No dance moves at work
It was the US that took the lead a while ago, quickly followed by the European Commission and other European institutions among others: the TikTok application will be banned on employees' professional devices.
Meanwhile, Belgian authorities have also decided to ban their staff from installing TikTok on devices used for professional purposes.
The underlying reason is clear. Fear of cyber attacks by the popular media platform's Chinese parent company is causing organizations to preemptively ban the use of the application.
But can an employer ban TikTok at work?
The answer is clear: yes.
As the owner of the work equipment he provides to his employees, such as a laptop or a smartphone, the employer is free to dispose of his property. In other words, he has the right to set rules on the use of professional equipment. He may also subsequently check whether an employee complies with these rules, obviously respecting the right to privacy and the GDPR.
So an employer can perfectly stipulate that an employee cannot install certain applications such as TikTok on a professional phone, it can block access to certain social media sites or restrict access to e.g. breaks.
It is advisable to provide these rules with a legal source, preferably in a (unilateral) policy for reasons of flexibility. In addition, such policies can e.g. include rules on how employees deal with the use of authorized social media (e.g. how to deal with customers on social media? Are employees allowed to post messages about or on behalf of the company? How is the company described on e.g. a Linkedin or Instagram profile?). For employees who have to use social media as part of their job, more concrete instructions are needed, as it is part of the execution of the employment contract. Monitoring and sanctioning rules should also be described. A standard clause that the employee remains liable for using social media in violation of the policy is highly recommended.
That policy should then be made available to employees, e.g. by posting it on the intranet, and best the employee is also informed via e.g. an information session.
Of course, these rules cannot be mandatory when it comes to an employee's private phone, with which he can access company information. In that case, the main issue will be to inform and sensitize the employee about the dangers of using certain applications or simply not allowing access to company information.