Sean Nesbitt

Sean Nesbitt


Read More
Sean Nesbitt

Sean Nesbitt


Read More

2 October 2020

Cyberbullying: COVID and beyond

  • In-depth analysis

The COVID-19 crisis will lift sometime but surveys of workers indicate that there will be a long-term shift towards remote and flexible working.

Once employers have battened down the hatches with more secure IT and remote monitoring, they need to update policies and training for the enduring effects of the rebalancing. 

While "COVID fever" may account for some temporary cyberbullying issues, there are longer-term changes that employers should be alert to. They face increasing communitarian pressures, including the heightened debate around values and corporate behaviour occasioned by the #MeToo and #BlackLivesMatter movements. 

As corporations rely on or advertise their workers’ and consumers’ experiences and use their employee advocates as part of their brand strategy, there is a need to protect employees who make their voice heard from unwelcome responses.

Internal issues

"Only connect": E M Forster saw better communication as a universal panacea. However, the increase in technology has given rise to new ways to be misunderstood and more ways for employees to gather evidence in support of their claims. This compounds the difficulties in differentiating "bullying" from ordinary (albeit uncomfortable) interactions.

Potential for misunderstandings 

An example that we have advised on is a female employee who raised a grievance that her male manager was publicly dismissive of her input in video team meetings. She produced screenshots of a call appearing to show her manager raising his eyebrows, rolling his eyes and looking away. 

While the stills were ambiguous, they were enough to merit a detailed investigation into the manager’s conduct during the meeting, as well as analysis of emails and other interactions.

The manager’s evidence was that some of the conduct was not in response to the claimant but related to the functions of the technology – the laptop’s video cameras were at the bottom left of the screen, which automatically tended to make a person look unengaged.

Facial expressions were not in response to the conference itself but to disappointing messages that the manager was simultaneously accessing via WhatsApp relating to a customer negotiation.

Retained online communications

Other, sometimes historic, examples of alleged online or cyber harassment have come to light as a result of the restructuring measures many businesses have been considering. 

Many employment lawyers are reporting an increase in grievances or appeals arising during or pre-empting redundancy discussions, in which the employee refers to patterns of behaviour which may indicate discrimination by managers.

This behaviour, they claim, indicates conscious or unconscious bias in selecting them for redundancy or the creation of an environment which is inherently hostile to people with different characteristics. 

Employee submissions of this kind often rely on retained social media communications, including WhatsApp, Slack or other social channels. Evidence may be one-sided, as other employees may deny the employer access to their personal social media. 

Cyber revenge 

A third area of harassment occurs when employees face retaliation from current or former colleagues for disciplining them or acting as a witness against them. Cyberstalking, doxing (publishing private information about someone online) and other online revenge taken by former colleagues can give rise to serious concerns.

In one case we have dealt with, a former colleague has, over a 10-year period, disclosed an employee’s personal details and details about their children, made allegations about sexual behaviour, fraud and so on, and encouraged assault in exchange for a reward. 

Less extreme forms of bullying – tending to harassment within the definition of the Protection from Harassment Act 1997 – can occur through repeated or overt recording.

Phoenix House Ltd v Stockman (No 2) [2019] indicated that covert recording is not necessarily misconduct. In our view, repeated unwanted overt recording and documentation of behaviour usually is.

Third-party bullying and campaigning

Other behaviour that may require employers to step in and protect their employees include "Zoom bombing" – seemingly one-off intrusions into team training by people launching pornography or other hate content.

In addition, employers may need to address values-based campaigning. An early example is the campaign by animal rights activists against Huntingdon Life Sciences, which contributed to the passing of the 1997 Act.

Businesses can become caught up in intense social media comment on controversial topics, which can result in a need for workplace intervention. For example, cyber campaigning relating to the transgender debate is reported to have sparked an "internal war" between employees at JK Rowling’s publishers.

Especially when businesses take public positions on sensitive areas, or work in environmentally or socially sensitive sectors such as energy or armaments, employees can be vulnerable to attack. But even day-to-day dealings, such as decisions made by recruiters, can expose them to unwelcome third-party conduct.

The tech of public opinion 

While technology can compound harassment risk, it is neutral and there is a counterbalance in the use of technological tools for redress.

An example of cyber activism arose in the #Googlewalkout campaign, in which the company’s workers organised digitally to protest about the handling of alleged sexual misconduct. Online networks such as Organise enable employees to launch a petition about alleged harassment by managers. At Ted Baker, the founder and chief executive was the subject of such a petition, which gave rise to a significant corporate investigation.

If employers do not allow voices to be raised and enable digital activism to be channelled internally, the first they hear about such allegations may be when they have already gone public. They may also be liable for the circulation of unfounded allegations against their employees through such channels (even though they do not condone them), if they do not seek to correct those allegations. 

Platforms are available, such as Vault, which allow employees to lodge evidence and report misconduct to their employer, anonymously if they wish, through an app.

Duties to protect 

There is no law against "bullying" as such, nor a definition of it. Businesses’ liabilities need to be pieced together from various sources and can differ depending on who is being harassed (employees, workers or independent contractors).

Health and safety

Businesses must protect the health and safety of all work-doers, including independent contractors. Breach of this duty can entitle people to bring a claim for negligence if they suffer anxiety or distress.

It may also allow them to build a claim for constructive dismissal or fundamental breach of either the express contractual duty to provide for health and safety or the common law duty of care.

However, proving the harm suffered and causation will usually be challenging, and for an individual this is in practice one of the least likely avenues for redress.

Duty of mutual trust and confidence and breach of contract  

A less universal group of rights, but probably more useful, comes under implied or expressed contractual terms.

Breach of any implied term is harder to establish for independent contractors and workers, and the duty of mutual trust and confidence only belongs to the employment contract. The individual must resign to bring a claim, so this is likely to be an argument of last resort. 

However, the person can at least threaten to use this right following cyberbullying by an employee or a third party, even though the law on direct liability for third-party harassment has been significantly scaled back (see below). 

Once an employer is on notice that a person has been acting unconscionably towards one of their employees and there are means reasonably within the employer’s grasp to limit that occurring, they could be liable if they fail to use those means. 

For example, common sense (and the law) dictate that an employer is not liable for unpredicted Zoom bombers. However, it should know that the problem exists, so failure to take the necessary technical measures should give rise to liability in relation to vulnerable colleagues. 

Unlawful discrimination and victimisation

An employee or worker could argue that their treatment arises from their inherent characteristics. With third-party harassment, this is especially likely to happen in industries involving a degree of personal proximity such as hospitality and social or medical care. 

However, online posts and remote work conduct are just as capable of generating a claim. It can be relatively easy to prove direct sexual harassment or adverse treatment on the grounds of protected characteristics thanks to remote working technology and the expansive tests of what is "in the course of their employment".


If a person has alleged that an unlawful act has occurred and they are then subject to a detriment as a result, for example having raised a grievance or informal complaint, an enhanced award for unfair dismissal may be available.

However, just because behaviour arises in public over video or social media, this does not mean that there is a public interest aspect giving the subject whistleblowing protection. 

On the other hand, there is demonstrably an enhanced public interest in diversity and inclusion given their increasing importance to consumers and regulators (such as the Financial Conduct Authority).

Protection from Harassment Act 1997 

This is an area where civil (and criminal) sanctions are increasingly deployed in the employment context. In brief, where there is a course of conduct which amounts to harassment and the defendant knew or ought to have known that it was harassment, the victim can obtain injunctions and damages.

The "course of conduct" must involve at least two incidents and "harassment" must include alarming or causing distress. An individual can bring proceedings in the High Court without involving police at all.

However, as set out in Majrowski v Guy’s and St Thomas’ NHS Trust [2006], the relevant conduct must "… cross the boundary from the regrettable to the unacceptable, to such an extent that it would sustain criminal liability."

The courts will look for persistent and deliberate conduct which is unreasonable and oppressive, targeted at an individual and calculated to and does cause them alarm, fear or distress (Hayes v Willoughby [2013]). 

Employees may find the cost of claims off-putting. This is where an employer can come in, especially given its health and safety and implied contractual duties. 

It may be appropriate for the employer to sponsor or bring proceedings on behalf of the individual under this Act, as happened in Monarch Airlines Ltd v Yaqub [2016]. Here, the airline got an injunction against a former member of its flight crew who wrote intimidating, offensive and frightening emails and Facebook posts after his unfair dismissal claim failed.

Employers can also bring claims under s1(1A) of the 1997 Act when a wrongdoer harasses two or more people (such as their employees or contractors) to put pressure on the employer. 

This was explained in Merlin Entertainments LPC v Cave [2014] at paras 24 to 35, although in this case the acts of a third party complaining about safety standards did not amount to harassment.

Depending on the conduct’s nature and severity, it may be possible to involve the police since harassment is also a criminal offence. In the early years of the 1997 Act, it could often be difficult to use this route successfully.

However, more recent Twittersphere controversies have resulted in police awareness of their powers, which are enhanced by the Malicious Communications Act 1998 and the Communications Act 2003. Especially where the business is dealing with brand advocates and a high volume of hate mail, it may be worth seeking to engage the police on these options.

Identifying unknown cyberbullies

Where the identities of those who are targeting employees are unknown, it is also possible to obtain an injunction using a Norwich Pharmacal order. This allows the claimant to obtain details from internet service providers which may enable them to identify the wrongdoers.

Many internet service providers have established procedures to deal with such claims and injunctions can be obtained against persons unknown in extreme cases (see Canada Goose v Persons Unknown [2019]).

Legal limits of liability for third-party harassment

In one area, employers’ liability for harassment has been reduced, although this is under review. Since the repeal in 2013 of the relevant provision of the Equality Act 2010, there is nothing in UK law that imposes direct liability on an employer for third-party harassment on the ground of a protected characteristic. 

Now, employers will only be liable if they failed to act on third-party harassment because of their own discriminatory motivation (Unite the Union v Nailard [2018] and Bessong v Pennine Care NHS Trust [2018]). 

In the wake of the #MeToo activism and the Presidents Club scandal, the Government Equalities Office has responded with a consultation on sexual harassment in the workplace.

It is possible that legislation will emerge reintroducing a statutory obligation to prevent third-party harassment, with fines for those who do not comply. This could build on other "failure to prevent" legislation (for example, on tax evasion).

That said, there has been some resistance from policymakers to imposing increased liability on employers. And whether the legislative timetable post-Brexit allows for these measures remains to be seen.

What can employers do?

Whatever the uncertainties of future legislation, there are good commercial and legal reasons for reviewing current tools to combat cyberbullying now. Failing to put prevention measures in place could stymie any move to remote working, damage the business’s brand and result in costly litigation.

Cyberbullying prevention measures

  • Review discrimination and inclusion policies to ensure there are references to cyberbullying and the behaviour of third parties.
  • Check employee helpline and protected disclosure channels to ensure they cover third-party conduct or conduct of suppliers and contractors.
  • Review working from home, mobile device and privacy policies and notifications to ensure that employees understand what is permitted, monitored and accessible. We have seen an increase in covert recordings which, whatever the motivation, may give rise to a battle of rights.
  • Train managers on supervision, investigation procedures and recognising potential flashpoints.
  • Train all staff on IT and privacy awareness, including settings for video conferencing and social channels.
  • Prepare crisis plans for privacy leaks, social or media campaigning and reputation management.
  • Consider commercial regulation of liability, for example in supplier, contractor and franchisee terms (it has been reported that a McDonalds franchise is currently facing action from an employee). These terms can be a good way to provide commercial remedies and security against brand damage through the behaviour of third parties.

This article first appeared in the October 2020 edition of The Employment Law Journal.

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.


Related Insights

People sat down on chairs waiting
Employment, pensions & mobility

Work/Life: international employment news update

13 January 2022

by Sean Nesbitt and Marc André Gimmy

Click here to find out more
Discussing diagram working together
Employment, pensions & mobility

Work/Life: international employment news update

16 December 2021

by Sean Nesbitt and Marc André Gimmy

Click here to find out more
People sat down on chairs waiting
Employment, pensions & mobility

Work/Life: international employment news update

2 December 2021

by Sean Nesbitt and Marc André Gimmy

Click here to find out more