The Article 29 Working Party says “in-employment screening” shouldn’t take place “on a generalised basis.”
Companies shouldn’t be allowed to inspect the Facebook and Twitter accounts of prospective job candidates, unless there is an appropriate “legal ground” for doing so, a European group dedicated to data protection has ruled. In a guidance “opinion” document, the Article 29 Working Party said employers should first consider whether the candidate’s account is meant for personal or business purposes. In addition, they should only reviews posts or “data” which is “relevant to the performance of the job which is being applied for.” Under no condition should companies force a potential employee to friend the recruiter or make their profile public.
The same rules apply to existing employees too. Companies shouldn’t force their workers to provide access to their social media posts. In addition, “screening of employees’ social media profiles should not take place on a generalised basis,” the group argues. Finally, the working party says employees shouldn’t be required to use a social media account created by their employee. If it’s required for work purposes, the employee should always have the right to set up an alternative, personal account and use it whenever they feel it’s appropriate. “And this should be specified in the terms and conditions of the employment contract,” the guidance reads.
The guidance serves as clarification for the General Data Protection Regulation (GDPR), a new set of laws that were passed in April and will take effect in May 2018. As The Telegraph reports, these rules will apply even after the United Kingdom has left the European Union. The “opinion” serves as a reminder, and a call for future participation by specifying exactly what’s expected of employers next year, and how the rules apply to new technology and modern workplace practices. The guidance is therefore structured as a series of scenarios whereby the interests of employers would need to be balanced by employees’ right to privacy.
Which all sounds great in theory, but enforcing the new rules could prove tricky. “All employers should be following these basic rules but, in practice, I’m not sure they do,” Peter Church, a technology specialist at law firm Linklaters told the BBC. “The GDPR might force employers to be a bit more diligent about compliance with the rules.”