Facing up to Facebook: A Guide for FE and HE (02 October 2013)

This document is available in the following formats: 

 Microsoft WordAdobe PDF  

 Microsoft Word

Adobe PDF


The shortened URL for this document is: http://jiscleg.al/FacinguptoFacebook

1. What's in this Guide?

2. Introduction: What is Facebook?

3. Overview

4. Safeguarding & e-Safety

5. Data Protection

6. Copyright and Sharing Other People's Stuff

7. Hosting Liability

8. Accessibility and the Equality Act 2010

9. Conclusion

10. Need to Know More

1. What's in this Guide? 

In this guide, you’ll find summaries of the key legal considerations of using Facebook in an FE and HE context.  Details on how to access further guidance can be found at the end.

2. Introduction: What is Facebook? 

Facebook is a social networking website that allows individuals to set up an online profile, add other users as friends, and exchange messages.  Users can post personal information, upload photographs, describe their interests, and link to other profiles and pages.  The choice to create a profile in a network means that those connected to that network can view that profile.  Users can search for friends by name, location, email or institution.

3. Overview

Many FE and HE institutions use the popularity of Facebook to engage with learners for educational purposes. This might include a tutor setting up a facebook group with learners.

If learners and staff are using Facebook via your institution’s computer networks, then it’s necessary to have a number of safeguards, procedures and support mechanisms in place.

You will also need to have procedures in place to handle incidents of unacceptable Facebook usage.  This could range from simple offensive behaviour to behaviour that is considered criminal in nature, such as racist abuse.

If a student or staff member experiences online abuse via Facebook, it is necessary to have support mechanisms in place to ensure that they receive the appropriate assistance.  It may be just a matter of ensuring that existing support mechanisms are alert to the nature of incidents that may result from Facebook, as well as ensuring that users are aware of the support available.

It is necessary for your institution to be able to handle such incidents quickly and efficiently.  It’s also worth bearing in mind that Facebook content can be removed quickly, so having a detailed understanding of the procedures for doing so is a necessary component of handling such incidents. 

4. Safeguarding & e-Safety

It is generally accepted that FE and HE institutions have a legal duty of care to their students and staff in their use of IT systems, in particular, internet and email facilities.  Essentially, this means that the college is required to not cause harm to learners where it is reasonably foreseeable. 

Best practice suggests that when considering using Facebook as a learning tool, colleges must carry out a risk assessment in order to detect foreseeable harm and decide what can reasonably be done to prevent it.  It’s worth bearing in mind that a higher standard of care will be expected when young or vulnerable learners are involved.

It’s very important that your institution has a comprehensive internet and email acceptable use policy (AUP) in place.  This should set out what usage is considered appropriate and acceptable.  This policy should be widely publicised to raise awareness of the conditions of use and copies should be made available to all users.  It is also important that the policy is enforced and its compliance monitored.

A good AUP policy and standard process for dealing with any inappropriate content (a take down policy - see the Hosting Liability section) will demonstrate your institution’s commitment to providing a safe environment for learners and staff.

Colleges should adopt a policy that is appropriate to how their own learners and staff actually make use of the institution’s technology.  See our resources on e-safety and hosting liability: www.jisclegal.ac.uk/eSafety.

Facebook set out their terms of use, including those relating to safety (section 3): www.facebook.com/terms.php.

E-safety & Facebook: Our Tips

  • Carry out a risk assessment for Facebook usage.
  • Establish an Acceptable Use Policy (AUP) for Facebook usage.
  • Establish a clear take down policy for inappropriate content.

· 5. Data Protection

Staff and learners may use blogs, wikis, and social networking sites to share personal information.  Where colleges play the role of facilitating or hosting these social media environments, they are under an increased obligation to safeguard the personal data that users post.  FE and HE institutions need to be aware of their obligations under the Data Protection Act 1998.  This means that personal data must be processed fairly and lawfully.

The act applies to all personal data relating to an identifiable living individual.  It includes data about an individual's race or ethnic origin, political opinion, religious beliefs, trade union membership, physical or mental health, sex life, criminal proceedings or convictions.  Even just identifying people online can breach data protection legislation.  If the information disclosed is sensitive personal data then the breach is likely to be considered especially serious.

For personal data that your university or college collects from learners and staff, the institution remains the data controller and responsible for data protection compliance.  If you engage an external provider to process personal data on your behalf, then they are the data processors and you should restrict them to processing in accordance with how you direct.  You must also ensure that they comply with your requirements - this is usually done by means of a data processor agreement.

For any personal data that an external service provider collects from your staff and learners, the provider is the data controller.  As such, you are not responsible for data protection compliance with regard to that data, rather, the provider is responsible.  However, it is recommended that because of the nature of the relationship between the institution and the learner or staff member, there is an obligation on the institution to make users aware of the risks associated with using social networking sites and making their private information available online.

IT support staff are central to implementing and maintaining a culture of compliance with regard to data protection and the privacy of individuals.  Security is a core responsibility.  It is when exercising this responsibility that possible breaches of data protection and privacy may be disclosed in the Facebook environment.

Social Networking as an Educational Tool

College staff may play a key role in implementing Social media learning and teaching platforms by means of social networking tools.  Issues can arise with regard to expectations of privacy.  Users may assume that the environment provides a higher level of privacy than is actually the case based on the default privacy settings.  “I thought it was a private group” is a common remark. 

For example, learning resource staff may choose to communicate with learners using Facebook, but some learners may not wish to sign up because they have privacy concerns.  There have also been incidents in which apparently technically aware learners have put home address details on their Facebook page and then disclosed that they will be going away on holiday.  If staff recommend that learners use these tools, they should make sure that learners are aware of how to protect their own privacy.  Learners should be aware of what they have signed up to, particularly with regard to how Facebook may use their data.

The onus is on your institution to inform learners of the risks and of the rights of the external service to hold and use their data. If a learner is uncomfortable with this, they should be offered alternatives.

Staff should acquaint themselves with the principles of fair and lawful processing of personal data.  They should also alert users to the risks of sharing personal data on social networking teaching platforms.

Data Protection & Facebook: Our Tips

  • Make sure staff are aware of the principles of fair and lawful processing of personal data.
  • Make learners aware of the risks of using Facebook.
  • Make learners aware of how to protect their privacy on Facebook.
  • Offer learners alternatives to using Facebook.

6. Copyright and Sharing Other People's Stuff

Facebook encourages contributions by users.  If employees, as part of their employment, contribute content on work related matters in their working hours, it is likely that under UK copyright law the content they contribute will belong to their employer. 

With a number of copyright owners, identification of individual authors may be a very important issue but at the same would prove to be difficult if their individual contributions are not distinct.  Therefore, it is recommended that these issues are addressed early on in the process of adopting Facebook as an educational tool.

Suggested techniques to help avoid copyright confusion include having a policy on copyright ownership from the outset.  This will make it clear to staff and learners who owns what in terms of intellectual property when material is jointly created.

Infringing other people’s copyright is also a risk with Facebook.  Publishing images and other content without the permission of the owner can be damaging.  Increasing awareness of the risks of copyright infringement for users should be part of the preparation for its use by learners and staff.

Copyright & Facebook: Our Tips

  • Establish a clear policy on copyright ownership from the outset.
  • Raise awareness amongst staff and learners about the risks of copyright infringement.

7. Hosting Liability


The essence of Social media is the ability of a user to publish and edit content.  Liability can arise for the posting of inaccurate, defamatory and copyright infringing content.  Risks can also arise for actions by staff or learners for bullying, harassment and stalking carried out through the medium of Facebook.

Inaccurate Information

Where colleges lack the resources to verify the accuracy or completeness of the information or to edit the content prior to uploading it, there is a risk that the content submitted is inaccurate or misleading.  The risks associated with inaccurate information include the possibility that the college could be held liable if users act based on the inaccurate information published.

Defamatory Content

Use of Facebook is usually on a non controlled basis - i.e. no editorial control is carried out before content is published.  UK defamation laws therefore will apply to the published content as will the “notice and take down" principle established and reaffirmed in UK case law.

Employers also recognise the value of blogs and increasingly encourage blogging (for example, for research or as a marketing tool) by their employees.  Similar situations at colleges could place them at risk of being held vicariously liable for the actions of their employees with regard to defaming statements made on the social networking platform. 

Defamation is, essentially, concerned with the publication of lies or untruths and a defamatory statement is one which lowers the claimant in the estimation of right thinking members of society. 

Where there is neither actual knowledge of the defamation nor awareness of any facts or circumstances from which an FE or HE institution could reasonably have been expected to be aware of it, and the institution has taken reasonable care in relation to publication of the statement in question, the institution is unlikely to be held liable.  Upon receipt of notice of a claimed defamation, the institution should, of course, remove the posting straight away pending an investigation.

Copyright Infringing Content

The same is largely true with regard to copyright infringing content.  If the institution could not reasonably be expected to be aware of the infringing content as it is being published and acts promptly to remove infringing content, then it is unlikely to be held liable.  This assumes that it has a culture of compliance with the law of copyright and engages in awareness raising and training with regard to the law of copyright for its users.

Bullying/Harassment/Stalking via Social Media Platforms

Social networking websites may increase instances of victimisation through their ease of sharing of comments, video and photographs.  As above, it is necessary to have appropriate practices and procedures in place to facilitate lawful use of the learning environment and provide support for those who are affected.  The Police may need to be informed and behaviour of this nature can be criminal offences and in England and Wales will be offences under the Harassment Act 1997 and in Scotland may be considered to be a Breach of the Peace under Common Law.

Notice and Take Down Procedure

It is important that an institution acts promptly when it becomes aware of a potential legal liability online.  It is important that those encouraging the use of Facebook in the learning environment, and, in particular, those exercising control over or moderating content, have a clear mechanism to alert the institution when a question of liability occurs.  See the information on our website on Hosting Liability: www.jisclegal.ac.uk/HostingLiability

The institution should, of course, remove the suspect content straight away pending an investigation.

Hosting Liability & Facebook: Our Tips

  • Encourage lawful use of Facebook in the learning environment by strictly enforcing appropriate use.
  • Have clear support procedures in place for victims of bullying, harassment or stalking.
  • Establish a clear notice and take down procedure for removing inappropriate content.

8. Accessibility and the Equality Act 2010

Since October 2010, institutions have been complying with The Equality Act 2010 with regard to disability discrimination.  The Act applies to FE and HE institutions as service providers, employers and educational service providers.  The law is framed in general terms and is not intended to prevent or place barriers in the way of innovative use of technology.  Reasonable adjustments should be made wherever possible to prevent substantial disadvantage.  The legislation reinforces the expectation and requirement that FE and HE institutions should be anticipatory and proactive in encouraging disabled persons to participate in tertiary education activities.  In general terms, this means that if Facebook is used to provide information, then wherever possible there should be accessible alternatives or workarounds offered to those who require them.  The learning tools may change but there is still the same requirement for accessibility.

Essentially, it is unlawful to discriminate against staff, learners and other users and visitors to a college or university because of a disability.  It is a specific requirement under the Equality Act 2010 that information is accessible to all users.

Furthermore, the general Public Sector Equality Duty requires that institutions have systems in place to promote compliance. 

Staff in all areas of your institution should be made aware of their obligations under the Act to promote and aid accessibility for all wherever possible.

Accessibility & Facebook: Our Tips

  • Make reasonable adjustments for learners with disabilities.
  • Make staff aware of their accessibility obligations.
  • Promote and aid accessibility throughout your institution.

· 9. Conclusion    

Facebook and social networking brings greater user control and ease of communication, however, this brings with it a corresponding increase in risk of infringement of copyright law or breach of data protection law.  It also raises issues in terms of liability and accessibility. 

It is important to remember that users are already required to use any new technology, including Facebook, appropriately.  They must comply with the JANET Acceptable Use Policy: www.ja.net/company/policies/aup.html.

Where learners and staff engage in non-curricular online activities using institutional computers, it is essential that such activities are compliant with the terms of the institution’s policy.  Any breaches should be responded to in line with the procedures outlined in the ‘Acceptable Use Policy’ of the institution.  This should be technology neutral and apply equally to the Facebook environment. 

We hope this guide on Facebook has been useful to you, information on how to access further guidance is available below.

10. Need to Know More?

We offer a range of guidance on the topics covered in this paper, as well as other legal areas.  Access it via our website at: www.jisclegal.ac.uk.

Need one-to-one guidance?

More questions?  We’re happy to provide you with one-to-one guidance - what’s more, it’s free.  If you need individual assistance on any of the legal areas discussed, please contact our Helpdesk via:

Email: info@jisclegal.ac.uk

Web form: www.jisclegal.ac.uk/Helpdesk

Phone: 0141 548 4939



















Posted on 02/10/2013

Jisc Legal has now closed, and this website is now archived.

Technology and the law support is now provided by Jisc.  Contact customerservices@jisc.ac.uk, or call 0203 006 6077.