I get this question all the time.
“Can I check my VA’s Facebook to make sure they’re actually working?”
The short answer is no. The longer answer is more complicated.
But here’s the thing most people don’t realize: when you hire Filipino VAs, you’re subject to Philippine privacy law. Even if your business is in the US, Canada, Australia, or anywhere else.
And Philippine privacy law takes this stuff seriously.
Why this matters more than you think
The Philippines Data Privacy Act is strict about monitoring social media.
NPC Advisory Opinion 2025-0101 clarifies that any collection of personal data from social platforms requires a legitimate business purpose.
Screenshots of employee posts. Saved messages. Tracked group memberships. All of it counts as personal data processing under Philippine law.
For remote teams, the lines get blurry fast.
A Slack channel for project updates clearly falls under work territory. Your VA’s personal Instagram story from the weekend is not.
The gray zone appears when work discussions happen in personal message threads. Or when team members connect on Facebook groups that mix professional networking with casual conversation.
Let me break down what you can and can’t do.
Four types of social media activity you can legally monitor
Company owned social media accounts
You have broad rights to monitor accounts you create and provide for business purposes.
Company Facebook Business Pages. Branded Instagram accounts. LinkedIn company pages. Twitter handles used exclusively for client communication.
These accounts belong to your business. Content posted, messages sent, engagement metrics. All fair game for monitoring.
You can review posts before they go live. Check response times. Track how team members interact with followers.
This makes sense, right? It’s your business account.
Publicly posted content about your business
Any content your team posts publicly about your business, products, or services can be monitored.
This includes reviews, mentions, testimonials, or public comments about work projects. Even if posted from personal accounts.
The key word is “public.”
If someone can see it without logging in, without being approved as a friend, or without special access, you can monitor it.
Professional profiles during the hiring process
During the hiring process, you can review publicly available professional profiles.
LinkedIn profiles. Public portfolio posts on Instagram or Behance. Business pages or professional Facebook profiles. Any content specifically shared as part of job applications.
This screening must be limited to professional qualifications.
You’re checking work history and skills. Not digging into the applicant’s personal life.
Company device usage during work hours
If you provide devices for work, you can monitor how those devices are used during paid work hours.
Time spent on social media platforms during work time. Productivity patterns. Whether work tasks are being completed.
However, this monitoring should focus on productivity metrics.
Focus on whether deliverables are getting done, not what apps are open. Track completed tasks and submitted work rather than minute-by-minute activity.
Not reading private messages. Not viewing personal content.
What you cannot legally monitor
Personal Facebook profiles. Private Instagram accounts. Personal Twitter handles. TikTok accounts used for personal expression.
These are off-limits.
You cannot require access to these accounts. You cannot demand passwords or login credentials.
Period.
Personal beliefs and opinions
Unless directly related to job performance or business reputation, you cannot monitor or take action based on personal beliefs expressed on social media.
Political opinions. Religious views. Social causes supported. Personal lifestyle choices.
All protected.
Private messages
Private direct messages between team members, even on work platforms, are usually off limits.
Your Slack plan might allow message exports. But that doesn’t mean you should routinely read private conversations.
There’s a difference between “can” and “should.”
Personal devices
You cannot monitor personal phones, laptops, or tablets that team members own.
Even if they sometimes use them for work.
Their device, their privacy.
How to write a social media policy that actually works
Your social media policy needs to meet specific legal requirements under the Philippines Data Privacy Act.
Here’s what to include.
List exactly what you’ll monitor
Specify platforms. Slack, company Facebook page, branded Instagram.
Specify types of activity. Response times, public mentions, project updates.
Specify business justifications for each.
Notify workers before monitoring begins
The Data Privacy Act requires informing workers when you’re processing their personal data.
You can’t start monitoring and then tell them later. It doesn’t work that way.
Tell them upfront what you’re monitoring and why.
Separate work and personal accounts
Provide dedicated accounts for social media management duties.
Team collaboration tools should stay separate from personal messaging apps.
Make it easy for your VAs to keep work and personal separate. Don’t blur those lines.
Ensure monitoring serves a legitimate business need
The National Privacy Commission requires that any monitoring be necessary, proportionate, and transparent.
“I want to make sure they’re working” isn’t a legitimate business need for reading someone’s personal Facebook messages.
Tracking response times on your company’s customer support Twitter account is.
See the difference?
How to handle issues you find through social media
Sometimes legitimate monitoring does reveal problems.
A VA posts confidential information publicly. Team members sharing negative comments about your business. Discovering that reported work hours don’t match actual activity.
Here’s what to do.
Document everything immediately
Take screenshots with timestamps. Save URLs. Record context about how you discovered the information.
If you need to take action, you need documentation that shows you discovered this through legitimate monitoring.
Understand the consequences of getting it wrong
The National Privacy Commission can investigate complaints from workers who believe their privacy was violated.
Penalties for Data Privacy Act violations include temporary suspension of data processing operations and significant fines.
This isn’t theoretical. They enforce this stuff.
Why you need to follow both Philippine and your local privacy laws
When you hire Filipino VAs, you become subject to Philippine privacy law.
Regardless of where your business is located.
But you’re also bound by privacy laws in your own country.
U.S.-based employers face a complex patchwork of state privacy laws. California, Virginia, Colorado, and Connecticut have enacted comprehensive privacy statutes with specific requirements for workplace monitoring.
Privacy developments for 2025 show more states enacting similar legislation.
The practical reality
Follow whichever law is strictest.
Build your policy around the most restrictive standards. This protects you from violations across all applicable jurisdictions.
Yes, it’s more work upfront. But it’s way less work than dealing with legal problems later.
Building trust through clear boundaries
Look, I get it.
You’re hiring someone you’ve never met in person. They’re working from another country. You want to make sure they’re actually doing the work.
But social media stalking isn’t the answer.
Social media monitoring works best with proper policies, clear boundaries, and respect for privacy rights.
Done right, it’s just another tool for managing remote teams effectively.
Done wrong, it creates legal liability, damages trust, and makes remote work relationships unsustainable.
The VAs who do great work? They’re not the ones you need to worry about monitoring.
And the ones who don’t do great work? You’ll figure that out through their actual output, not their Facebook posts.
Build privacy-respecting policies now rather than dealing with compliance problems later.
For remote teams working across borders, getting this right isn’t optional.
Frequently Asked Questions
Can I monitor my Filipino VA’s personal Facebook or Instagram account?
No. Personal social media accounts are protected under the Philippines Data Privacy Act, GDPR, and most international privacy laws. You can only monitor company-owned accounts you provide for business purposes and publicly posted content about your business.
What social media activity can I legally track for remote Filipino workers?
You can monitor company-owned social media accounts (business Facebook pages, branded Instagram), public work-related posts about your business, work communication platforms like Slack or Teams, and company device usage during work hours.
Do I need to follow Philippine privacy laws if I’m based in the US or Europe?
Yes. When you hire Filipino VAs, the Philippines Data Privacy Act applies regardless of where your business is located because your workers process data from the Philippines. You must also comply with privacy laws in your own country.