Social Media Policy (Ireland)

A Social Media Policy in Ireland sets out the standards, responsibilities, and procedures the organisation expects everyone to follow, and takes its legal force from the Employment Equality Act 1998.

Social media encompasses a broad range of platforms — including LinkedIn, X (formerly Twitter), Facebook, Instagram, TikTok, YouTube, Reddit, and WhatsApp — that allow users to publish content, share information, and interact with others online. For employers, social media presents both opportunities (marketing, employer branding, talent acquisition) and significant risks (reputational damage, harassment, data breaches, confidentiality breaches, and legal liability).

The Employment Equality Acts 1998–2015 are relevant because the Workplace Relations Commission (WRC) and the Labour Court have held that harassment and sexual harassment perpetrated via social media can engage employer liability under section 14A of the Employment Equality Act 1998, even where the conduct occurs outside working hours. Employers must take reasonably practicable steps to prevent and address such conduct.

GDPR and the Data Protection Act 2018 govern the processing of personal data in connection with social media — whether the organisation is collecting personal data through corporate social media accounts, monitoring employees' personal social media use, or processing data about individuals mentioned in posts. The Data Protection Commission (DPC) has published guidance on employee monitoring that is directly relevant to the design of a social media monitoring policy.

The Defamation Act 2009 creates both civil and criminal liability for false and injurious statements published on social media. Employers may face vicarious liability for defamatory posts made by employees in the course of their employment.

The Criminal Justice (Incitement to Violence or Hatred and Hate Offences) Act 2024 and the Non-Fatal Offences Against the Person Act 1997 create criminal offences that may be committed via social media, including harassment and stalking. Employers have both an ethical and a potential legal obligation to confirm their social media policy addresses these risks.

A well-structured Social Media Policy provides practical guidance that helps employees use social media responsibly, protects the organisation from legal liability, and sets clear expectations about conduct that will be subject to disciplinary action.

The Work Life Balance and Miscellaneous Provisions Act 2023, which formalised the right of employees to request remote working in Ireland, has particular relevance for social media policies: where employees work from home, social media access and personal use during working hours is harder to observe and manage. The social media policy should therefore address remote working contexts explicitly, setting clear expectations about personal social media use during working hours regardless of location.

A well-designed Irish Social Media Policy sets reasonable and proportionate boundaries that protect the organisation's legitimate interests while respecting employees' rights to private life under Article 8 of the European Convention on Human Rights (ECHR) and Article 7 of the EU Charter of Fundamental Rights. The policy should be developed in consultation with employee representatives, communicated at induction, refreshed regularly, and applied consistently. An inconsistently enforced policy — where similar conduct is treated differently across employees or departments — is likely to generate Unfair Dismissals Act or Employment Equality Act claims before the Workplace Relations Commission. The Data Protection Commission (DPC) guidance on employee monitoring must be followed before any monitoring of employees' personal social media activity is undertaken by the employer.

The Online Safety and Media Regulation Act 2022 (No. 41 of 2022), which established Coimisiún na Meán (the Media Commission) as the new regulator for online safety and broadcasting in Ireland, introduces additional obligations for designated online services in relation to harmful online content. While the Act primarily targets large platforms rather than individual employers, organisations operating social media channels should be aware of its regulatory framework and the obligations it imposes on designated online services regarding harmful content. The Act commenced in stages from 2023, with the Online Safety Code imposing binding obligations on designated video-sharing platforms from 2024–2025. The Criminal Justice (Hate Offences) Act 2024 commenced on 31 December 2024 and provides for increased prison sentences for crimes proven to be motivated by hatred based on protected characteristics including race, colour, nationality, religion, national or ethnic origin, descent, disability, gender, sex characteristics, and sexual orientation. Note that controversial hate speech incitement provisions were removed from the Bill before it passed; the existing Prohibition of Incitement to Hatred Act 1989 continues to govern incitement offences, though the Minister for Justice has indicated that legislation to update the 1989 Act for the modern online environment will be progressed. Employers' social media policies should be updated to reference the Criminal Justice (Hate Offences) Act 2024 and to clarify that social media conduct aggravated by hatred — including posts targeting colleagues or customers on any of the protected grounds — may constitute both a criminal offence and gross misconduct warranting summary dismissal.

An Irish Social Media Policy is needed by any employer who operates a corporate social media presence, whose employees use social media in connection with their work, or whose employees' personal social media use has the potential to affect the organisation or their colleagues. Given the near-universal use of social media in modern workplaces, this effectively means that all Irish employers should have a social media policy.

You need a Social Media Policy if your organisation: manages corporate social media accounts on platforms such as LinkedIn, X, Facebook, or Instagram and employs staff who post content on those accounts; has experienced situations where employees have posted content on personal social media that mentioned the employer, disclosed confidential information, or was directed at or about colleagues; has received complaints of social media harassment — including conduct that occurred after hours on personal devices — which engaged the employer's obligations under the Employment Equality Acts 1998–2015; is in a regulated sector where employees are prohibited from making public statements about the organisation's business — for example, financial services firms regulated by the Central Bank of Ireland, where the Market Abuse Regulation (MAR) prohibits market-sensitive disclosures; employs customer-facing staff in sales, marketing, or public relations roles who interact with customers and partners through social media as part of their job functions; has experienced a social media data breach — for example, an employee sharing customer data on a personal social media account — which triggered notification obligations to the Data Protection Commission (DPC) under GDPR Article 33; or operates in a sector where employee social media conduct is scrutinised by a professional regulator — for example, healthcare, legal services, or financial advice.

For organisations without a social media policy, the Workplace Relations Commission (WRC) is likely to scrutinise the absence of a clear policy when determining whether a dismissal or disciplinary sanction related to social media conduct was fair under the Unfair Dismissals Acts 1977–2015. Employers who have imposed disciplinary sanctions for social media conduct in the absence of a published, communicated policy have had those sanctions set aside by the WRC.

Solicitors advising Irish employers on employment law compliance and HR managers implementing established standards governance frameworks regularly include a social media policy as a core document alongside the employee handbook, the disciplinary and grievance procedures, and the IT acceptable use policy. Solicitors advising Irish employers on HR compliance emphasise that a social media policy must be in place and communicated to employees before any disciplinary action for social media conduct can be fairly imposed, and that the WRC will examine whether the employee was aware of the policy when assessing the fairness of a dismissal or sanction.

Under the Unfair Dismissals Acts 1977–2015, a dismissal arising from an employee's social media conduct will only be fair if: (a) the employer had a clear, communicated social media policy identifying the conduct as potentially dismissible; (b) the employer followed fair procedures in accordance with the WRC Code of Practice on Grievance and Disciplinary Procedures (S.I. No. 146 of 2000), including notice of the allegations, the right to representation, and an opportunity to respond; and (c) the employer's response was proportionate to the conduct. The WRC has jurisdiction to hear unfair dismissals complaints from employees with at least one year of continuous service under the 1977 Act (reduced to six months for fixed-term employees in certain circumstances). Compensation awards can reach up to 104 weeks' remuneration under section 7(1)(c) of the Unfair Dismissals Act 1977.

A thorough Irish Social Media Policy should contain several essential provisions that address both the practical realities of social media use and the organisation's legal obligations.

The purpose and scope clause defines what is meant by 'social media' for the purposes of the policy (encompassing all social networking platforms, blogging platforms, messaging applications, and online forums), identifies the persons to whom the policy applies (all employees, contractors, agency workers, and directors), and explains why the policy is necessary.

The corporate social media use clause governs the use of the organisation's official social media accounts. It should specify who is authorised to post on behalf of the organisation, establish an approval process for corporate posts, require that all posts comply with the organisation's brand guidelines and values, and prohibit the posting of content that could constitute a breach of confidence, a misrepresentation, or a misleading commercial communication contrary to the Consumer Protection Act 2007.

The personal social media use clause addresses employees' use of their personal accounts, particularly where the employee identifies their employer in their profile or where posts could reasonably be connected to the organisation. The clause should confirm that employees are free to use social media in their personal lives but must: not disclose confidential information about the organisation, its clients, or its employees; not make statements that could damage the organisation's reputation; not make comments that could constitute defamation under the Defamation Act 2009; not post content that could constitute harassment or sexual harassment of colleagues in breach of the Employment Equality Acts 1998–2015; and not post content that could constitute an offence under the Criminal Justice (Incitement to Violence or Hatred and Hate Offences) Act 2024.

The confidentiality clause reinforces the employee's contractual obligation of confidence by specifying that confidential information — including client information, business strategies, financial data, and personal data about colleagues — must never be disclosed on social media, even on personal accounts and outside working hours.

The GDPR and data protection clause addresses the obligations that arise when employees process personal data through social media — including collecting personal data about customers or third parties, sharing photographs of individuals, or using social media for recruitment screening. The clause should confirm that all personal data processed through social media must comply with GDPR and the Data Protection Act 2018, and that the organisation's data protection policy applies.

The monitoring clause informs employees that the organisation may monitor social media to the extent permitted by GDPR and the Data Protection Commission (DPC) guidance on employee monitoring. The clause should specify the scope of any monitoring (for example, monitoring of corporate accounts only, or targeted monitoring where a specific concern has been identified), the legal basis for monitoring, and the consequences of monitoring revealing a breach of the policy.

The disciplinary consequences clause makes clear that breaches of the policy will be addressed through the organisation's disciplinary procedure, and that serious breaches — such as disclosing confidential client data, posting defamatory content, or harassing a colleague — may constitute gross misconduct warranting summary dismissal.

The policy should also include a complaints and escalation procedure, specifying how employees can report social media misconduct by colleagues, the steps the employer will take upon receiving a complaint, and the timeline for investigation. This procedure should align with the WRC Code of Practice on Grievance and Disciplinary Procedures (S.I. No. 146 of 2000) and the employer's existing disciplinary policy. Where a complaint involves potential criminal conduct — such as harassment under section 10 of the Non-Fatal Offences Against the Person Act 1997 or an offence under the Criminal Justice (Incitement to Violence or Hatred and Hate Offences) Act 2024 — the escalation procedure should address whether the matter is to be referred to An Garda Síochána alongside or instead of internal disciplinary action. The forms-legal.com Social Media Policy (Ireland) template covers the mandatory elements under Companies Act 2014.