article or require our collaboration in order to be informed about the specific impact concerning your activity, please do not hesitate to contact us.
Suscríbete a LeQuid de la Cuestión
La publicación de LeQuid sobre el mundo del Derecho en los negocios.